Today, 07:56 AM
(Yesterday, 08:14 PM)alain Wrote: I have extracted the header using these commands in Powershell:
$header = New-Object byte[] 512
[IO.File]::OpenRead("nameofcontainer.hc").Read($header, 0, 512) | Out-Null
[IO.File]::WriteAllBytes("header.bin", $header)
Is this correct? Or the position of the hidden header is elsewhere?
In hashcat there's a tools folder. It contains veracrypt2hashcat.py. Run that with the "hidden" option.
That will give you an actual hash you can work with in modules 294**
The header you need for the hidden container is located at a different offset from the outer container, which is what you extracted with your command.