Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
I'm trying to brute-force a LUKS encrypted drive through mask attack but I'm getting this error:
I'm running hashcat 5.1.0 on Debian Buster 64bits.
I extracted the header this way (Also tried with a larger dump but output didn't changed):
This is the command I'm running:
The file system inside the drive is ZFS (The drive is part of a RAID 1+0, is ZFS supported??). Is this an error or hashcat does not support LUKS version 2? I checked the forum post by atom and the hash, cipher, mode and key size is supported. Below I attach the luksDump output.
After further research I traced the error string in the source code, this is the function that prints it. I believe this means that LUKS Version 2 is not supported?
File: src/modules/module_14600.c Lines: 404-409
I had a glance now at the details of LUKS2 header and the changes needed for this issue.
there are some good and bad news:
Firstly (the good news), you can just convert LUKS2 images/volumes to LUKS1 (at least good for testing purposes but maybe also for some cracking purposes) by just running:
The luksDump now shows that this is a correct LUKS1 container. The problem here is that LUKS1 of course only supports PBKDF2 for the key derivation function (KDF), but LUKS2 supports argon2i, argon2id and pbkdf2.
The bad news is that even if the OP (@1337ctrl ) claims that everything (cipher, hash, mode etc) should be supported already by hashcat, this is absolutely not true. Your example shows:
but hashcat does NOT support this hashing algorithm yet (#1966 etc).
so it would be quite difficult to get LUKS2 working and before that we would need to implement the hashing algos argon2i, argon2id.
volumes/disks/containers/files using PBKDF2 with LUKS2 should work with the convert trick above, or we could write an alternative parser to extract the JSON (yes JSON is used in LUKS2) data (digest/salt/iter) from the LUKS2 header (this wouldn't be impossible to do, but we would need to either use a JSON parser or somehow dirtily "grep"/search for the important data in the keyslot/digest JSON data).