01-04-2018, 07:26 PM
Hello everyone, I am on the verge of losing 20years worth of data, since I set this system up 2 months ago and was still populating it, so there's no backup in place. Here goes...
... mistakes were made and I did not properly secure the passphrase on my self-built NAS. The data sits in a LUKS encrypted Raid 5 volume on an openmediavault system (a debian derived distro) and I'm pretty sure I used a combination of some passwords, so a dictionary attack is feasible.
Here's what I tried: I extracted the header using dd to crunch it using hashcat on my dual GPU workstation. The password wasn't found. To make sure the problem is not related to my config, I then recreated the whole setup inside a VM, encrypted a raid5 of virtual drives with LUKS using "password", and extracted the header file as well. I then verified the header file using cryptsetup and fed it the dictionary file which included the password. But it seems hashcat can't find it.
Here's how I saved the header:
Here's the output of cryptsetup to check the header:
And here's the output of hashcat
I would sincerely appreciate any pointers in the right direction.
... mistakes were made and I did not properly secure the passphrase on my self-built NAS. The data sits in a LUKS encrypted Raid 5 volume on an openmediavault system (a debian derived distro) and I'm pretty sure I used a combination of some passwords, so a dictionary attack is feasible.
Here's what I tried: I extracted the header using dd to crunch it using hashcat on my dual GPU workstation. The password wasn't found. To make sure the problem is not related to my config, I then recreated the whole setup inside a VM, encrypted a raid5 of virtual drives with LUKS using "password", and extracted the header file as well. I then verified the header file using cryptsetup and fed it the dictionary file which included the password. But it seems hashcat can't find it.
Here's how I saved the header:
Code:
root@openmediavault-test:/# dd if=/dev/md0 of=_luks4.luks bs=512 count=4097
4097+0 records in
4097+0 records out
2097664 bytes (2.1 MB) copied, 0.0180822 s, 116 MB/sHere's the output of cryptsetup to check the header:
Code:
root@openmediavault-test:/# cryptsetup luksDump _luks4.luks
LUKS header information for _luks4.luks
Version: 1
Cipher name: aes
Cipher mode: xts-plain64
Hash spec: sha1
Payload offset: 4096
MK bits: 256
MK digest: 05 d4 9d b2 4e f4 6a 8e ee 64 90 46 5c b8 d6 9b 8d 7c cb 92
MK salt: 97 27 2c 7e e6 9c 04 73 ba 71 bc a6 52 47 66 e6
d8 1f c3 33 bb 07 fd a0 b9 39 a2 57 78 f9 02 5d
MK iterations: 202500
UUID: 529a9141-98b4-465b-a52c-c19fef1dea31
Key Slot 0: ENABLED
Iterations: 815286
Salt: f0 80 96 e3 a8 57 fa 04 ba f7 fd 55 15 40 ba 65
b9 96 44 4d 6c 2f a4 4d 87 1d 1e bd a7 3c 77 fc
Key material offset: 8
AF stripes: 4000
Key Slot 1: DISABLED
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLEDAnd here's the output of hashcat
Code:
C:\Users\omega\Desktop\hashcat-4.0.1>hashcat64.exe -a 0 -m 14600 _luks4.luks _luks.dict
hashcat (v4.0.1) starting...
* Device #1: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
* Device #2: WARNING! Kernel exec timeout is not disabled.
This may cause "CL_OUT_OF_RESOURCES" or related errors.
To disable the timeout, see: https://hashcat.net/q/timeoutpatch
OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 1080 Ti, 2816/11264 MB allocatable, 28MCU
* Device #2: GeForce GTX 1080 Ti, 2816/11264 MB allocatable, 28MCU
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1
Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Slow-Hash-SIMD-LOOP
Password length minimum: 0
Password length maximum: 256
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 75c
Dictionary cache built:
* Filename..: _luks.dict
* Passwords.: 1
* Bytes.....: 9
* Keyspace..: 1
* Runtime...: 0 secs
The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework
Approaching final keyspace - workload adjusted.
Cracking performance lower than expected?
* Append -w 3 to the commandline.
This can cause your screen to lag.
* Update your OpenCL runtime / driver the right way:
https://hashcat.net/faq/wrongdriver
* Create more work items to make use of your parallelization power:
https://hashcat.net/faq/morework
Session..........: hashcat
Status...........: Exhausted
Hash.Type........: LUKS
Hash.Target......: _luks4.luks
Time.Started.....: Thu Jan 04 17:45:29 2018 (6 secs)
Time.Estimated...: Thu Jan 04 17:45:35 2018 (0 secs)
Guess.Base.......: File (_luks.dict)
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....: 0 H/s (0.35ms)
Speed.Dev.#2.....: 0 H/s (0.39ms)
Speed.Dev.#*.....: 0 H/s
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 1/1 (100.00%)
Rejected.........: 0/1 (0.00%)
Restore.Point....: 0/1 (0.00%)
Candidates.#1....: password -> password
Candidates.#2....: [Copying]
HWMon.Dev.#1.....: Temp: 37c Fan: 33% Util: 75% Core:1961MHz Mem:5005MHz Bus:16
HWMon.Dev.#2.....: Temp: 43c Fan: 33% Util: 0% Core:1569MHz Mem:5005MHz Bus:16
Started: Thu Jan 04 17:45:17 2018
Stopped: Thu Jan 04 17:45:37 2018
C:\Users\omega\Desktop\hashcat-4.0.1>pauseI would sincerely appreciate any pointers in the right direction.