False Positive Crack on VeraCrypt
#1
Hey, 

I got 3 times False Positive cracked results on a VeraCrypt hidden partition using SHA-512  + XTS 1536bit (-m 13723) and --veracrypt-keyfiles. each time the password is different, none of them can open the Partition using the VeraCrypt app.
Even stranger is the fact that the crack is not consistent, meaning, if I will run another session with the same dictionary it won't crack. 

Any ideas?

Using 2 AMD GPUs with
OpenCL API (OpenCL 2.2 AMD-APP (3417.0))
hashcat (v6.2.5)
Reply
#2
did you extract the right 512 bytes?

https://hashcat.net/wiki/doku.php?id=fre...pt_volumes

is the attack target a testsetup where you know the plainpassword and hashing + encryption algorithm?

xts 1536 is only needed for cascaded encryptions (3) the default setting with veracrypt is SHA-512 - XTS 512
Reply
#3
(06-23-2022, 06:51 PM)Snoopy Wrote: did you extract the right 512 bytes?

https://hashcat.net/wiki/doku.php?id=fre...pt_volumes

is the attack target a testsetup where you know the plainpassword and hashing + encryption algorithm?

xts 1536 is only needed for cascaded encryptions (3) the default setting with veracrypt is SHA-512 - XTS 512

I think I'm extracting good, skip is using 512 blocks so the result is 65,536 bytes skip
(65,536 is also what the console print after executing the dd)

dd.exe if=\\?\Device\Harddisk8\Partition3 of=hash.tc bs=512 count=1 skip=128

it's not a test but I run also a test and in the test the crack is positive-positive (same settings with xts 1536)
I use xts 1536 intationally as the hash is 3 cascaded encryptions.
Reply