Posts: 4
Threads: 1
Joined: Dec 2023
Hello all,
Recent version of Veracrypt use by default AES256, XTS with SHA512 (even on boot-mode).
I have run several tests and I'm unable to bruteforce Veracrypt boot volume disk with the default parameters.
13721 | Veracrypt SHA512 + XTS 512 bit (Legacy) -> Work for default container, but not for boot mode !
29461 | Veracrypt SHA256 + XTS 512 bit + boot-mode -> Not working with SHA512
The only boot mode that ressemble is 29461. But it is SHA256 and not SHA512.
I think we need 13721 in boot mode, or 29461 in SHA512 !
Am I the only one ?
Thanks for your help !
Posts: 119
Threads: 1
Joined: Apr 2022
(12-12-2023, 04:00 PM)LK4RMA Wrote: Hello all,
Recent version of Veracrypt use by default AES256, XTS with SHA512 (even on boot-mode).
I have run several tests and I'm unable to bruteforce Veracrypt boot volume disk with the default parameters.
13721 | Veracrypt SHA512 + XTS 512 bit (Legacy) -> Work for default container, but not for boot mode !
29461 | Veracrypt SHA256 + XTS 512 bit + boot-mode -> Not working with SHA512
The only boot mode that ressemble is 29461. But it is SHA256 and not SHA512.
I think we need 13721 in boot mode, or 29461 in SHA512 !
Am I the only one ?
Thanks for your help !
Are you cracking on a binary or a hash? 13721 is for binaries, 29461 is for hashes. If you're trying to crack a hash made from vc boot default settings you should use mode 29421, and for a binary it's 13721. These modes work for both bootable and non-bootable.
Posts: 1
Threads: 0
Joined: Dec 2023
Do you have a binary or a hash that you are cracking?
Posts: 4
Threads: 1
Joined: Dec 2023
(12-14-2023, 01:25 AM)b8vr Wrote: (12-12-2023, 04:00 PM)LK4RMA Wrote: Hello all,
Recent version of Veracrypt use by default AES256, XTS with SHA512 (even on boot-mode).
I have run several tests and I'm unable to bruteforce Veracrypt boot volume disk with the default parameters.
13721 | Veracrypt SHA512 + XTS 512 bit (Legacy) -> Work for default container, but not for boot mode !
29461 | Veracrypt SHA256 + XTS 512 bit + boot-mode -> Not working with SHA512
The only boot mode that ressemble is 29461. But it is SHA256 and not SHA512.
I think we need 13721 in boot mode, or 29461 in SHA512 !
Am I the only one ?
Thanks for your help !
Are you cracking on a binary or a hash? 13721 is for binaries, 29461 is for hashes. If you're trying to crack a hash made from vc boot default settings you should use mode 29421, and for a binary it's 13721. These modes work for both bootable and non-bootable.
Hello ! Sorry for the late answer !
Thank you very much ! I understand now the difference between "binary data" and "hash" mode ^^
I used binary data for my tests. I followed the instruction on the wiki for boot mode (dumping 512 bytes starting with offset 31744 ).
I understand now that to get a hash I need to use the script Veracrypt2Hashcat.py.
Therefore I used Veracrypt2Hashcat.py on the raw encrypted partition (with offset mode set to "bootable").
I tried 29421 and others without success for now. But I think I'm doing something wrong. I'll keep experiementing !
Thanks !
Posts: 4
Threads: 1
Joined: Dec 2023
I confirm that for Boot Mode the hashmode 29421 don't seem to work.
13721 on the binary don't work either.
I used Veracrypt (version 1.25.7), default PIM, default setup (AES, SHA512, boot-mode)
Extracted the RAW encrypted partition with FTK Imager and converted it to hash format using Veracrypt2Hashcat.py.
Here is my hash (Password : Qwerty)
$veracrypt$219d1c590db37a3a2b612005beeae46843820e112ffe05c8ea58ed35675602285ba49dad26f6355598018a374576ad591a95af44b3de6eccadd8115defb6d75a$8b200c84118aa26079b9715a71107086a545bec9a9f84e7e92c2af0bc06dd4ae9774d43825c1f0146370692e5aabda88e62bcb456d6aacd4e29e3960b93546cbfb873d94a5b210be28e74cf113bafa97288e4280198d383b87a102c0f9ecca789a9722cfb06044718919dd3219d6b6250c7e613d8460b0c0cbde4ac24ecaf817aca14439ba2bab6d039a42b4ed6b5eb0fbf1053418a2afc76f4ac054dc8a6c32b9b65629fc10a49da880abae3225ec3a708b8bfa98277f7eb9353706b3490bf787cda5932f015658b5b656ff3317b8f9562370ec4ad0ee285beaa9cc507b9b302da883cc20c26fdad7dce158d230af3d5bf70e2833ac7b50d62247490b9235029df3a14efe8f9d8120e633b3a398973617908c1ba708291cfb5248cbdbf0e0bc43bee64d731021c254a87360c914194f089769689efa6c17c5b0da9b819e64561e6405c7e549c8f014dd79d6748a190488e5e98faffae9a753de55ef992dcf68b268de3c113903e908244c4d2516d3d66b7da18774baf6cbb2b919934e2e652c832f6b5682de90e60f9e93c145d3d22caa52689f16e84e38816b7b5940871bf2a75cc02c540ee6f4832cd1f80ec7e6746dd3d43932121f11a56a9abe4139c165
Maybe a special hash format in "boot-mode" is required ?
