Veracrypt Bruteforce Guide

TL;DR

This guide explains how to attempt a brute-force attack on a Veracrypt volume password. Warning: This is for educational purposes only and should only be used on volumes you own or have explicit permission to test. Brute-forcing can take extremely long, even with powerful hardware. We’ll cover using Hashcat, which requires a GPU for reasonable speed.

Prerequisites

• Veracrypt Volume: The encrypted volume you want to crack.
• Hashcat: A password cracking tool. Download from https://hashcat.net/
• GPU: A powerful GPU significantly speeds up the process. NVIDIA GPUs are generally preferred due to better support and performance with Hashcat.
• CUDA Toolkit (NVIDIA): If using an NVIDIA GPU, you’ll need the CUDA toolkit installed. Download from https://developer.nvidia.com/cuda-toolkit
• CPU: A reasonably powerful CPU is still needed for some parts of the process, even with a GPU.
• RAM: Sufficient RAM to hold the volume file and Hashcat’s data structures (8GB+ recommended).

Step-by-Step Guide

1. Dump the Veracrypt Volume Header: This is crucial. You need a copy of the header information for Hashcat to work with.
   • Open Veracrypt.
   • Select an empty slot.
   • Click “Volume Tools” then “Dump Volume Contents”.
   • Choose a filename and location to save the dump file (e.g., volume.dmp). The format should be raw (.dmp) or hex (.hex). Raw is generally faster for Hashcat.
   • Click “OK” to start the dumping process.
2. Determine the Veracrypt Algorithm: You need to know which algorithm Veracrypt used when creating the volume.
   • Open Veracrypt and mount the volume (if possible). If you can’t mount it, skip this step.
   • Go to “Tools” -> “Options”.
   • Navigate to the “Encryption” tab.
   • Note the encryption algorithm selected for the volume. Common algorithms include AES, Serpent, Twofish, and TripleDES.
3. Prepare Hashcat: Configure Hashcat with the correct parameters.
   • Open a command prompt or terminal.
   • Use the following Hashcat command structure (replace placeholders with your actual values):

     hashcat -m 1370 volume.dmp ?a?a?a?a?a?a?a?a --algorithm-name aes --force

     • -m 1370: Specifies the Veracrypt hash mode.
     • volume.dmp: The path to your dumped volume file.
     • ?a?a?a?a?a?a?a?a: The password mask. This example tries all 8-character lowercase passwords (a represents a-z). Adjust the length and characters as needed. See Hashcat documentation for more complex masks.
     • –algorithm-name aes: Specifies the encryption algorithm used by Veracrypt. Change this if you determined a different algorithm in Step 2. Other options include serpent, twofish, tripledes etc.
     • –force: Forces Hashcat to start even if it detects potential issues with the hash mode. Use with caution.
4. Run the Attack: Start the brute-force process.
   • Execute the Hashcat command you prepared in Step 3.
   • Hashcat will begin attempting to crack the password. This can take hours, days, weeks, or even years depending on the password complexity and your hardware.
   • Monitor the progress in the command prompt/terminal. Hashcat displays statistics like hashes per second (H/s) and estimated time remaining.
5. Wordlists: Consider using wordlists for faster cracking.
   • Download common password lists from the internet (e.g., RockYou.txt).
   • Modify your Hashcat command to use a wordlist:

     hashcat -m 1370 volume.dmp rockyou.txt --algorithm-name aes

6. Rules: Apply rules to modify the wordlist.
   • Hashcat supports rules that can add numbers, symbols, and capitalization to words in a list.

     hashcat -m 1370 volume.dmp rockyou.txt --algorithm-name aes --rules best64.rule

     • –rules best64.rule: Uses the ‘best64’ rule set, which is a common and effective choice.

Important Considerations

• Time: Brute-forcing can take an extremely long time. Be prepared for potentially lengthy execution times.
• Hardware: A powerful GPU is essential for reasonable cracking speeds.
• Password Complexity: Longer and more complex passwords are significantly harder to crack.
• Legal Implications: Only attempt to crack passwords you own or have explicit permission to test. Unauthorized access is illegal.
• Hashcat Documentation: Refer to the official Hashcat documentation for advanced options and troubleshooting: https://hashcat.net/wiki/