08-24-2019, 09:01 AM
Hello all,
Ive lost the password to a veracrypt encrypted drive, but do have a list of passwords of which Im 99% sure the password is on.
Ive tried cracking the volume directly, but obviously failed.
So I decided to do a test run: I encrypted another USB drive with one of the passwords on the list.
Ive extracted the first 512 bytes using DD for windows, and even the last 512 bytes since the FAQ is not really clear on which one to use. When both of those failed, I even DDd the whole drive and tried that as input for Hashcat, but it never cracks the volume...so I thought: maybe the hash is wrong? So I wrote a script that tries all the possible veracrypt hashes (-m 13711, 13712, 13713 etc etc), but it still always exhausts!
I must be doing something wrong when extracting the hash I guess?
The command I used to extract the hash is
ddrelease64.exe if=\\.\Volume{XXXXXX} of=veracrypt-target.img bs=512 count=1
(for the last sector, similar, but of course used skip to get only the last 512 bytes).
My hashcat command is
hashcat -a 0 -m 13711 test.img list.txt
Can anybody help me? What am I doing wrong?
Many, many thanks for any answers!!
BTW cracking one of the example hashes on the website works
Ive lost the password to a veracrypt encrypted drive, but do have a list of passwords of which Im 99% sure the password is on.
Ive tried cracking the volume directly, but obviously failed.
So I decided to do a test run: I encrypted another USB drive with one of the passwords on the list.
Ive extracted the first 512 bytes using DD for windows, and even the last 512 bytes since the FAQ is not really clear on which one to use. When both of those failed, I even DDd the whole drive and tried that as input for Hashcat, but it never cracks the volume...so I thought: maybe the hash is wrong? So I wrote a script that tries all the possible veracrypt hashes (-m 13711, 13712, 13713 etc etc), but it still always exhausts!
I must be doing something wrong when extracting the hash I guess?
The command I used to extract the hash is
ddrelease64.exe if=\\.\Volume{XXXXXX} of=veracrypt-target.img bs=512 count=1
(for the last sector, similar, but of course used skip to get only the last 512 bytes).
My hashcat command is
hashcat -a 0 -m 13711 test.img list.txt
Can anybody help me? What am I doing wrong?
Many, many thanks for any answers!!
BTW cracking one of the example hashes on the website works