There is nothing definitive in the release notes. There is an explanation about scrypt, but not about the actual format you need to pass to the app. It would need the footer and start (superblock?) of the encrypted partition so that it can check whether decryption work, but how exactly should they be passed?
I added to the wiki an example hash for -m 8800.
Please see
https://hashcat.net/wiki/doku.php?id=example_hashes , file: hashcat.android43fde
Password is like for all other samples "hashcat".
I extracted that hash from a real smartphone (not just generated "hash").
PS: the hash mode -m 8800 = Android FDE will be renamed to -m 8800 = Android FDE <= 4.3 with next version of oclHashcat (1.31).
Thx
Thanks! (I only saw this today)
So basically, encrypted key, salt and 3 sectors (x512 bytes) from the encrypted partition, right?
Hi, I'm a new user
is it feasible recovering data from encrypted android microsd? Knowing the password of course
I just have the encrypted files copied to my hard drive, no LUKS image file
I found this, seems working only with FDE not microsd though
https://github.com/viaforensics/android-encryption