mirror of
https://github.com/hashcat/hashcat.git
synced 2024-11-18 06:08:16 +00:00
66 lines
1.8 KiB
Python
Executable File
66 lines
1.8 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
|
|
#
|
|
# Author......: See docs/credits.txt
|
|
# License.....: MIT
|
|
#
|
|
|
|
from argparse import ArgumentParser, ArgumentTypeError
|
|
|
|
|
|
SALT_LENGTH = 64
|
|
DATA_LENGTH = 448
|
|
HEADER_LENGTH = SALT_LENGTH + DATA_LENGTH
|
|
|
|
SIGNATURE = "$truecrypt$"
|
|
|
|
BOOTABLE_OFFSET = 31744 # 62 * 512
|
|
HIDDEN_OFFSET = 65536 # 64K
|
|
|
|
|
|
def validate_offset(offset):
|
|
# see also https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#how_do_i_extract_the_hashes_from_truecrypt_volumes
|
|
if offset == "bootable":
|
|
offset = BOOTABLE_OFFSET
|
|
elif offset == "hidden":
|
|
offset = HIDDEN_OFFSET
|
|
elif offset == "bootable+hidden":
|
|
offset = BOOTABLE_OFFSET + HIDDEN_OFFSET
|
|
try:
|
|
offset = int(offset)
|
|
except ValueError as e:
|
|
raise ArgumentTypeError("value is nether number nor allowed string") from e
|
|
if offset < 0:
|
|
raise ArgumentTypeError("value cannot be less than zero")
|
|
return offset
|
|
|
|
|
|
if __name__ == "__main__":
|
|
parser = ArgumentParser(description="truecrypt2hashcat extraction tool")
|
|
parser.add_argument(
|
|
"--offset",
|
|
default=0,
|
|
type=validate_offset,
|
|
required=False,
|
|
help="select between bootable, hidden, bootable+hidden or custom one (default: 0)",
|
|
)
|
|
parser.add_argument("path", type=str, help="path to TrueCrypt container")
|
|
|
|
args = parser.parse_args()
|
|
|
|
try:
|
|
with open(args.path, "rb") as file:
|
|
file.seek(args.offset)
|
|
|
|
header = file.read(HEADER_LENGTH)
|
|
|
|
if len(header) < HEADER_LENGTH:
|
|
parser.error("file contains less data than needed")
|
|
|
|
salt, data = header[:SALT_LENGTH], header[SALT_LENGTH:]
|
|
|
|
hash = SIGNATURE + salt.hex() + "$" + data.hex()
|
|
print(hash)
|
|
except IOError as e:
|
|
parser.error(e.strerror.lower())
|