Extract a John the Ripper hash from a LUKS-encrypted Linux disk header with luks2john. For authorized password recovery only.
luks2john reads the header of a LUKS (Linux Unified Key Setup) encrypted volume and produces a hash for recovering a keyslot passphrase offline. LUKS protects the master key in up to eight keyslots, each guarded by a passphrase run through PBKDF2 (LUKS1) or Argon2 (LUKS2). The tool extracts a keyslot's salt, iteration count, and the anti-forensic key material so a cracker can test passphrases. It does not unlock the volume.
Input:
header.img (LUKS header dump)
Output:
$luks$1$<...>$<salt>$<af-key>
Do I need the whole encrypted disk?
No. Only the LUKS header (the first few megabytes) is needed; you can extract it with cryptsetup luksHeaderBackup and process just that.
Does it support LUKS1 and LUKS2?
LUKS1 uses PBKDF2 and is well supported; LUKS2 can use Argon2, which is far more expensive to crack and may not be supported by all crackers.
Which hashcat mode applies?
LUKS volumes use hashcat mode 14600 (and the 29541-29543 range for newer LUKS handling).
This tool extracts password hashes from LUKS volumes to help with password recovery and auditing of encrypted Linux disks.
Supported Tools: