[Solved] Invalid LUKS filesize
#1
Hi,

I have this output when I try to bruteforce luks header of my pendrive

Code:
hashcat@gentoo.org ~/Luks $ hashcat -a 3 -m 14600 4G-header dict.txt


hashcat (v4.0.1) starting...

* Device #1: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetFanSpeed(): Not Supported

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce 940M, 500/2002 MB allocatable, 3MCU

Hashfile '4G-header': Invalid LUKS filesize
No hashes loaded.

Started: Sun Jan 14 15:31:57 2018
Stopped: Sun Jan 14 15:31:57 2018

What's wrong?

Time ago could run successfully but now doesn't work for me.

Regards.
#2
How large is the file called 4G-header ? as you can see here https://hashcat.net/forum/thread-6225-po...l#pid33187 it should be 4097 sectors large (each sector is 512 bytes, therefore a total of 512 * 4097 bytes which is about 2MB).
#3
Thanks for response @philsmd

Code:
sudo cryptsetup luksHeaderBackup --header-backup-file 4G-header /dev/sdc2


-r-------- 1 root     root     1052672 ene 14 14:28 4G-header
#4
That's not how you can extract the data. You need to provide to hashcat not only the header/metadata but also some part of the encrypted data. If you reduce it to only the first bytes (metadata), hashcat can't verify if the decryption worked correctly.
I'm not sure where you read that the "luksHeaderBackup" method of cryptsetup is able to extract the data that hashcat needs. It's definitely not correct.
The guide is very clear: you need the whole header + some data from the disk/volume: https://hashcat.net/forum/thread-6225-po...l#pid33187 (otherwise, as said, hashcat can't verify if the password was correct).
#5
(01-15-2018, 09:15 AM)philsmd Wrote: The guide is very clear: you need the whole header + some data from the disk/volume: https://hashcat.net/forum/thread-6225-po...l#pid33187

this needs to be on the wiki
#6
Damm, I'm a bit confused.

Sorry.