(There is no "boot-mode" with SHA512..)
Thank you very much for your help..
Posts: 890
Threads: 15
Joined: Sep 2017
need some time for preparing a testsetup, so be patient, will write back tomorrow
Posts: 890
Threads: 15
Joined: Sep 2017
TLDR;
okay got it
mode 29421 up to 29423 are capable of cracking
you need to extract the data from the physical disk, not the partition and then extract the needed hash with
veracrypt2hashcat.py --offset bootable
to verify:
i used hxd to extract the first 5mb from the physical disk and also the first 5 mb of the windows-partition after installing and encrypting the windows system with veracrypt, default setup
then i used these two binary-data files with Veracrypt2Hashcat.py and all possible offset options, gaining 8 different hashes (2 are empty), running hashcat agaings these hashes and sucessfull cracked "Qwerty"
the funny thing is, hashcat already tells, that all of these hashes, except for one (see mssing error for line 6), seems not "right"
Code:
Hashfile 'vera-hashes.txt' on line 1 (partit...0000000000008a01a301b901000055aa): Insufficient entropy exception
Hashfile 'vera-hashes.txt' on line 2 (partit...f826f926fa26fb26fc26fd26fe26ff26): Insufficient entropy exception
Hashfile 'vera-hashes.txt' on line 3 (partit...f868f968fa68fb68fc68fd68fe68ff68): Insufficient entropy exception
Hashfile 'vera-hashes.txt' on line 4 (partit...f8a6f9a6faa6fba6fca6fda6fea6ffa6): Insufficient entropy exception
Hashfile 'vera-hashes.txt' on line 5 (hdd_0:...000000000000000000000000000055aa): Insufficient entropy exception
Hashfile 'vera-hashes.txt' on line 7 (hdd_hi...00000000000000000000000000000000): Insufficient entropy exception
Hashfile 'vera-hashes.txt' on line 8 (hdd_bo...00000000000000000000000000000000): Insufficient entropy exception
Posts: 4
Threads: 1
Joined: Dec 2023
(01-10-2024, 09:52 PM)Snoopy Wrote: TLDR;
okay got it
mode 29421 up to 29423 are capable of cracking
you need to extract the data from the physical disk, not the partition and then extract the needed hash with
veracrypt2hashcat.py --offset bootable
to verify:
i used hxd to extract the first 5mb from the physical disk and also the first 5 mb of the windows-partition after installing and encrypting the windows system with veracrypt, default setup
then i used these two binary-data files with Veracrypt2Hashcat.py and all possible offset options, gaining 8 different hashes (2 are empty), running hashcat agaings these hashes and sucessfull cracked "Qwerty"
the funny thing is, hashcat already tells, that all of these hashes, except for one (see mssing error for line 6), seems not "right"
Code:
Hashfile 'vera-hashes.txt' on line 1 (partit...0000000000008a01a301b901000055aa): Insufficient entropy exception
Hashfile 'vera-hashes.txt' on line 2 (partit...f826f926fa26fb26fc26fd26fe26ff26): Insufficient entropy exception
Hashfile 'vera-hashes.txt' on line 3 (partit...f868f968fa68fb68fc68fd68fe68ff68): Insufficient entropy exception
Hashfile 'vera-hashes.txt' on line 4 (partit...f8a6f9a6faa6fba6fca6fda6fea6ffa6): Insufficient entropy exception
Hashfile 'vera-hashes.txt' on line 5 (hdd_0:...000000000000000000000000000055aa): Insufficient entropy exception
Hashfile 'vera-hashes.txt' on line 7 (hdd_hi...00000000000000000000000000000000): Insufficient entropy exception
Hashfile 'vera-hashes.txt' on line 8 (hdd_bo...00000000000000000000000000000000): Insufficient entropy exception
Thank you very much !! It's working now !!
I didn't expect the hash to be extracted from the beginning of the physical partition.
I thought I had to skip the EFI partition.
For my part I used a VM, so I needed to convert the vdi snapshot to RAW.
Used Veracrypt2Hashcat on the RAW partition and it's good !!
Thank you so much !!
Back to work hehe