hashcat Forum Support hashcat v
Hashcat cannot find my own password (password kwown) on TrueCrypt 7.1a file volume

Thread Closed 
Threaded Mode
Hashcat cannot find my own password (password kwown) on TrueCrypt 7.1a file volume
Buffarnaud Offline
Junior Member
**
Posts: 6
Threads: 1
Joined: Jan 2018
#1
Brick  01-05-2018, 11:47 AM
Hello there

I looked around that forum but didn't find my answer.

I try to use Hashcat to run some tests and attacks on differents files (TrueCrypt / RAR / ZIP / 7z)

After all, I would to manage with the rights commands, and finally tried my own test.

I created my own encrypted file with TrueCrypt 7.1, with an easy password.

The password I used is : "easy1234"

Could you believe that even with the command with the right password, Hashcat cannot recovery the password and stays at Exhausted status ?

I tried everything :


./hashcat -m 6211 easy.tc -a 3 easy1234
./hashcat -m 6212 easy.tc -a 3 easy1234
./hashcat -m 6213 easy.tc -a 3 easy1234
./hashcat -m 6221 easy.tc -a 3 easy1234
./hashcat -m 6222 easy.tc -a 3 easy1234
./hashcat -m 6223 easy.tc -a 3 easy1234
./hashcat -m 6231 easy.tc -a 3 easy1234
./hashcat -m 6232 easy.tc -a 3 easy1234
./hashcat -m 6233 easy.tc -a 3 easy1234
./hashcat -m 6241 easy.tc -a 3 easy1234
./hashcat -m 6242 easy.tc -a 3 easy1234
./hashcat -m 6243 easy.tc -a 3 easy1234

Running Hashcat v4.0.1-78-g185104b on Mac OS X (Sierra)


I am thinking maybe Iam wrong on the hash selection, but for me Hashcat isn't able to recovery a kwown-password.

I confirm when I open the file with the real TrueCrypt software I can open it with the right password.

Does anyone already managed with old TrueCrypt files ? any help about that

Thank you very much
Find
Buffarnaud Offline
Junior Member
**
Posts: 6
Threads: 1
Joined: Jan 2018
#2
01-05-2018, 12:14 PM
Hi

after looking more. It seems that I may have to get the first 512 Bytes of the file

Through the dd command.

Do I need to extract the hash of the TrueCrypt file first ?
Find
philsmd Offline
I'm phil
******
Posts: 2,268
Threads: 16
Joined: Feb 2013
#3
01-05-2018, 12:20 PM
This question even made it into the MOST frequently asked questions (that means it is very easy to find the answer to this question because there are dozens of forum posts etc discussing the same question):
https://hashcat.net/wiki/doku.php?id=fre...pt_volumes
Find
Buffarnaud Offline
Junior Member
**
Posts: 6
Threads: 1
Joined: Jan 2018
#4
01-05-2018, 12:29 PM
Hi

Yes I am finding some similar cases ...

Sorry for that.

I will write my solution here later.
Find
Buffarnaud Offline
Junior Member
**
Posts: 6
Threads: 1
Joined: Jan 2018
#5
01-05-2018, 01:53 PM
Continuying my steps.

It looks like my devices and OpenCL may be wrong.

From there : https://github.com/hashcat/hashcat/issues/610

Running on Mac OS, all the tests failed. Maybe because of this message : * Device #2: ATTENTION! OpenCL kernel self-test failed.

I am going to try out with a linux-debian system
Find
Buffarnaud Offline
Junior Member
**
Posts: 6
Threads: 1
Joined: Jan 2018
#6
01-05-2018, 03:12 PM
Finally

I found the solution.

Running on a Mac consists to use GPU though intel (worst than Nvidia or others)

And Hashcat select the GPU before CPU

I tried to force to use CPU with the -d parameter, didn't work

But the right parameter is : -D (and the device number)

My last command which cracked the password :
./hashcat -D 1 -a 3 -m 6211 easy.tc easy?d?d?d?d

Used the CPU, and found "easy1234" Big Grin

Now I continue with my others files ^^
Find
Thread Closed