Anyone have any experience with Hashcat? I forgot a LUKS password

Pretty much the title, this has consumed basically all of my free time the last week. I’m to the point now where it’s getting difficult to find answers on google, and thought maybe someone here has used hashcat before.

I used cryptsetup luksDump on the volume,


based on that hashcat -m 29251 for LUKS v1 SHA-256 + AES should work.

Then I used dd if=/dev/sdb3 of=header.luks bs=512 count=4079

Which I used in hashcat -m 29521 -a 0 header.luks list.txt

Which returns:

Hashfile 'header.luks' on line 1 (LUKS║╛): Separator unmatched

For 19 lines then finally

Hashfile 'header.luks' on line 20 (J¿╬``≥▼‼*╗2Y%=&&): Token length exception

And basically repeats all the way down to line 8088, before finishing with

Token length exception: 541/541 hashes

This error happens if the wrong hash type is specified, if the hashes are

malformed, or if input is otherwise not as expected (for example, if the

--username option is used but no username is present)

No hashes loaded.

I appreciate any help and will happily answer any questions I can.

I have used hashcat in the past, but not specifically with LUKS.

The “line 1” error looks like the LUKS magic number parsed as text, so I think HC is probably expecting a text file full of hashes rather than the entire header (this is how other hashcat modules I’ve used have operated as well).

I notice there is a script called “” in the hashcat tools directory, maybe try running that against the header file and see if it dumps out just the hashes.


Also, it’s probably a typo, but your dd command has 4079 instead of 4097

You can download an example of what hashcat expects as input for each mode here: example_hashes [hashcat wiki]


You can also use from John the Ripper (Jumbo) to get the needed hash. /dev/sdb3 > sdb3.john

This worked!
I ended up pointing it at the container itself rather than the header, but it spit out a hash that hashcat liked. Currently running the dictionary attack.

I tried this too just for the sake of trying it and it gave me this.

1 Like