Can I restore old header keys for logical volume using dd command? (Veracrypt)
#1
I've been trying to crack Veracrypt password for logical volume (full disk encryption) using hashcat, but with no success. My wordlists don't fit, but definitely I do everything correctly because I've cracked hash with old password from old rescue disk.
My question is: if I use dd command on linux to overwrite hash on disk using hash file from old rescue disk, will I be able to use old password? I've read it's possible to restore old headers for all kinds of encrypted volumes except logical volume (when trying to restore, old rescue disk says "Invalid parameter"). 
I mean, is restoring old header for logical volume from old rescue disk just blocked to prevent doing so from rescue disk, or it's blocked because old header won't work anyway?
If won't work, could you please explain me why?
Reply
#2
This is not a veracrypt support forum. Why not make a backup and try?
Reply
#3
I know it's not veracrypt forum, but nobody gave the me the answer when I asked on veracrypt forum, also I though that "Misc › General Talk" forum part is a place where I can ask about things less connected to hashcat itself, and most importantly, on this fouom I always got satisfying answer very quickly, people here are helpful and understand encryption issues well. So I decided to ask here Smile
Do you mean header backup or disk backup?
Disk backup would be a problem atm, I have 1TB encrypted disk and 2TB external drive. I'm new to linux and it would take a few more days to work out how to make a backup. Ive tried cloning my whole disk to Free Space on external drive using dd command, but it's still invisible (still Free space), I would have to spend a few days to make it work . on the other hand my external drive doesn't allow me to install windows on I'm not sure it would work later after copying to external drive.
If u meant make a backup of original header, I already have it. But I'd like to know if logging using old header and password won't make other problems.

Restoring old header would solve my problem immediataly Smile
Reply
#4
You would only need to backup the part you are overwriting with the backup header. If it decrypts it decrypts.
Reply
#5
To make it sure, backup header = hash, right? 512B?
So u r sure it's safe and in worst case it will just not work and I can repait it by restoring current header?
Reply
#6
By backup header I mean backup whatever you are overwriting. You need to know what that is. And yes, in the worst case it will simply fail to unlock.
Reply
#7
Ok big thanks Smile I'll try it now, Im tired of hascating and 15 worthless wordlists.
Reply
#8
Restoring old header didn't help Smile but I still understand why, restoring old header for non-system volumes allows using old password.
Reply