Cracking VeraCrypt system drive encryption
#1
Hi,

I want to crack a VeraCrypt system drive password but haven't had any luck so far. I read some threads; this one for example was very helpful. But it doesn’t work on my case.

For testing purposes, I took a Windows 7 VM (VMware Workstation 17 Player), installed VeraCrypt 1.25.9 and encrypted the system partition (normal, not hidden) with a simple password "9988". A screenshot from VeraCrypt of the volume properties is attached. The system drive has MBR as partition style and two partitions on it: a 136 MB system reserved partition and the windows partition.

Now I mounted a The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux ISO file to this virtual machine and booted the VM with The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) Linux. I created a small script to get sector 0 and 62 from the encrypted disk and its partitions, as well as running hashcat (version 6.2.6) with several VeraCrypt methods:

Code:
#!/bin/bash
for s in 0 62
do
  sudo dd if=/dev/sda  of=vc_hash_disk__sector$s  skip=$(($s * 512)) bs=512 count=1
  sudo dd if=/dev/sda1 of=vc_hash_part1_sector$s  skip=$(($s * 512)) bs=512 count=1
  sudo dd if=/dev/sda2 of=vc_hash_part2_sector$s  skip=$(($s * 512)) bs=512 count=1
done

echo "exit codes: https://github.com/hashcat/hashcat/blob/master/docs/status_codes.txt" > hashcat_verycrypt.log

for h in $(ls vc_hash_*) ; do
  for p in 137 294  ; do  # 137=legacy 294=new
    for x in 5 6    ; do  # 2=PBKDF2-HMAC-SHA512, 5=PBKDF2-HMAC-SHA256, 6=PBKDF2-HMAC-SHA256 + boot-mode
      for y in 1 2 3 ; do  # 1=XTS 512 bit, 2=XTS 1024 bit, 3=XTS 1536 bit
        hashcat -m $p$x$y -w 4 -a 3 -o cracked_$h_$p$x$y.txt $h 99?d8
        exitcode=$?
        echo "$(date -Iseconds) $h, -m $p$x$y -- exit code $exitcode" >> hashcat_verycrypt.log
      done
    done
  done
done
ls cracked*

However, no method solved the mystery. Another noticeable thing is that hashcat always ends with the exit code 255 for the VeraCrypt methods 294XY.

What do I wrong? Are the extracted hashes from the right position of the disk? (I have them attached also]) Or am I doing something other wrong with the hashcat parameters?

many thanks in advance


Attached Files
.zip   hashes_veracyrpt_pass_9988.zip (Size: 4.52 KB / Downloads: 0)
.jpg   screenshot_veracrypt.jpg (Size: 112.15 KB / Downloads: 1)
Reply
#2
It seems a bit over complicated. But first, the 294XX veracrypt modes are the new modes used, if you have used veracrypt2hashcat.py to extract the needed content. If you're using dd or similar, you need the 137XX modes.
If the encrypted disk is a system disk (bootable) you need to dd the data from sector offset 62, so something like dd if=/dev/sda bs=512 count=1 skip=62 of=512byteheader.
You could also play around with veracrypt2hashcat, but then you need to upgrade hashcat to 6.2.6.
Reply
#3
Hi b8vr!

I had created the script for the different sectors and VeraCrypt modes out of desperation, because my manual attempts always failed and I then wanted to play through the different combinations systematically.

My biggest thinking error seems to have been with the dd command, because on the one hand I specified the block size 512, but for the skip parameter I specified the number of bytes instead of the number of blocks.

Many thanks for this food for thought, so it works now:

Code:
sudo dd if=/dev/sda of=vc_hash_disk skip=62 bs=512 count=1
hashcat -m 13761 -w 4 -a 3 vc_hash_disk 99?d8
Reply
#4
jfyi

when you already extracted the right sector, you can use to preshipped veracrypt2hashcat.py script without a given offset, located under tools to get the textform style of your binary input, this way you can attack multiple inputs at once

also this way you can verify, that the combined modes XTS 1536 bit will also crack XTS 512 and XTS 1024 (same base mode) if input is a non cascaded, plain veracypt mode (XTS 512), of course this will reduce the performance by factor 3 but you dont have to do 3 runs if its really a cascaded XTS 1536
Reply