Format for specifying VeraCrypt keyfiles in Hashcat
#1
I'm noobing out in quarantine and figured I might as well make use of the time by learning Hashcat. I've figured out how to "crack" a VeraCrypt or TrueCrypt container with standard and hidden volumes using a wordlist. I'm now working on partitions. So far, I've successfully "cracked" the standard outer volume, but to make things tough, I added keyfiles to the hidden inner volume. There's not much information online at how to actually specify keyfiles in hashcat, so I hope some kind soul might offer me some enlightenment.

First, I DD'd the hash, like I did with the containers and outer volume of the partition:

dd if=\\?\device\Harddisk7\Partition1 of=..\test.dat.vc skip=65536 bs=512 count=1

The only difference here from the outer volume is I added skip=65536 to grab the hash for the hidden volume. That worked for the containers, so I can only assume it works for partitions as well.

Second, why I overly complicated matters by choosing 100 keyfiles broken into several folders, only my boredom could tell you, but I did. Unfortunately. Now I THINK VC/TC just grabs all the keyfiles in a folder when you specify a directory, so even though I used multiple folders when creating my test volume, I combined them in the hashcat directory to make referencing easier. That assumption could very well be my downfall here, but anyway, here's my command:

hashcat -a 0 -w 2 -m 13733 ..\test.dat.vc ..\wordlist.txt --veracrypt-keyf=keyfiles,keyfiles_1,keyfiles_10,keyfiles_11,keyfiles_12,keyfiles_13,keyfiles_14,keyfiles_15,keyfiles_16,keyfiles_17,keyfiles_18,keyfiles_19,keyfiles_2,keyfiles_20,keyfiles_21,keyfiles_22,keyfiles_23,keyfiles_24,keyfiles_3,keyfiles_4,keyfiles_5,keyfiles_6,keyfiles_7,keyfiles_8,keyfiles_9,keyfiles_25,keyfiles_26,keyfiles_27,keyfiles_28,keyfiles_29,keyfiles_30,keyfiles_31,keyfiles_32,keyfiles_33,keyfiles_34,keyfiles_35,keyfiles_36,keyfiles_37,keyfiles_38,keyfiles_39,keyfiles_40,keyfiles_41,keyfiles_42,keyfiles_43,keyfiles_44,keyfiles_45,keyfiles_46,keyfiles_47,keyfiles_48,keyfiles_49,keyfiles_50,keyfiles_51,keyfiles_52,keyfiles_53,keyfiles_54,keyfiles_55,keyfiles_56,keyfiles_57,keyfiles_58,keyfiles_59,keyfiles_60,keyfiles_61,keyfiles_62,keyfiles_63,keyfiles_64,keyfiles_65,keyfiles_66,keyfiles_67,keyfiles_68,keyfiles_69,keyfiles_70,keyfiles_71,keyfiles_72,keyfiles_73,keyfiles_74,keyfiles_75,keyfiles_76,keyfiles_77,keyfiles_78,keyfiles_79,keyfiles_80,keyfiles_81,keyfiles_82,keyfiles_83,keyfiles_84,keyfiles_85,keyfiles_86,keyfiles_87,keyfiles_88,keyfiles_89,keyfiles_90,keyfiles_91,keyfiles_92,keyfiles_93,keyfiles_94,keyfiles_95,keyfiles_96,keyfiles_97,keyfiles_98,keyfiles_99 -o ..\output.txt

I really have no idea how to specify the keyfiles. The only information I've found anywhere was in the Hashcat Wiki in a single line:

--veracrypt-keyfiles | File | Keyfiles to use, separated with commas | --veracrypt-keyf=x.txt

I originally thought maybe I could specify a text file that in turn contains a list of names of keyfiles in the same folder, but I then I thought it was just trying to use the text file as the one and only keyfile. Therefore, I put them all in the command itself.

FYI, I used a similar format for the outer volume and it worked fine. The only differences were no keyfiles and the mode (-m 13733) was different. I again wanted to complicate things with a cascading encryption scheme.
Does anyone know anything about this? At this point, I'm just guessing and using trial and error, and running out of things to try...
Reply
#2
You can't add a file path to --veracrypt-keyfiles. I talked with @atom about this. And as I remember, if you used more than one keyfile when encrypting your volume, you're probably f*cked. I'm pretty sure that the way it works with --veracrypt-keyfiles, is that it tries each of the given files, but none if them in combination.
Reply
#3
(01-24-2023, 04:17 PM)b8vr Wrote: You can't add a file path to --veracrypt-keyfiles. I talked with @atom about this. And as I remember, if you used more than one keyfile when encrypting your volume, you're probably f*cked. I'm pretty sure that the way it works with --veracrypt-keyfiles, is that it tries each of the given files, but none if them in combination.

Well that genuinely sucks. But thank you for your input. Smile
Reply
#4
(01-24-2023, 06:24 PM)0260n4s Wrote:
(01-24-2023, 04:17 PM)b8vr Wrote: You can't add a file path to --veracrypt-keyfiles. I talked with @atom about this. And as I remember, if you used more than one keyfile when encrypting your volume, you're probably f*cked. I'm pretty sure that the way it works with --veracrypt-keyfiles, is that it tries each of the given files, but none if them in combination.

Well that genuinely sucks. But thank you for your input. Smile

I've simplified things to work up in stages. I've removed all keyfiles and only have a simple password protecting the hidden volume. Running DD without SKIP and testing with mode 13721 (SHA512/AES) works fine for finding the outer volume password. However, running DD with SKIP=65536 (which worked on containers) and then testing with mode 13733 (Whirlpool/3-Cascade, which worked on the containers) fails to find the correct hidden volume password in the list. I may still have keyfiles issues, but I'd like to make sure everything works up until that point, which evidently is not the case. Any clue what's going on?
Reply
#5
(01-24-2023, 04:17 PM)b8vr Wrote: You can't add a file path to --veracrypt-keyfiles. I talked with @atom about this. And as I remember, if you used more than one keyfile when encrypting your volume, you're probably f*cked. I'm pretty sure that the way it works with --veracrypt-keyfiles, is that it tries each of the given files, but none if them in combination.

I've run some more tests, and as it turns out, my original HASHCAT command works, even with 100 files.

My problem was with DD for Windows. The correct command should have been:
dd if=\\?\device\Harddisk7\Partition1 of=..\test.dat.vc skip=128 bs=512 count=1

When I first started experimenting with containers, I used "bs=1 skip=65536 count=512" and it worked fine (this is actually in the Hashcat FAQs). However, I had to transpose the BS and SKIP values with partitions to make them work. Apparently, SKIP multiplies the BS value to derive the actual number of bytes skipped. Thus, the original, incorrect command was skipping 33554432 bytes (i.e., 65536 x 512). To make it skip 65536 bytes, I had to divide that by the BS value of 512 to get 128. Then it correctly skipped 65536 and got the correct volume header, for which the above HASHCAT command worked just fine. Smile

I figured I should add my discovery here in case it helps someone in the future.
Reply