VeraCrypt with PIM/keyfile seems to be ignored
#1
I probably do a stupid mistake but I could not find out which one it is. The problem: hashcat only find the password on partition/volume with nothing else (pim/key file).

Story/a part of the history:
I tested a bit with VeraCrypt and created some partition/volume encrypted with password and:
a) custom PIM
b) 2 key files
c) custom PIM and 2 key files
and as a result of the problems a fourth one:
d) normal, only password.

Every partition was encrypted with the same password. The first 512 byte of every partition was extracted and given to hashcat to recover the password. The basic command for a) is:
Code:
hashcat64.exe -a 3 -m 13751 [VeraCrypt header] [mask] -o [outputfile] --potfile-path=[potfile] --veracrypt-pim=[pim number] -O -w 4
For key file "--veracrypt-keyfiles=[file1],[file2]" (or "veracrypt-keyf" as suggested from example of help text) was used.

Initially I run every algorithm (13711-13773) over the header of a) to c) in every configuration (no pim/keyf, pim, keyf, pim and keyf), but hashcat found nothing. It is possible to mount the volumes with VeraCrypt without any problem.
After I tested a bit, I add d), ignored the last case (pim and keyf) and reduced the "hash-type" to 13751 because I used AES with SHA256 to create the partitions/volumes.

Now hashcat is able to recover the password, but only for d), however in every case. Thus hashcat find password for d) even if pim or keyf is present. So it seems that hashcat ignores the parameter. To be sure I'm using the right parameter I used copy+paste from help.
I am aware of that hashcat complains about no optimized kernel, thus I removed -O without luck. And I moved the pim/keyf parameter directly after "-m 13751" but nothing changed.

I am not sure what I am doing wrong. I hope you can understand me and my problem and probably even help me. Thank you in advanced.

And just one side question because I already writing this post:
Are there any special constrains for VeraCrypt (besides extracting the right byte and using correct "hash-type")? An example to know what I mean: it's problematic with UTF-16 based hashes and chars above U+000FF because hashcat inserts zero bytes. Thus mask "?b?b" probably does not do what it is meant to do by the user.

used:
- hashcat 5.1.0
- GeForce GTX 1060 with current driver
Reply
#2
What happens if you just use a single keyfile? Which PIM are you using?
Reply
#3
Isn't the order of the parameters messed up here? From the first lines of hashcat --help:

Usage: hashcat [options] hash|hashfile|hccapxfile [dictionary|mask|directory]

Your Header should be at the same position as a hash|hashfile|hccapxfile, so the correct order would be:

hashcat64.exe -a 3 -m 13751 -o [outputfile] --potfile-path=[potfile] --veracrypt-pim=[pim number] -O -w 4 [VeraCrypt header] [mask]
Reply
#4
@NoReply: it doesn't matter where options are, only the order of non-option arguments.
Reply
#5
Thank you for the replays.

I used PIM 2000 and 1337.
Now I created two additional partition, one with PIM 500 and one with a single keyfile. With the same procedure as last time I checked all six partition against "--veracrypt-pim=500" and "--veracrypt-keyfiles=[correct file]". And only the password of the partition without pim and without keyfile could be reconstructed.

And just to be absolutely sure, I modified the arrangement of the parameter, without luck.

Should hashcat print that it use a different pim or used keyfiles? I could not see anything like this.
The parameter name should be correct because hashcat complains about "--veracryptsdf-pim=500" but not with the parameter I used.
Reply
#6
please test also with the beta version from https://hashcat.net/beta

btw: there are also example hashes from https://hashcat.net/wiki/example_hashes (including tests with PIM)
Reply
#7
On the example page I could only found one single example with PIM -- a system partition. I testes 137*3 "hash-type"s but could not find with PIM 500 and mask "hashca?l".

Next I tested the beta version 5.1.0+719 with my test files. The potfile is created by hashcat but it is empty. Depending on my logs hashcat is able to find passwords. Additionally result files are created and on the first view it seems that PIM and keyfiles are used thus the password could be found in the correct header.
Reply
#8
Can confirm that the example hash with pim doesn't work for me (latest git master).

Code:
hashcat -m 13761 hashcat_sha256_aes_boot_pim500.vc --veracrypt-pim 500 -a3 hashca?l
Status...........: Exhausted
Reply
#9
I can't reproduce this locally:

Code:
root@ht:~/hashcat# ./hashcat -m 13761 tools/vc_tests/hashcat_sha256_aes_boot_pim500.vc -a 3 hashca?l --veracrypt-pim 500      
hashcat (v5.1.0-737-gbbae1b53) starting...

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 980, 1010/4042 MB allocatable, 16MCU

OpenCL Platform #2: Intel(R) Corporation
========================================
* Device #2: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, skipped.

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
* Slow-Hash-SIMD-LOOP

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 64

Watchdog: Temperature abort trigger set to 90c

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.  

Cracking performance lower than expected?        

* Append -w 3 to the commandline.
  This can cause your screen to lag.

* Update your OpenCL runtime / driver the right way:
  https://hashcat.net/faq/wrongdriver

* Create more work items to make use of your parallelization power:
  https://hashcat.net/faq/morework

tools/vc_tests/hashcat_sha256_aes_boot_pim500.vc:hashcat
                                                
Session..........: hashcat
Status...........: Cracked
Hash.Name........: VeraCrypt SHA256 + XTS 512 bit + boot-mode
Hash.Target......: tools/vc_tests/hashcat_sha256_aes_boot_pim500.vc
Time.Started.....: Thu Mar 14 10:03:17 2019 (20 secs)
Time.Estimated...: Thu Mar 14 10:03:37 2019 (0 secs)
Guess.Mask.......: hashca?l [7]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:        1 H/s (0.60ms) @ Accel:128 Loops:32 Thr:32 Vec:1
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 26/26 (100.00%)
Rejected.........: 0/26 (0.00%)
Restore.Point....: 0/26 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:1023968-1023999
Candidates.#1....: hashcan -> hashcaq
Hardware.Mon.#1..: Temp: 62c Fan: 35% Util: 94% Core:1278MHz Mem:3004MHz Bus:16

Started: Thu Mar 14 10:03:08 2019
Stopped: Thu Mar 14 10:03:38 2019

@BotPass Please share all files that we need to reproduce
Reply
#10
I was accidentally running 5.1.0, which was unable to crack the example hash file. After updating to master everything works.
Reply