+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Question| cracking Android M pattern,pin code,password (/thread-6000.html)
Question| cracking Android M pattern,pin code,password - kiara - 11-01-2016
hi everyone,
i will try to make it short,
couple of years ago, it was possible to unhash(crack the hash) the pattern(gesture),pin code,password of >= android devices (up to 5.1), following this post https://hashcat.net/forum/thread-2202.html
when Android Marshmelo came out they changed the way on how the password are stored
after looking up online i came across this post https://nelenkov.blogspot.co.il/2015/06/password-storage-in-android-m.html which explain pretty much everything
he provided half python script which i reproduce > m-pass-hash.py http://pastebin.com/G3Fq68H4
i tried to reproduce what he did to understand how it work with out success, i put the same pattern
* * * > * * * 1 2 3
* * * * * * 4 5 6
* * * * * * > 7 8 9
should be Z from left to right (1235789), i attached the gatekeeper.pattern.key to this post if some one want to have a look at it, the hex of the file is
Code:
02 22 F2 14 12 FF E8 BA 5A 00 00 00 00 00 00 00 00 B4 A3 6D B1 AC D2 43 FA FC 56 C9 29 80 1E C5 FD A6 81 D7 5E 81 FE 56 59 41 58 AE 54 7D 8C E6 AA D0 19 66 4E 5A D9 95 13 01i would like to know how its possible to get the hash out of it to start cracking it,
the file were located in /data/system/gatekeeper.pattern.key (its a Samsung galaxy 7 edge)
i know that the salt is inside locksettings.db , value is -8111172969313216963 after converting its 8F6F5328C455D63D lower case 8f6f5328c455d63d
(just to mention, the attachment didnt work with .key in the end so i changed it to txt, feel free to remove the .txt after downloading it.)
u can download the python scrypt module from here https://pypi.python.org/pypi/scrypt/
UPDATE 1, i decide to also add gatekeeper.password.key (remove the .txt from the attachment)
the salt is the same, the gatekeeper.password.key is the pin code , the password of it is 1234
RE: Question| cracking Android M pattern,pin code,password - kapitanpetko - 11-02-2016
Gatekeeper password hashing doesn't use locksettings.db. The salt is in the .key file, as the script shows. The hash (or signature) is the 32 bytes after the salt
However, note that most production versions of Android 6.0+ use TEE (TrustZone) to calculate the HMAC of your password, using a device-specific key. The key is not accessible form Android (neither kernel nor userspace), so cracking is not trivial.
Additionally, the exact algorithm varies by devices, so Samsung is likely doing something slightly different than Google (on Nexus devices), etc.
Here's some more info:
https://source.android.com/security/authentication/gatekeeper.html
https://source.android.com/security/trusty/index.html
You can get the source of Google's default gatekeeper trusted application from the repository listed in the second link.
RE: Question| cracking Android M pattern,pin code,password - bakurise - 03-28-2018
here is my result:
> crack.py
signature fc56c929801ec5fda681d75e81fe56594158ae547d8ce6aad019664e5ad99513
Hash: 5f1a046dd5e8054ecf9023ca494667d47fade9632f5c02fc62669c88afe933a5
Equal: False
python 2.7 ,windows10(failed),The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)(failed),ubuntu14x64(failed),and the result all is '5f1a046dd5e8054ecf9023ca494667d47fade9632f5c02fc62669c88afe933a5'
god.