hashcat Forum Support hashcat v
TrueCrypt - Can I supply the encrypted container file on the command line?

Linear Mode
TrueCrypt - Can I supply the encrypted container file on the command line?
4Str4yC4t Offline
Junior Member
**
Posts: 7
Threads: 3
Joined: Jan 2022
#5
02-04-2022, 03:40 PM (This post was last modified: 02-04-2022, 04:05 PM by 4Str4yC4t.)
(02-04-2022, 03:24 PM)Snoopy Wrote: i made a test setup, generating a little veracrypt container vc-1234 of just 1mb, all settings standard, pw is 1234

Code:
hashcat -m 13721 -S -O -a3 vc-1234 ?d?d?d?d
RESULT

vc-1234:1234
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 13721 (VeraCrypt SHA512 + XTS 512 bit)
Hash.Target......: vc-1234

Code:
hashcat -m 13723 -S -O -a3 vc-1234 ?d?d?d?d
RESULT
vc-1234:1234
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 13723 (VeraCrypt SHA512 + XTS 1536 bit)
Hash.Target......: vc-1234

so yeah, higher mode also succesfully decrypts lower ones AND hashcat accepts the full container (i assume it just reads the first 512 bytes) but i wouldnt take a bet that this also works with containers with some hundrets of gigabytes

you can try it for yourself, file https://ufile.io/9t7lz9v8

are we talking about a TRUECRYPT or VERACRYPT Container?

For Veracrypt Sha512 XTS 512 seems the default, the latest truecrypt 7.1a was using rimpemd-160 XTS 512

Ah, the student schools the master. then hashcat "does" accept the actual container as command-line input for getting the hash? Nice. That might be made more explicit somewhere in the --help screens or just added to the official FAQ.
My containers are 25GB in size so that I can burn them to BD-R if I want.
But why would either TrueCrypt or VeraCrypt pull the first 512 bytes of a container and concern itself with how big the container is? As a programmer, once again, that doesn't make sense to me that it would fail on a big container size. What's your reasoning there?

Pseudo-Code: Get first 512 bytes of container file. Done!

I "think" my 25GB container was made with TrueCrypt but I have no issues mounting it up with VeraCrypt. This brings up another good question though that I don't know the answer too. Are the two applications mutually exclusive in terms of mounting containers? I'm not opting in to use "TrueCrypt Mode" when I mount it so does that mean it "must be" a VeraCrypt volume? I don't know.

And where are the AES, TWOFISH, BLOWFISH options in the --help?
Find
Reply


Messages In This Thread
RE: TrueCrypt - Can I supply the encrypted container file on the command line? - by 4Str4yC4t - 02-04-2022, 03:40 PM