Hello,
I want to use hashcat to obtain my forgotten password for an old hidden TrueCrypt container which ueses two keyfiles.
I created a testfile with a hidden container and known key which is found successfully. However, as soon as I add keyfiles I get
This is my command line:
Of course, the files exist and are definitely the correct ones (I can mount the container via TrueCrypt).
However, what freaks me out a bit more is that it doesn't seem to matter which files I supply. In fact, --truecrypt-keyfiles does seem to be ignored completely. For example, I do:
where XXX does not exist and I get the identical output (no error message that key file can't be found but Status: Exhausted).
Can it be that --truecrypt-keyfiles is broken?
Thanks!
EDIT: I looked into the source and it seems there is indeed no warning/error if a file cannot be read -- via (hc_path_read (keyfile)). I tried it with just one file, gave it a simple name (TC) and I am absolutely confident the file exists and is readable. Also, it seems hashcat generates a cumulative CRC32 sum among all keyfiles: cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); .... looks correct at a first glance. Please help me on this! Thanks!
I want to use hashcat to obtain my forgotten password for an old hidden TrueCrypt container which ueses two keyfiles.
I created a testfile with a hidden container and known key which is found successfully. However, as soon as I add keyfiles I get
Code:
Status...........: ExhaustedThis is my command line:
Code:
hashcat --status -m 6213 -a 0 -w 3 --truecrypt-keyfiles="2012/files/Küdo.pdf,2012/files/File Number Two.txt" 2012/2012-test5-hash-hidden 2012/dict_inner.txtOf course, the files exist and are definitely the correct ones (I can mount the container via TrueCrypt).
However, what freaks me out a bit more is that it doesn't seem to matter which files I supply. In fact, --truecrypt-keyfiles does seem to be ignored completely. For example, I do:
Code:
hashcat --status -m 6213 -a 0 -w 3 --truecrypt-keyfiles=XXX 2012/2012-test5-hash-hidden 2012/dict_inner.txtwhere XXX does not exist and I get the identical output (no error message that key file can't be found but Status: Exhausted).
Can it be that --truecrypt-keyfiles is broken?
Thanks!
EDIT: I looked into the source and it seems there is indeed no warning/error if a file cannot be read -- via (hc_path_read (keyfile)). I tried it with just one file, gave it a simple name (TC) and I am absolutely confident the file exists and is readable. Also, it seems hashcat generates a cumulative CRC32 sum among all keyfiles: cpu_crc32 (keyfile, (u8 *) tc->keyfile_buf); .... looks correct at a first glance. Please help me on this! Thanks!