VeraCrypt test

[Begemot_alot]

Hello!
There is an encrypted VeraCrypt system disk. One os. AES+Whirlpool. I know the password. I decided to try hacking through a hashcut.
I'm loading through Linux.
sudo dd if=/dev/nvme0n1 of=data skip=31744 bs=512 count=1
hashcat -m 13731 -a 3 data 'Pass?s'
 
But there is no result.
Disk nvme.
100MB EFI System
16MB Microsoft reserved
237GB Micr. basic data
 
Is the hash definition problem?

[Begemot_alot]

Skip=62. Problem solved

[Banaanhangwagen]

You used -m 13731 which is the mode for a non-bootable partition, while you extracted 512 bytes to "data" like it is a bootable-partition.

Please double-check if you selected during configuration Veracrypt for the bootable partition or for a non-bootable partition. It matters because you need to skip some sectors first if dealing with a bootable encrypted partition (like you did). If it is a non bootable partition, you don't need to skip.

Once you determined this, make sure to use the correct mode.

Finally, 31744 is the offset; you need to skip the sectors which is 31744 / 512 = 62

[Snoopy]

jfyi

use the new non binary mode version for attacking true/veracrypt mode 294** and the provided true/veracrypt2hashcat.py

just simple extract the first 1-2 megabytes of the disk (or partition depends on the setup) and use the script with all possible offsets (no, hidden, bootable bootlable+hidden (just take a look in the options) this way the script even tells you, whether the extracted hash is okay or not (missing entropy)

edit: use the newes script provided with the beta https://hashcat.net/beta/

[crafcik612]

Skip=62. Problem solved

Why it helped?


___________________________
serwery minecraft