NeoBackup (AES-GCM encrypted .tar.gz)
#1
Question 
I'm attempting to recover my NeoBackup backups (https://github.com/NeoApplications/Neo-Backup) after the unfortunate discovery that my decryption password was never saved correctly.

NeoBackup encrypts its .tar.gz backups using AES-GCM and a pbkdf2-sha256 key. I have the nonce/IV used for the AES encryption, as well as the salt and # of iterations (2020) used for the key. https://github.com/Tiefkuehlpizze/OABXDe...decrypt.py is a simple python script using pycryptodome that can decrypt any NeoBackup backup given the right IV (loaded from a plaintext .properties file) and password.

Some of the backups I want to recover are <1kb and I just need to extract the pbkdf2-sha256 password once to unlock the rest of the backups.

Is recovering these backups possible for hashcat? Is it even possible to extract the hash from one of these backups?

Thanks, and let me know if there are other details or examples I can provide.
Reply