How can I crack a veracrypt encrypted partition?
#1
Question 
Hi everyone,
in the last 2 days i tried to figure out, how to crack my encrypted partition. My 1st problem is: how do I get the hash of the password used for the encryption? If I'm right, the hash of the password is the basic to crack it. I'm using Win 8.1. The partition is encrypted with AES+SHA512.
I looked in several other posts, but every post I found to encrypted partitions, was closed or not online anymore.
Thanks!
Reply
#2
https://hashcat.net/forum/thread-5699.html

a quick search of the forum
Reply
#3
Quote:https://hashcat.net/forum/thread-5699.html

a quick search of the forum
There is no description on how to get the hash using WINDOWS in this thread. Is there any good tutorial?

thx
Reply
#4
https://hashcat.net/wiki/doku.php?id=fre...pt_volumes TrueCrypt and VeraCrypt extraction is the same
Reply
#5
Quote:https://hashcat.net/wiki/doku.php?id=fre...pt_volumes TrueCrypt and VeraCrypt extraction is the same
Ok, it looks like it is not possible to get the hash with a Windows OS. Can anyone tell me the command to do this on linux? I'm using Ubuntu in a VM. Sorry, but I never used Linux, so please be patient Smile

For a first test, I encrypted a partition on a USB flashdrive with the default "hashcat" password. How can I save the hash from the encrypted partition into a .vc file, similar to the example hashes?
Reply
#6
Meanwhile i figured out to extract the hash via
Code:
dd if=\\?\Device\HarddiskVolume12 of=hash.txt bs=512 count=1
Besides some unreadable text, there was the information that
Quote:error reading data medium
BOOTMGR compressed
restart with Strg+Alt+Del
How can I get access to this volume?
Reply
#7
If you want to crack a bootable crypted partition, please re-read the section about it in the link I posted. The details are listed inside.

Here's maybe more help: https://hashcat.net/forum/thread-5699-po...l#pid32610
Reply
#8
Quote:If you want to crack a bootable crypted partition
No, I don't want to crack a bootable crypted partition. It is a simple, non-bootable crypted partition on a external (USB) device. To be exact, the device has got 2 partitions, one of them is formated as NTFS, the other one is encrypted.
Reply
#9
If that's the case you shouldn't be able to find the string "BOOTMGR compressed" etc on the encrypted volume. Maybe you are trying to extract the "hash" from the wrong partition?
Reply
#10
Quote:Maybe you are trying to extract the "hash" from the wrong partition?
Hmm, maybe that's the reason. I chose another partition in dd, now the text contains just weird symbols. But how can I be sure that I extracted the right hash? I thought there is some information in the hash (e.g. some text like "veracrypt bootloader", similar to the procedure on this page). Do I need a HEX viewer or something like this?
Reply