hashcat Forum Support hashcat v
Cracking Veracrypt hidden volume - outer volume pw known

Threaded Mode
Cracking Veracrypt hidden volume - outer volume pw known
alain Online
Junior Member
**
Posts: 3
Threads: 1
Joined: Feb 2026
#1
Yesterday, 07:51 PM (This post was last modified: Yesterday, 07:52 PM by alain.)
Hi there,
if you can I would like some help cracking a veracrypt hidden volume, I know the password of the outer volume (it mounts and shows it's content correctly). Now, I would like to test some set of passwords first (variations of what I might have used for the correct password), so I created a file.txt with the list of passwords.
I think the algorithm used for the hidden volume are: Twofish (Serpent) + Whirlpool so I would like to start from here and if it doesn't work, keep trying with all the other algorithms.

I have a Ryzen 7 notebook APU, with no dedicated GPU, but since I have 2000 passwords to test it should suffice.

What is the correct command I should run? I already have "dd" installed and of course "hashcat".
Do I have to extract the hash from the container first? If so what is the correct command to be used?

Thank you.
Find
Reply
alain Online
Junior Member
**
Posts: 3
Threads: 1
Joined: Feb 2026
#2
Yesterday, 08:14 PM (This post was last modified: Yesterday, 08:16 PM by alain.)
I have extracted the header using these commands in Powershell:

$header = New-Object byte[] 512
[IO.File]::OpenRead("nameofcontainer.hc").Read($header, 0, 512) | Out-Null
[IO.File]::WriteAllBytes("header.bin", $header)

Is this correct? Or the position of the hidden header is elsewhere?
Find
Reply
b8vr Offline
Member
***
Posts: 156
Threads: 1
Joined: Apr 2022
#3
9 hours ago
(Yesterday, 08:14 PM)alain Wrote: I have extracted the header using these commands in Powershell:

$header = New-Object byte[] 512
[IO.File]::OpenRead("nameofcontainer.hc").Read($header, 0, 512) | Out-Null
[IO.File]::WriteAllBytes("header.bin", $header)

Is this correct? Or the position of the hidden header is elsewhere?

In hashcat there's a tools folder. It contains veracrypt2hashcat.py. Run that with the "hidden" option.
That will give you an actual hash you can work with in modules 294**
The header you need for the hidden container is located at a different offset from the outer container, which is what you extracted with your command.
Find
Reply
alain Online
Junior Member
**
Posts: 3
Threads: 1
Joined: Feb 2026
#4
44 minutes ago (This post was last modified: 43 minutes ago by alain.)
(9 hours ago)b8vr Wrote: In hashcat there's a tools folder. It contains veracrypt2hashcat.py. Run that with the "hidden" option.
That will give you an actual hash you can work with in modules 294**
The header you need for the hidden container is located at a different offset from the outer container, which is what you extracted with your command.

That's awesome, thank you for pointing that out.

To extract the hidden header is this command correct?
Code:
python veracrypt2hashcat.py --offset hidden "NameOfContainer.hc" > hash.txt

("NameOfContainer.hc" is replaced with the real name of the container that needs to be cracked)
Find
Reply