Using DD to get the hash of a non-system partition encrypted by VeraCrypt

[stumpped]

Hello,


I am trying to use DD for Windows to obtain the hash of a non-system partition that was encrypted via Veracrypt, but have run into a bit of a problem.
 
The command I used to get the hash of the encrypted partition looks like this

Code:

dd if=\\?\Device\HarddiskVolume11 of=hash_output.txt bs=512 count=1

 
And from what I read in the FAQ on your site, this command should create a file called hash_output.txt that contains the encrypted hash that should, for example, look something similar to this:
 

Code:

(Šö÷…o¢–n[¨hìùlŒ‡¬»J`<Q›þIšê1ªCúÍbÔcN„ÐŒ3+d.dWr€-¡tä66¶ˆÎ...

 
However, the output I am getting when issuing the DD command above looks more like this:
 

Code:

fb55 d397 2879 2f55 7653 24a3 c250 14d3
3711 7109 e563 617f ab73 f11a 3469 33bb
....
....
....

Which is obviously not the hash I was expecting so I am hoping someone might be able to help me figure out what I am doing wrong.
 
Some things to note:
·      I am 100% positive that the drive I am selecting in the DD command is the right drive.
·      There is only 1 encrypted partition on the drive that spans the entire size of the drive.
·      There is no physical / functional damage to the drive which would cause this issue.
·      This on an external 1tb drive that is connected via usb 3.0 (I have tried other cables and ports).
·      The same DD command worked fine for a test drive that I encrypted using the same parameters that were set for this drive.

[atom]

You're right the information on the wiki is not fully correct. Use bs=512 count=4097 (not a typo)

[stumpped]

You're right the information on the wiki is not fully correct. Use bs=512 count=4097 (not a typo)

Thanks, but that just seems to have created an even bigger file that looks like the hex dump example from before. For example:

Code:

....
....
....
a0f6 cc30 2e86 aa0a 1feb e271 f3fd 186b
0d4f 80c8 33e9 38be 8fc8 330e b271 77aa
7eac eb13 6b92 1b07 6504 ed12 6eda f206
de06 4585 c212 6eb8 2217 24f9 4235 4c49
1435 9c5c 5e52 e569 f418 3912 18e5 8205
cd0f 72fa a3e1 bbc9 c714 a900 4de5 8d1e
2f8c 9b6d bc97 3e6c 71f5 21c0 0320 dbe7
fb55 d397 2879 2f55 7653 24a3 c250 14d3
3711 7109 e563 617f ab73 f11a 3469 33bb
a1de 0263 69a6 4090 d521 d818 a338 d7f7
4f3d 484e 82d0 6323 924c 8988 fb17 29dd
973f bbe7 daf6 9ffc 0ba5 adb9 25ee 4fea
d196 a43d 3495 55f1 85b9 f6be 35f8 0237
f5b8 4849 84e1 d6ee 14dd fc3d 9774 c11b
8f45 79da d361 36c6 e7a2 840e 42b3 a945
0acd d310 55f5 9213 14c7 cd29 4c1a 08ac
03df e1f1 8b1c 9af0 c502 4f89 d0fe 629e
358a 6861 20d4 1151 7fdc 3771 1da8 3524
ebff 4609 f002 6ea1 d6b3 bbab 0518 0276
d6a4 afa2 0519 cc2f 4c2d b80f fb60 5e37
b873 9848 5eb1 a16c 459f 24e6 ee4d c22c
e8c1 a2c9 32b9 18a4 7f7b 3e29 c88a b6de
c3b2 91aa 5fe0 8de6 88cb 7ab5 1064 6d29
e95a 4a1e d786 2304 61b7 4df9 8034 5f9e
043e fc32 fdbd a2a4 ce05 4c6f 002f 3a0b
5725 2620 ea06 7438 5f52 fea6 221f d955
eb4f 3d6e c161 0617 56b8 04e6 2050 0ff3
a980 412a ff61 1a0b 9054 214d 5cdd 29a8
3ec8 8ee8 de6d f455 74fb 39b1 dbef 0276
a5eb 6f79 3596 12a7 eb14 016e efad c402
01e3 dec9 b500 6148 6474 3d17 84f6 46e7
e0f9 b3ff cab7 0059 5df3 79a8 e6e1 72d6
f747 1653 fa86 afa9 93c5 c9fe 7498 1ff4
f86c 4912 21cc 064e 872a c79e 0cac ae32
b28f 3e5b 8bb1 c9f1 c4b1 a862 2d71 46dd
e6b3 1612 7a99 98c0 0432 f39a aac2 df0a
....
....
....

This can't be the right output ..... Right ?

[undeath]

if your dd in fact spits out ascii-hex it's probably broken