Posts: 2
Threads: 1
Joined: May 2024
05-14-2024, 08:04 AM
(This post was last modified: 05-14-2024, 08:04 AM by Begemot_alot.)
Hello!
There is an encrypted VeraCrypt system disk. One os. AES+Whirlpool. I know the password. I decided to try hacking through a hashcut.
I'm loading through Linux.
sudo dd if=/dev/nvme0n1 of=data skip=31744 bs=512 count=1
hashcat -m 13731 -a 3 data 'Pass?s'
But there is no result.
Disk nvme.
100MB EFI System
16MB Microsoft reserved
237GB Micr. basic data
Is the hash definition problem?
Posts: 2
Threads: 1
Joined: May 2024
Posts: 165
Threads: 5
Joined: Mar 2018
05-14-2024, 10:11 AM
(This post was last modified: 05-14-2024, 10:19 AM by Banaanhangwagen.)
You used -m 13731 which is the mode for a non-bootable partition, while you extracted 512 bytes to "data" like it is a bootable-partition.
Please double-check if you selected during configuration Veracrypt for the bootable partition or for a non-bootable partition. It matters because you need to skip some sectors first if dealing with a bootable encrypted partition (like you did). If it is a non bootable partition, you don't need to skip.
Once you determined this, make sure to use the correct mode.
Finally, 31744 is the offset; you need to skip the sectors which is 31744 / 512 = 62
Posts: 889
Threads: 15
Joined: Sep 2017
05-14-2024, 11:21 AM
(This post was last modified: 05-14-2024, 11:23 AM by Snoopy.)
jfyi
use the new non binary mode version for attacking true/veracrypt mode 294** and the provided true/veracrypt2hashcat.py
just simple extract the first 1-2 megabytes of the disk (or partition depends on the setup) and use the script with all possible offsets (no, hidden, bootable bootlable+hidden (just take a look in the options) this way the script even tells you, whether the extracted hash is okay or not (missing entropy)
edit: use the newes script provided with the beta
https://hashcat.net/beta/
Posts: 1
Threads: 0
Joined: May 2024
(05-14-2024, 09:40 AM)Begemot_alot Wrote: Skip=62. Problem solved
Why it helped?
___________________________
serwery minecraft