luks v1- sha1-aes-xts_p64 - only mode 14600 ? (is this correct?)
#1
Im trying to crack an older 500mb luks partition i made many years ago (~2017) -  First are my 2x questions,  below that are the relevant details / info.

2x questions:
 1- Even though  Luks v1 /  SHA-1 / AES / XTS_Plain64  - does NOT seem to be covered by any modes of:  -m 29511 through -m 29543 ,  will -m 14600 still work ? (assuming the correct passphrase gets tried, ofcourse)

 2- what is the relevance of  Luks v1 /  SHA-1 / AES / XTS_Plain64  -  NOT being covered by one of the 29511 through 29543 modes?  (are those faster modes vs 14600 ?  what is the advantage of ever using -m 29511  vs -m 14600  if i were to have a VALID  "29511 - LUKS v1 SHA-1 + AES" supported hash?

NB: based upon the sample hash for Mode 29511 ,  cbc-plain64  is expected vs my hash which used XTS_Plain64  
   from:   https://hashcat.net/misc/example_hashes/...64_128.txt
   via:    https://hashcat.net/wiki/doku.php?id=example_hashes


My details:
---
ID luks partition/device (just confirmation):
  blkid -t TYPE=crypto_LUKS -o device
        /dev/sdc1 

I extracted the luks v1 header:
   dd if=/dev/sdc1 bs=1 count=2066432 of=luksHeader.dd

Verify my header extract is valid:
Code:
cryptsetup luksDump ./luksHeader.dd
LUKS header information for ./luksHeader.dd

Version:        1
Cipher name:    aes
Cipher mode:    xts-plain64
Hash spec:      sha1
Payload offset: 4096
MK bits:        256
MK digest:      d9 a3 5b c8 7a bc 00 dd 19 4a 28 27 6c b8 44 a8 14 68 80 a5
MK salt:        fe ec 4e f6 53 14 48 06 c7 e6 9f 8e 46 df fd 29
                d8 a9 45 8a 46 75 d4 88 93 43 6b fc 2e 10 f9 43
MK iterations:  63625
UUID:          88bcb795-e366-4dda-9998-fbf6b5fd0c84

Key Slot 0: ENABLED
        Iterations:            250000
        Salt:                  3e f2 a9 79 d4 52 e8 36 39 3e 79 20 90 5d f8 b5
                                3c 87 0e 35 cf 6b 12 3f 6a 4c 85 91 b4 5f 04 2f
        Key material offset:    8
        AF stripes:            4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED

Convert the header to a hashcat Hast file:

   python3.6 luks2hashcat.py luksHeader.dd > out.hash

(nb;  for luk2hashcat.py  to execute:  i first had to run/install  :  pip install dataclasses        OR    pip3 install dataclasses    else i would get:  ModuleNotFoundError: No module named 'dataclasses'  )

cat out.hash:
  $luks$1$Hash.SHA1$Cipher.AES$Mode.XTS_PLAIN64$256$250000$3ef2a97..................

readable:    Luks v1   /    SHA-1   /    AES   /  XTS_Plain64


Mode 29511 will fail as it does not support XTS_PLAIN64:

  hashcat -O -S -m 29511 -a 0 -w 3 -r blah.rule out.hash MYwordlist.txt

Code:
[2023-03-25 18:53:55]  Counting lines in out.hash Please be patient...
Counted lines in out.hash
[b]Hashfile ' out.hash ' on line 1 ($luks$...76074b9aa95bee61f69f5c23cbcf7471): Signature unmatched[/b]
[2023-03-25 18:53:55]  Parsing Hashes: 0/1 (0.00%)...
No hashes loaded.


This does not fail / nor throw an error (however i have yet to crack it so far):
  hashcat -O -S -m 14600 -a 0 -w 3 -r blah.rule luksHeader.dd MYwordlist.txt

or this also does not fail / nor throw an error:
  hashcat -O -S -m 14600 -a 0 -w 3 -r blah.rule out.hash MYwordlist.txt


thanks for the help and your time.

 ( Great reference links for others / future):
https://hashcat.net/forum/thread-6225-po...l#pid33187
https://diverto.github.io/2019/11/18/Cra...assphrases
Reply


Messages In This Thread
luks v1- sha1-aes-xts_p64 - only mode 14600 ? (is this correct?) - by hashcatUser94712 - 03-26-2023, 07:31 PM