Decrypting a veracrypt drive when the set of possible passwords is relatively small
#1
Hi everyone,

I have an external hard drive that is encrypted with veracrypt. Unfortunately, the password is not known anymore. However, the set of possible passwords is probably small enough (probably < 100 possible passwords of length at most 35, probably less) that I would like to brute force. The encrypted drive was only set up recently, so I guess/hope it is encrypted with the default settings.

I've read https://hashcat.net/wiki/doku.php?id=fre...pt_volumes, but I have no experience with hashcat. Say I have the following:
  • list of possible passwords
  • access to the external hard drive to extract the start bit

Could you please tell me which commands I should use for a start? I'm a bit overwhelmed with all the options. With an example dd and hashcat command, I could probably figure out the rest on my own or ask some follow-up questions.

Any help would be greatly appreciated!

Thanks!
Reply
#2
step 0 - make a new veracrypt container with a known password in order to test/validate the following steps
step 1 - extract the hash, use for example veracrypt2hashcat as found in the tools-folder
step 2 - determine the correct mode (see https://hashcat.net/wiki/doku.php?id=example_hashes) - it will be something in the 294xx
step 3 - try to crack it with the appropriate command line - if you're stuck: read the faq or lookup some tutorials on YT; you'll learn a lot !
step 4 - once you've validated all these steps by succesfull cracking your test container, apply the same methodology to your real-case container

good luck!
Reply