John the Ripper and partially known password bruteforce

[SickDayIn]

I highly recommend to use Hashcat instead of JohnTheRipper. Hashcat is an extremely powerful hash cracking tool and it supports Diskcryptor hashes. You can also use an advanced mask configuration to assist with the brute force process, adding in the characters you believe are already in place. Reference for Hashcat: https://hashcat.net/wiki/doku.php?id=hashcat

Hashcat works with "modes" with the "-m" flag for the command, so you can pick from the following modes for Diskcryptor:

  20011 | DiskCryptor SHA512 + XTS 512 bit                          
  20012 | DiskCryptor SHA512 + XTS 1024 bit                        
  20013 | DiskCryptor SHA512 + XTS 1536 bit

To perform the mask attack, with the "-a 3" flag for the command, using the information you already know about the password you can follow this guide for more information: https://hashcat.net/wiki/doku.php?id=mask_attack

For example this is the chat set for mask attacks:
?l = abcdefghijklmnopqrstuvwxyz
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d = 0123456789
?h = 0123456789abcdef
?H = 0123456789ABCDEF
?s = «space»!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
?a = ?l?u?d?s
?b = 0x00 - 0xff

Your final command to crack a Diskcryptor hash might look like:

hashcat.exe -m 20011 -a 3 <mask> <hash>


Edit: Also if you don't have sufficient compute on your personal device, you can rent AWS spot GPUs to assist with rapidly cracking and just pay by the hour. Once you build the right mask this should take a day or so to compete. I've gone through a 10 trillion keyspace cracking hashes with Hashcat on AWS resources in a few hours. Yours should be much less given you know some of the password.
 

[JackMazzoni]

Hashcat is much faster than john the ripper.

[Mushai]

have you extract the hash and how long should your password approximately be?

What You mean by extracting hash? DiskCryptor uses choice of 3 user selectable hash algorithms together with random plaintext salt to derive header encryption key that unlocks a header containing the real encryption keys. And it is not possible to extract right hash without the proper password so Your post makes little sense to me.

He probably means this:

https://fossies.org/dox/john-1.9.0-jumbo-1/md_doc_DiskCryptor_HOWTO.html

[keychainX]

I have this DiskCryptor 0.9.x encrypted computer that I only partially remember password. I used this password for every day for like 1,5 years and one not so good evening I came back home, entered the password and it was not accepted. Tried various combinations, maybe I missed some letter or wrong case. Nothing. I am pretty sure that the encryption is not malfunctioning or somehow gotten corrupted. It is the password that got some bit flip in my brain. It got not only several bitcoins stored on that computer, but my digital life for almost decade that is locked away - pictures, music, game saves, everything.

I have the password written down after the incident as I remember it. Obviously, it is not the exact correct password. I think that John The Ripper is best software that can do various permutations on a text string given, then feed the output into command line of diskcryptor and depending of diskcryptor returned status repeat with new password or print out correct password. All could be controlled with BAT file.

I need some ideas and general discussion. Maybe someone have better software that can manipulate a password. I have no backups, the setup was super paranoid and secure.

Your best shot is Hashcat with One rule to rule them all or a mask attack, what attacks have you tried?

/KX