Veracrypt boot volume - decryption possible? Parts of pw known
#1
Hello,

I had encrypted my notebook years ago as a boot volume. I try to get the password now, I remember most parts of it but some information is lost.
On this notebook is a bitcoin walett + password in text file with about 0,25-0,5 BTC.

Password length is max. 35. And I remember about 25. Is it possible to brute force it? I dont want to make on my own cause it needs to much time with my (not existing) experience.

Is there a service who offer suchs things? Or a user who want to try? I can bid the half of the money if someone get the password.

Greetings

Sepp
Reply
#2
So, what is encrypted is just the boot volume or the boot volume plus the whole OS including all your files?
Reply
#3
As far as I know the complete HDD incl. the important data.

Is it possible and is there someone who can do this?
Reply
#4
it's rather a question whether this is feasible or not. This depends on how confident you are about the 25 known prefix/characters and how random the remaining part is.

It's not feasible if the 10 chars are completely random characters and from a large character set (a lot of different likely characters). On the other hand, if also the 10 chars are from a word list, it's a completely different story.

So my suggestion is to step back a little bit and think again about how feasible and random the remaining part is and if maybe you might be able to remember more about the remaining 10 characters at the end of the password.

hashcat supports 2 different VeraCrypt boot-mode :

Code:
-m 13743 = VeraCrypt RIPEMD160 + XTS 1536 bit + boot-mode
-m 13763 = VeraCrypt SHA256 + XTS 1536 bit + boot-mode

so it depends whether you've created the boot medium with the RIPEMD160 hashing algorithm or with SHA256 (these are options/selections when setting up the volume). Maybe you remember the exact type, that would be great.

I also highly suggest to do an extra little exercise (in my humble opinion it's not really optional, but very, very recommended) and step back again and create a similar boot medium (a new HDD/SDD for instance) as an example and try to encrypt that with similar options and a "similar" password and try to crack it with hashcat. This helps a lot to get confident and see if everything should and does work, the way you might expect it with the real/target encrypted volume.
Only if you are able to crack your sample, you should move on and try to crack the real medium (dictionary attack with rules or in your specific case also a combinator/hybrid attack, see hashcat wiki).

Of course, you shouldn't confuse one volume with the other, so make backups of the important data and keep your data and hash files clearly separate and backed up from "just" your test volume. (of course cracking the sample with known password doesn't necessarily mean that your target/original hash can be cracked as easily, it could be infeasible when the keyspace and the computing power are the limiting factors and make it infeasible).
Reply