Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hashfile 'header.luks': Invalid LUKS version #2178

Open
1337ctrl opened this issue Sep 2, 2019 · 4 comments

Comments

@1337ctrl
Copy link

@1337ctrl 1337ctrl commented Sep 2, 2019

I'm trying to brute-force a LUKS encrypted drive through mask attack but I'm getting this error:

"Hashfile 'header.luks': Invalid LUKS version"

I'm running hashcat 5.1.0 on Debian Buster 64bits.

I extracted the header this way (Also tried with a larger dump but output didn't changed):

sudo dd if=/dev/disk/by-id/ata-drive-id of=header.luks bs=512 count=4097

This is the command I'm running:

./hashcat64.bin -m 14600 -a 3 -w 3 header.luks -1 ?d partialPass?1?1?1?1?1

The file system inside the drive is ZFS (The drive is part of a RAID 1+0, is ZFS supported??). Is this an error or hashcat does not support LUKS version 2? I checked the forum post by atom and the hash, cipher, mode and key size is supported. Below I attach the luksDump output.

LUKS header information
Version:       	2
Epoch:         	3
Metadata area: 	16384 [bytes]
Keyslots area: 	16744448 [bytes]
UUID:          	140fbaa5-c526-4691-baa8-021679ccde92
Label:         	(no label)
Subsystem:     	(no subsystem)
Flags:       	(no flags)

Data segments:
  0: crypt
	offset: 16777216 [bytes]
	length: (whole device)
	cipher: aes-xts-plain64
	sector: 512 [bytes]

Keyslots:
  0: luks2
	Key:        512 bits
	Priority:   normal
	Cipher:     aes-xts-plain64
	Cipher key: 512 bits
	PBKDF:      argon2i
	Time cost:  8
	Memory:     1048576
	Threads:    4
	Salt:       20 ca e5 72 e6 05 81 b8 3c 3d fe 55 0d 10 bf 4c 
	            58 3b 70 d0 35 8e 5a 1d da b7 3f e1 0b f3 63 61 
	AF stripes: 4000
	AF hash:    sha256
	Area offset:32768 [bytes]
	Area length:258048 [bytes]
	Digest ID:  0
Tokens:
Digests:
  0: pbkdf2
	Hash:       sha256
	Iterations: 144035
	Salt:       b8 45 31 1b 6c 14 2e 26 6e 24 39 28 91 8c b7 67 
	            50 55 c0 7f bf 63 65 e4 c6 9a 36 e9 aa c2 7d eb 
	Digest:     b1 df 0c 1b c2 61 46 02 ac fd 08 c4 82 2b db 21 
	            e7 13 e4 fe 7b eb 8e bf 3a e4 db b1 0c 06 43 f7 

@1337ctrl

This comment has been minimized.

Copy link
Author

@1337ctrl 1337ctrl commented Sep 3, 2019

After further research I traced the error string in the source code, this is the function that prints it. I believe this means that LUKS Version 2 is not supported?

File: src/modules/module_14600.c Lines: 404-409


  if (byte_swap_16 (hdr.version) != 1)
  {
    hc_fclose (&fp);

    return (PARSER_LUKS_VERSION);
  }
@philsmd

This comment has been minimized.

Copy link
Member

@philsmd philsmd commented Sep 5, 2019

duplicate of this older issue: #1895 ?

should we close this ?

@jsteube

This comment has been minimized.

Copy link
Member

@jsteube jsteube commented Nov 5, 2019

It's a duplicate, but I am closing original #1895. This issue has a better level of detail.

@jsteube jsteube mentioned this issue Nov 5, 2019
@philsmd

This comment has been minimized.

Copy link
Member

@philsmd philsmd commented Nov 8, 2019

I had a glance now at the details of LUKS2 header and the changes needed for this issue.

there are some good and bad news:

Firstly (the good news), you can just convert LUKS2 images/volumes to LUKS1 (at least good for testing purposes but maybe also for some cracking purposes) by just running:

cryptsetup convert --type luks1 test.img

The luksDump now shows that this is a correct LUKS1 container. The problem here is that LUKS1 of course only supports PBKDF2 for the key derivation function (KDF), but LUKS2 supports argon2i, argon2id and pbkdf2.
Therefore, the "convert" command only works if you have a LUKS2 volume using PBKDF2 as a KDF, otherwise it will give an error.

The bad news is that even if the OP (@1337ctrl ) claims that everything (cipher, hash, mode etc) should be supported already by hashcat, this is absolutely not true. Your example shows:

PBKDF:      argon2i

but hashcat does NOT support this hashing algorithm yet (#1966 etc).

so it would be quite difficult to get LUKS2 working and before that we would need to implement the hashing algos argon2i, argon2id.

volumes/disks/containers/files using PBKDF2 with LUKS2 should work with the convert trick above, or we could write an alternative parser to extract the JSON (yes JSON is used in LUKS2) data (digest/salt/iter) from the LUKS2 header (this wouldn't be impossible to do, but we would need to either use a JSON parser or somehow dirtily "grep"/search for the important data in the keyslot/digest JSON data).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.