Question| cracking Android M pattern,pin code,password
#2
Gatekeeper password hashing doesn't use locksettings.db. The salt is in the .key file, as the script shows. The hash (or signature) is the 32 bytes after the salt

However, note that most production versions of Android 6.0+ use TEE (TrustZone) to calculate the HMAC of your password, using a device-specific key. The key is not accessible form Android (neither kernel nor userspace), so cracking is not trivial.

Additionally, the exact algorithm varies by devices, so Samsung is likely doing something slightly different than Google (on Nexus devices), etc.


Here's some more info:

https://source.android.com/security/auth...eeper.html

https://source.android.com/security/trusty/index.html

You can get the source of Google's default gatekeeper trusted application from the repository listed in the second link.


Messages In This Thread
RE: Question| cracking Android M pattern,pin code,password - by kapitanpetko - 11-02-2016, 06:41 PM