Hashcat and Sandisk Secure Access
#1
Well, I finally got oclHashcat (cuda) running on The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)-linux. I am using the Nvidia GTX-750ti. I have been messing with dictionary attacks, combinations and mostly mask attacks. Some time ago I encrypted a Sandisk 32 Gb drive. Not only did I encrypt it with a password, I did it after I had taken my Ambien. Needless to say, I might as well have had my neighbor come over and put in a password because I have no idea what it is. The one thing I am confused about is salts. I understand what they are, websites use them all the time because a lot of people use simple passwords. When I was digging around in the Sandiskdrive, I found two hashes. I put them into the Hash-Id and they are SHA-512's. I am confused because I thought a salt was a simple phrase that was then combined with your password giving you one hash? I've included a pic. The hashes are
"6401c89f3971af3fd2819e574ac2576b40a601e0b01863153162cc0db6ddfe15"
-and -
"8b3da1a5185f3a257cbf82bfe10855428a0cf33593294fddec5b4c76f3bd3d4e1a805f4b8663ff1af8207e87d848d2d5f60b6d1d45db79398886a42aaeee6d22"
If anyone could point me in the right direction, I would be so grateful.
Thanks
#2
I just read on another post not to list hashes. My bad. I am not asking anyone to crack them. Just general info on the salt:pass options. And why there are two hashes whith one password.
#3
How exactly did you extract these hashes? Did you follow some tutorial or documentation that describes the encryption technology used on this device?

Typically with FDE there are no hashes; the password is passed through a key derivation function (KDF) to generate an encryption key, which is used to encrypt the "real" encryption key. The only way to know if the correct password has been supplied is to attempt to decrypt the master key then use the decrypted master key to unlock the device.
#4
(04-21-2015, 06:43 AM)epixoip Wrote: How exactly did you extract these hashes? Did you follow some tutorial or documentation that describes the encryption technology used on this device?

Typically with FDE there are no hashes; the password is passed through a key derivation function (KDF) to generate an encryption key, which is used to encrypt the "real" encryption key. The only way to know if the correct password has been supplied is to attempt to decrypt the master key then use the decrypted master key to unlock the device.
I will do more research. So are you talking about hardware encryption?
I got the information from a ui.res (resources) file. I am trying to attach a picture. It says, controlTest="8b*********" . then below that there is a control="64*************" Since you know a lot about hardware, I have an old Western Digital my passport drive. I encrypted that then the drive went back. Is there any way to get the data off? I have the password, but the chip that did the encrypting went bad.