Hi everyone,
in the last 2 days i tried to figure out, how to crack my encrypted partition. My 1st problem is: how do I get the hash of the password used for the encryption? If I'm right, the hash of the password is the basic to crack it. I'm using Win 8.1. The partition is encrypted with AES+SHA512.
I looked in several other posts, but every post I found to encrypted partitions, was closed or not online anymore.
Thanks!
Quote:https://hashcat.net/wiki/doku.php?id=fre...pt_volumes TrueCrypt and VeraCrypt extraction is the same
Ok, it looks like it is not possible to get the hash with a Windows OS. Can anyone tell me the command to do this on linux? I'm using Ubuntu in a VM. Sorry, but I never used Linux, so please be patient
For a first test, I encrypted a partition on a USB flashdrive with the default "hashcat" password. How can I save the hash from the encrypted partition into a .vc file, similar to theĀ
example hashes?
Meanwhile i figured out to extract the hash via
Code:
dd if=\\?\Device\HarddiskVolume12 of=hash.txt bs=512 count=1
Besides some unreadable text, there was the information that
Quote:error reading data medium
BOOTMGR compressed
restart with Strg+Alt+Del
How can I get access to this volume?
Quote:If you want to crack a bootable crypted partition
No, I don't want to crack a bootable crypted partition. It is a simple,
non-bootable crypted partition on a external (USB) device. To be exact, the device has got 2 partitions, one of them is formated as NTFS, the other one is encrypted.
If that's the case you shouldn't be able to find the string "BOOTMGR compressed" etc on the encrypted volume. Maybe you are trying to extract the "hash" from the wrong partition?
Quote:Maybe you are trying to extract the "hash" from the wrong partition?
Hmm, maybe that's the reason. I chose another partition in dd, now the text contains just weird symbols. But how can I be sure that I extracted the right hash? I thought there is some information in the hash (e.g. some text like "veracrypt bootloader", similar to the procedure on
this page). Do I need a HEX viewer or something like this?