11-01-2018, 07:20 PM
Hi,
as from the topic you might gather, this probably isn't the typical use-case for hashcat (or at least that's my understanding), but my problem is kind of inverse from the usual cracking problem. Short story long, I've had a filesystem corrupted making me unable to recover any of the encrypted Veracrypt files located there. As Veracrypt doesn't have any plaintext headers, it's basically impossible to find the files without going through every block and try to decrypt the first 68 bytes (well, use the first 64 bytes as the salt and then try to decrypt the next four and see if it decrypts to VERA).
So, I know the password and plaintext (VERA), I do not know the salt, KDF nor the cipher. And to top it all, I don't know even where the file is located. Assuming that salt and header have not been corrupted and the files are not extremely fragmented, I should have a chance to recover the data at least partially.
I already made a simple python script using fastpbkdf2 and cryptoplus libraries, but using CPU it's just way too slow (cascade ciphers make the KDF quite slow). Question is, could I utilize hashcat for this purpose? If yes, then I shall delve into hashcat's manuals more deeply, but if not.. could I utilize the OpenCL kernels from hashcat?
Or does my reasoning have a glaring hole somewhere and I just made myself a clown?
as from the topic you might gather, this probably isn't the typical use-case for hashcat (or at least that's my understanding), but my problem is kind of inverse from the usual cracking problem. Short story long, I've had a filesystem corrupted making me unable to recover any of the encrypted Veracrypt files located there. As Veracrypt doesn't have any plaintext headers, it's basically impossible to find the files without going through every block and try to decrypt the first 68 bytes (well, use the first 64 bytes as the salt and then try to decrypt the next four and see if it decrypts to VERA).
So, I know the password and plaintext (VERA), I do not know the salt, KDF nor the cipher. And to top it all, I don't know even where the file is located. Assuming that salt and header have not been corrupted and the files are not extremely fragmented, I should have a chance to recover the data at least partially.
I already made a simple python script using fastpbkdf2 and cryptoplus libraries, but using CPU it's just way too slow (cascade ciphers make the KDF quite slow). Question is, could I utilize hashcat for this purpose? If yes, then I shall delve into hashcat's manuals more deeply, but if not.. could I utilize the OpenCL kernels from hashcat?
Or does my reasoning have a glaring hole somewhere and I just made myself a clown?