Hi,
I want to crack a VeraCrypt system drive password but haven't had any luck so far. I read some threads; this one for example was very helpful. But it doesn’t work on my case.
For testing purposes, I took a Windows 7 VM (VMware Workstation 17 Player), installed VeraCrypt 1.25.9 and encrypted the system partition (normal, not hidden) with a simple password "9988". A screenshot from VeraCrypt of the volume properties is attached. The system drive has MBR as partition style and two partitions on it: a 136 MB system reserved partition and the windows partition.
Now I mounted a The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux ISO file to this virtual machine and booted the VM with The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux. I created a small script to get sector 0 and 62 from the encrypted disk and its partitions, as well as running hashcat (version 6.2.6) with several VeraCrypt methods:
However, no method solved the mystery. Another noticeable thing is that hashcat always ends with the exit code 255 for the VeraCrypt methods 294XY.
What do I wrong? Are the extracted hashes from the right position of the disk? (I have them attached also]) Or am I doing something other wrong with the hashcat parameters?
many thanks in advance
I want to crack a VeraCrypt system drive password but haven't had any luck so far. I read some threads; this one for example was very helpful. But it doesn’t work on my case.
For testing purposes, I took a Windows 7 VM (VMware Workstation 17 Player), installed VeraCrypt 1.25.9 and encrypted the system partition (normal, not hidden) with a simple password "9988". A screenshot from VeraCrypt of the volume properties is attached. The system drive has MBR as partition style and two partitions on it: a 136 MB system reserved partition and the windows partition.
Now I mounted a The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux ISO file to this virtual machine and booted the VM with The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux. I created a small script to get sector 0 and 62 from the encrypted disk and its partitions, as well as running hashcat (version 6.2.6) with several VeraCrypt methods:
Code:
#!/bin/bash
for s in 0 62
do
sudo dd if=/dev/sda of=vc_hash_disk__sector$s skip=$(($s * 512)) bs=512 count=1
sudo dd if=/dev/sda1 of=vc_hash_part1_sector$s skip=$(($s * 512)) bs=512 count=1
sudo dd if=/dev/sda2 of=vc_hash_part2_sector$s skip=$(($s * 512)) bs=512 count=1
done
echo "exit codes: https://github.com/hashcat/hashcat/blob/master/docs/status_codes.txt" > hashcat_verycrypt.log
for h in $(ls vc_hash_*) ; do
for p in 137 294 ; do # 137=legacy 294=new
for x in 5 6 ; do # 2=PBKDF2-HMAC-SHA512, 5=PBKDF2-HMAC-SHA256, 6=PBKDF2-HMAC-SHA256 + boot-mode
for y in 1 2 3 ; do # 1=XTS 512 bit, 2=XTS 1024 bit, 3=XTS 1536 bit
hashcat -m $p$x$y -w 4 -a 3 -o cracked_$h_$p$x$y.txt $h 99?d8
exitcode=$?
echo "$(date -Iseconds) $h, -m $p$x$y -- exit code $exitcode" >> hashcat_verycrypt.log
done
done
done
done
ls cracked*However, no method solved the mystery. Another noticeable thing is that hashcat always ends with the exit code 255 for the VeraCrypt methods 294XY.
What do I wrong? Are the extracted hashes from the right position of the disk? (I have them attached also]) Or am I doing something other wrong with the hashcat parameters?
many thanks in advance