Mode 11300
I'm trying to understand how the hashcat's brute-force attack works for bitcoin wallets (11300). Until now, I have understood how decrypt the secret key:

data = pasw+salt
for i in range(rounds):
    data = sha512(data)
key = data[0:32]
iv = data[32:32+16]
dec = AES(key, CBC_MODE, iv).decrypt(cry_master)

But, how can I know that the decrypted key is the correct one?
the padding is known, we exploit this (padding attack, last few bytes 16 or 8 depending on the wallet type):

or course you need to decrypt the full last blocks with the correct padding (not removing/replacing the padding, "none") to get the full decrypted block and see what the padding bytes are