LUKS version 2
#1
I think the crux of my problem can be answered with one question: Does Hashcat have support for LUKS2 built into mode 14600? I haven't seen that specifically answered anywhere.

I have a 'chunk' I'm trying to process, and receiving a "File Exists" error, no matter how I generate the file or whatever type of attack I setup (wordlist/straight vs brute force). I am successfully able to start a cracking process on other LUKS data.

I have created the 'hash' file (data block) in 2, 4, and 8 MB chunks. It begins with the magic word LUKS. The hash type can be seen as sha256 at byte 73. Noteworthy vs the Example Hashes, there is no encryption algorithm specified in first couple dozen bytes (specifically in the examples, "aes" at the 9th byte). The first place 'aes' can be seen is in the keyslot detail.

Code:
{"keyslots":{"0":{"type":"luks2","key_size":64,"af":{"type":"luks1","stripes":4000,"hash":"sha256"},"area":{"type":"raw","offset":"32768","size":"258048","encryption":"aes-xts-plain64","key_size":64},"kdf":{"type":"argon2i","time":4,"memory":619193,"cpus":4,"salt":"(45 bytes in here)"}}}

Simplified version of the command I'm using in Hashcat 5.1 (Linux system) is: 
Code:
hashcat -a 0 -m 14600 /path/to/binary_data.raw /path/to/wordlist.txt

Thanks in advance.
Reply
#2
(07-22-2020, 06:45 PM)Loopy Wrote: I think the crux of my problem can be answered with one question: Does Hashcat have support for LUKS2 built into mode 14600?

No. Here's the Github issue: https://github.com/hashcat/hashcat/issues/2178
Reply
#3
(Just realized I apparently never submitted my reply last week.)

Thank you, Womble, for pointing me to that Github issue. I hadn't thought to search there for information. Now I know.

(Also , a sideways thank you to Philsmd in that issue thread for the tip on converting LUKS 2 to LUKS 2. Unfortunately it won't work for me this time due to the use of argon, but might in the future.)
Reply