Help with Axcrypt
#1
Hi there,
I need to recover the pass for an .axx file...how can I extract the hash? Can't find so much online, I'm really noob at this but i want to learn how to use this great tool...thanks for the help
#2
You can just use axcrypt2john.py (btw: the format - an example "hash" - is also mentioned here: https://hashcat.net/wiki/example_hashes )
#3
(08-11-2016, 12:39 PM)philsmd Wrote: You can just use axcrypt2john.py (btw: the format - an example "hash" - is also mentioned here: https://hashcat.net/wiki/example_hashes )

Thanks! I've just download axcrypt2john.py but it says "invalid syntax" when I try to use it...

Using windows prompt i go into run folder, I also put my file there...than typing "axcrypt2john.py file.axx >file.hash" I got invalid syntax error...sorry I'm wasting your time...
#4
I'm not sure about the exact error message you get but if it is a python error you should probably use a different (version of) Python (maybe Python 2.7 at least).
Since you didn't show the full error message, nor which tool the output originates, I can't recommend more than just try different versions of python and maybe try it on linux too (but in theory Python should work the same way on both platforms).
#5
AFAIK the axcrypt2john.py tool was updated recently, too. So make sure you use the latest version from github
#6
Hello,

This is Svante, the author of AxCrypt. The terminology is a bit confusing, AxCrypt is not a hashed password store, so what you're looking for is not a hash as such, but the KeyWrap1, A 128-bit Data Enc Key wrapped with 128-bit KEK, Header Block Type 4. Not sure just what parameters hashcat requires but you may have to break out the iteration count as well. See http://www.axcrypt.net/documentation/technical/ for a description of the file formats. AxCrypt 1 and AxCrypt 2 differs, but the general idea is the same. If you have a file encrypted with AxCrypt 2, it's Header Block Type 13 you want - but I don't think hashcat supports this currently.

The AxCrypt module for Hashcat also supports breaking AxCrypt 1 in-memory representation of the password derived key, but this is typically only useful if you are attacking a running AxCrypt process where the legitimate user has entered the password. It is unlikely to be useful for legitimate password recovery.