01-24-2023, 01:34 PM
I'm noobing out in quarantine and figured I might as well make use of the time by learning Hashcat. I've figured out how to "crack" a VeraCrypt or TrueCrypt container with standard and hidden volumes using a wordlist. I'm now working on partitions. So far, I've successfully "cracked" the standard outer volume, but to make things tough, I added keyfiles to the hidden inner volume. There's not much information online at how to actually specify keyfiles in hashcat, so I hope some kind soul might offer me some enlightenment.
First, I DD'd the hash, like I did with the containers and outer volume of the partition:
dd if=\\?\device\Harddisk7\Partition1 of=..\test.dat.vc skip=65536 bs=512 count=1
The only difference here from the outer volume is I added skip=65536 to grab the hash for the hidden volume. That worked for the containers, so I can only assume it works for partitions as well.
Second, why I overly complicated matters by choosing 100 keyfiles broken into several folders, only my boredom could tell you, but I did. Unfortunately. Now I THINK VC/TC just grabs all the keyfiles in a folder when you specify a directory, so even though I used multiple folders when creating my test volume, I combined them in the hashcat directory to make referencing easier. That assumption could very well be my downfall here, but anyway, here's my command:
hashcat -a 0 -w 2 -m 13733 ..\test.dat.vc ..\wordlist.txt --veracrypt-keyf=keyfiles,keyfiles_1,keyfiles_10,keyfiles_11,keyfiles_12,keyfiles_13,keyfiles_14,keyfiles_15,keyfiles_16,keyfiles_17,keyfiles_18,keyfiles_19,keyfiles_2,keyfiles_20,keyfiles_21,keyfiles_22,keyfiles_23,keyfiles_24,keyfiles_3,keyfiles_4,keyfiles_5,keyfiles_6,keyfiles_7,keyfiles_8,keyfiles_9,keyfiles_25,keyfiles_26,keyfiles_27,keyfiles_28,keyfiles_29,keyfiles_30,keyfiles_31,keyfiles_32,keyfiles_33,keyfiles_34,keyfiles_35,keyfiles_36,keyfiles_37,keyfiles_38,keyfiles_39,keyfiles_40,keyfiles_41,keyfiles_42,keyfiles_43,keyfiles_44,keyfiles_45,keyfiles_46,keyfiles_47,keyfiles_48,keyfiles_49,keyfiles_50,keyfiles_51,keyfiles_52,keyfiles_53,keyfiles_54,keyfiles_55,keyfiles_56,keyfiles_57,keyfiles_58,keyfiles_59,keyfiles_60,keyfiles_61,keyfiles_62,keyfiles_63,keyfiles_64,keyfiles_65,keyfiles_66,keyfiles_67,keyfiles_68,keyfiles_69,keyfiles_70,keyfiles_71,keyfiles_72,keyfiles_73,keyfiles_74,keyfiles_75,keyfiles_76,keyfiles_77,keyfiles_78,keyfiles_79,keyfiles_80,keyfiles_81,keyfiles_82,keyfiles_83,keyfiles_84,keyfiles_85,keyfiles_86,keyfiles_87,keyfiles_88,keyfiles_89,keyfiles_90,keyfiles_91,keyfiles_92,keyfiles_93,keyfiles_94,keyfiles_95,keyfiles_96,keyfiles_97,keyfiles_98,keyfiles_99 -o ..\output.txt
I really have no idea how to specify the keyfiles. The only information I've found anywhere was in the Hashcat Wiki in a single line:
--veracrypt-keyfiles | File | Keyfiles to use, separated with commas | --veracrypt-keyf=x.txt
I originally thought maybe I could specify a text file that in turn contains a list of names of keyfiles in the same folder, but I then I thought it was just trying to use the text file as the one and only keyfile. Therefore, I put them all in the command itself.
FYI, I used a similar format for the outer volume and it worked fine. The only differences were no keyfiles and the mode (-m 13733) was different. I again wanted to complicate things with a cascading encryption scheme.
Does anyone know anything about this? At this point, I'm just guessing and using trial and error, and running out of things to try...
First, I DD'd the hash, like I did with the containers and outer volume of the partition:
dd if=\\?\device\Harddisk7\Partition1 of=..\test.dat.vc skip=65536 bs=512 count=1
The only difference here from the outer volume is I added skip=65536 to grab the hash for the hidden volume. That worked for the containers, so I can only assume it works for partitions as well.
Second, why I overly complicated matters by choosing 100 keyfiles broken into several folders, only my boredom could tell you, but I did. Unfortunately. Now I THINK VC/TC just grabs all the keyfiles in a folder when you specify a directory, so even though I used multiple folders when creating my test volume, I combined them in the hashcat directory to make referencing easier. That assumption could very well be my downfall here, but anyway, here's my command:
hashcat -a 0 -w 2 -m 13733 ..\test.dat.vc ..\wordlist.txt --veracrypt-keyf=keyfiles,keyfiles_1,keyfiles_10,keyfiles_11,keyfiles_12,keyfiles_13,keyfiles_14,keyfiles_15,keyfiles_16,keyfiles_17,keyfiles_18,keyfiles_19,keyfiles_2,keyfiles_20,keyfiles_21,keyfiles_22,keyfiles_23,keyfiles_24,keyfiles_3,keyfiles_4,keyfiles_5,keyfiles_6,keyfiles_7,keyfiles_8,keyfiles_9,keyfiles_25,keyfiles_26,keyfiles_27,keyfiles_28,keyfiles_29,keyfiles_30,keyfiles_31,keyfiles_32,keyfiles_33,keyfiles_34,keyfiles_35,keyfiles_36,keyfiles_37,keyfiles_38,keyfiles_39,keyfiles_40,keyfiles_41,keyfiles_42,keyfiles_43,keyfiles_44,keyfiles_45,keyfiles_46,keyfiles_47,keyfiles_48,keyfiles_49,keyfiles_50,keyfiles_51,keyfiles_52,keyfiles_53,keyfiles_54,keyfiles_55,keyfiles_56,keyfiles_57,keyfiles_58,keyfiles_59,keyfiles_60,keyfiles_61,keyfiles_62,keyfiles_63,keyfiles_64,keyfiles_65,keyfiles_66,keyfiles_67,keyfiles_68,keyfiles_69,keyfiles_70,keyfiles_71,keyfiles_72,keyfiles_73,keyfiles_74,keyfiles_75,keyfiles_76,keyfiles_77,keyfiles_78,keyfiles_79,keyfiles_80,keyfiles_81,keyfiles_82,keyfiles_83,keyfiles_84,keyfiles_85,keyfiles_86,keyfiles_87,keyfiles_88,keyfiles_89,keyfiles_90,keyfiles_91,keyfiles_92,keyfiles_93,keyfiles_94,keyfiles_95,keyfiles_96,keyfiles_97,keyfiles_98,keyfiles_99 -o ..\output.txt
I really have no idea how to specify the keyfiles. The only information I've found anywhere was in the Hashcat Wiki in a single line:
--veracrypt-keyfiles | File | Keyfiles to use, separated with commas | --veracrypt-keyf=x.txt
I originally thought maybe I could specify a text file that in turn contains a list of names of keyfiles in the same folder, but I then I thought it was just trying to use the text file as the one and only keyfile. Therefore, I put them all in the command itself.
FYI, I used a similar format for the outer volume and it worked fine. The only differences were no keyfiles and the mode (-m 13733) was different. I again wanted to complicate things with a cascading encryption scheme.
Does anyone know anything about this? At this point, I'm just guessing and using trial and error, and running out of things to try...
