Getting a Hash Via DD From a VeraCrypt File
Hi All,

Been trying to test a dictionary attack against a VeraCrypt container that I know the password for and not getting much joy.

I am able to successfully dictionary attack the TrueCrypt AES test file provided from this website so the process isnt going wrong there.

I believe I am not correctly extracting the hash from the VeraCrypt file.
On the wiki it says:
if you are cracking a single TrueCrypt file instead of a physical disk, you need the first 512 Bytes of the file.
So the command I am using with DD (on Windows) is:
dd.exe if=test bs=512 count=1

Also, someone mentioned that hashcat can be pointed directly at the VeraCrypt file? Can someone confirm if this is true please as I have tried that as well with no joy.

Many thanks all,
Yes you can use the file directly, it's typically just easiert to transfer only the first 512 byte. Anyway it must get cracked if the password is correct and it doesn't make a difference if you use the first 512 byte or the entire volume. Note that you have to run different command if you are using a boot disc, a pim, or a hidden device.
Thanks for your reply.

I tried it again and managed to crack it both by just using the hash and the entire volume.
I think with all this being fairly new to me I was getting a bit confused and very tired, user error on my behalf!

Now just gotta get crunch working for a proper password list but need to do more research first.

Thanks again.
... if you are using crunch together with hashcat you are probably doing something wrong (well, this might not always be the case, but most of the time for new users!)
hashcat has all the attack modes/features you need to do the same
Bloody hell this is a good program, I see what you mean philsmd, I was using dictionary attack mode while trying to create a password list based on set parameters, but hashcat can do that in bruteforce mode!
Thanks for saving me quite some time!
Defo gonna donate to this project Smile

Now gonna look into seeing if I can stop and start the process without having to start again from scratch after restart, I think I read somewhere that hashcat can do that.