Today, 10:26 AM
Hi Guys, usually I try not to spam about my problems, I prefer to read, Google, and solve issues on my own. But this time I'm stuck, and it's a matter of life and death (especially since I didn't note my password because I thought, "It's obvious, so I will definitely remember it after the holidays. Doh!")
Background
A few months ago, I encrypted my boot partition and went on a good holiday. Standard procedure of encrypting system partition in Vera crypt
I forgot my password (I know keywords, digits, etc., so with Crunch, I'll be able to generate my dictionary).
Also, I’m not sure if I chose AES-512 or Whirlpool...
Tech steps
I dumped the first few MB of my disk:
dd if=/dev/nvme0n1 of=/root/hash bs=512 count=5120
Not using nvme0n1p1 (partitions)
Then I tried:
veracrypt2hash --offset bootable /root/hash
I’m getting some hash here—it would be nice to determine what type of hash it is to choose the right hash mode in Hashcat for cracking.
Next, I tried using Hashcat:
hashcat -a 0 -m 29421 hash combinations.txt (my dictionary). Unfortunately without luck
Also I tried 29421..3 without results
So my questions are:
Background
A few months ago, I encrypted my boot partition and went on a good holiday. Standard procedure of encrypting system partition in Vera crypt
I forgot my password (I know keywords, digits, etc., so with Crunch, I'll be able to generate my dictionary).
Also, I’m not sure if I chose AES-512 or Whirlpool...
Tech steps
I dumped the first few MB of my disk:
dd if=/dev/nvme0n1 of=/root/hash bs=512 count=5120
Not using nvme0n1p1 (partitions)
Then I tried:
veracrypt2hash --offset bootable /root/hash
I’m getting some hash here—it would be nice to determine what type of hash it is to choose the right hash mode in Hashcat for cracking.
Next, I tried using Hashcat:
hashcat -a 0 -m 29421 hash combinations.txt (my dictionary). Unfortunately without luck
Also I tried 29421..3 without results
So my questions are:
- Am I extracting the hash correctly? (The official documentation says that I should take 512B with offset 31744, but I did it without the proper effect). I read that veracrypt2hash should handle this.
- How to determine what type of hash it is? (is it actually possible?)
- Any suggestion would be more than welcome [I'm stuck]