Is there any hope?

[cloud1250x4]

Just wondering.. is there any hope?

---------> BitCracker Hash Extractor <---------
Encrypted device ../backup/imageEncrypted.img opened, size 935975MB

Signature found at 0x3
Version: 8 
Invalid version, looking for a signature with valid version...

Signature found at 0xbff77000
Version: 2 (Windows 7 or later)

=====> VMK entry found at 0xbff77157
Encrypted with Recovery Password (0xbff77178)
Searching AES-CCM (0xbff77194)
Trying offset 0xbff77227.... AES-CCM encryption found!!
======== RP VMK #0 ========
RP Salt: 0f4582ebb27e2e79ff9baa0be9bb8260
RP Nonce: 10bb6317b64bd4019d000000
RP MAC: a3344636e399f1f760fdae5881e72a58
RP VMK: ec2932cbe58c27e00139ada57a0c4a49b607bfbcd7568bc5fd78355800c87a258250725e0c8c248fb11193a1

=====> VMK entry found at 0xbff77277
VMK encrypted with TPM...not supported! (0xbff77298)

Signature found at 0xbff87000
Version: 2 (Windows 7 or later)

=====> VMK entry found at 0xbff87157
Encrypted with Recovery Password (0xbff87178)
Searching AES-CCM (0xbff87194)
Trying offset 0xbff87227.... AES-CCM encryption found!!
This VMK has been already stored... moving forward!

=====> VMK entry found at 0xbff87277
VMK encrypted with TPM...not supported! (0xbff87298)

Signature found at 0xbff97000
Version: 2 (Windows 7 or later)

=====> VMK entry found at 0xbff97157
Encrypted with Recovery Password (0xbff97178)
Searching AES-CCM (0xbff97194)
Trying offset 0xbff97227.... AES-CCM encryption found!!
This VMK has been already stored... moving forward!

=====> VMK entry found at 0xbff97277
VMK encrypted with TPM...not supported! (0xbff97298)

=====> VMK entry found at 0x113fa1be5

=====> VMK entry found at 0x3c46804cc

=====> VMK entry found at 0x5d12847e9

=====> VMK entry found at 0x60f9c606b

=====> VMK entry found at 0x67fd5c00e

=====> VMK entry found at 0x7721e6899

=====> VMK entry found at 0x7c7de2334

=====> VMK entry found at 0x93cbafed1

=====> VMK entry found at 0x9477ecf95

=====> VMK entry found at 0xaef700faa

=====> VMK entry found at 0xd2400e895

=====> VMK entry found at 0xea711da09

=====> VMK entry found at 0x111962a966

=====> VMK entry found at 0x1188e43f9a
...

Also, how long can it takes..

[e-ago]

It actually found the hash for the Recovery Key attack (======== RP VMK #0 ========). How long is your file? The problem is that bitcracker_hash stores the hash into the output .txt when reaching the end of the file. I should change it and print the hash immediately

[e-ago]

It's also weird that bitcracker_hash didn't stop here =====> VMK entry found at 0xbff97277 VMK encrypted with TPM...not supported! (0xbff97298)

[cloud1250x4]

The file is 1000gb.. And I think it crashed when I looked at it this morning..

Also.. I've got a gtx 1080.. Any chance I can recover my files this year? (Using the recovery key attack)

Edit: maybe I should try to dd a smaller part of my partition and recover the hash using it?

[e-ago]

yes, the problem is that the file is too big. You should try to dd the image starting few bytes before offset 0xbff77000 for several KB

[cloud1250x4]

It actually finished the next morning.. I'm currently running the attack.. But it's quite slow.. Is there any hope of retrieving my files..

[cloud1250x4]

[cloud1250x4]

https://www.wolframalpha.com/input/?i=999999999999999999999999999999999999999999999999%2F(1300*60*60*24*365)

This seems like an insane amount of time..

[e-ago]

Looking at your password rate, it seems you're using a Pascal GPU, righr? Yes that's the problem: the set of possible Recovery Password as an enormous magnitude. I'll clarify it in the README

[HelderMagalhaes]

you're using a Pascal GPU, righr? Yes that's the problem: the set of possible Recovery Password as an enormous magnitude. I'll clarify it in the README

The readme (now?) seems to state the Pascal GPU in Performance section. Should this issue be marked resolved/closed?