VeraCrypt Brute Force: Password Recovery

TL;DR

This guide shows how to attempt a brute-force attack on a VeraCrypt volume when you’ve forgotten the password and don’t have a rescue disk. It uses Hashcat, a powerful password cracking tool. Warning: This is time-consuming and may not succeed. It also carries risks if done incorrectly; back up any important data before attempting this.

Prerequisites

• A VeraCrypt volume file (.vc) or partition.
• Hashcat installed on your system. (https://hashcat.net/wiki/)
• Basic command-line knowledge.
• Sufficient processing power (GPU recommended).

Step 1: Determine the VeraCrypt Hash Algorithm

You need to know which hash algorithm VeraCrypt used when creating the volume. If you remember, great! Otherwise, we’ll try common ones.

• Common algorithms include SHA-256, SHA-512, bcrypt, scrypt, and Argon2id.

Step 2: Dump the VeraCrypt Volume Hash

VeraCrypt provides a way to dump the hash needed for cracking.

1. Open VeraCrypt.
2. Select an empty slot in the volume list.
3. Click “Volume Tools” and then “Dump Volume Header”.
4. Choose your VeraCrypt volume file (.vc).
5. Specify a filename for the hash dump (e.g., volume.txt). Make sure you know where this is saved!
6. Click “OK”. This creates a text file containing the necessary hash information.

Step 3: Prepare Hashcat

Hashcat needs to know what kind of hash it’s dealing with.

1. Open a command prompt or terminal.
2. Navigate to the directory containing your volume.txt file and Hashcat executable.

Step 4: Run Hashcat – Basic Attack

This is where you start the brute-force attempt. We’ll begin with a simple wordlist attack.

hashcat -m 1600 volume.txt ?a?a?a?a?a?a rockyou.txt

• -m 1600: Specifies the VeraCrypt hash mode (SHA-256 is often a good starting point). Change this if you know the correct algorithm! See https://hashcat.net/wiki/doku.php?id=example_hashes for other modes.
• volume.txt: The hash dump file created in Step 2.
• ?a?a?a?a?a?a: This is a mask representing the password length (6 characters in this example). Adjust as needed.
• rockyou.txt: A common wordlist containing many passwords. You may need to download this separately (https://github.com/rockyou) or use a different wordlist.

Important: Replace 1600 with the correct hash mode and adjust the mask (?a?a?a…) to match your estimated password length.

Step 5: Run Hashcat – Rule-Based Attack

If a simple wordlist attack fails, try using rules to modify the words in the list. This can significantly increase your chances of success.

hashcat -m 1600 volume.txt ?a?a?a?a?a?a rockyou.txt -r /path/to/rules/best64.rule

• -r /path/to/rules/best64.rule: Specifies a rule file to apply transformations to the wordlist. Hashcat comes with many built-in rules; explore the rules/ directory in your Hashcat installation.

Step 6: Monitor Progress and Adjust

Hashcat will display its progress on the screen.

• Pay attention to the hash rate (hashes per second). A higher rate means faster cracking.
• If the hash rate is low, consider using a more powerful GPU or optimizing your Hashcat configuration.
• If you’ve been running for a long time with no results, try different hash algorithms, password lengths, and wordlists/rules.

Step 7: If Password Found

If Hashcat successfully cracks the password, it will display it on the screen.

• Use this password to open your VeraCrypt volume.

Important Considerations

• Time: Brute-force attacks can take days, weeks, or even months depending on the password complexity and available hardware.
• Hardware: A powerful GPU significantly speeds up the cracking process.
• Wordlists & Rules: The quality of your wordlist and rules is crucial. Experiment with different options.
• Backups: Always back up any important data before attempting a brute-force attack, as there’s a small risk of data corruption.