11-02-2016, 06:41 PM
Gatekeeper password hashing doesn't use locksettings.db. The salt is in the .key file, as the script shows. The hash (or signature) is the 32 bytes after the salt
However, note that most production versions of Android 6.0+ use TEE (TrustZone) to calculate the HMAC of your password, using a device-specific key. The key is not accessible form Android (neither kernel nor userspace), so cracking is not trivial.
Additionally, the exact algorithm varies by devices, so Samsung is likely doing something slightly different than Google (on Nexus devices), etc.
Here's some more info:
https://source.android.com/security/auth...eeper.html
https://source.android.com/security/trusty/index.html
You can get the source of Google's default gatekeeper trusted application from the repository listed in the second link.
However, note that most production versions of Android 6.0+ use TEE (TrustZone) to calculate the HMAC of your password, using a device-specific key. The key is not accessible form Android (neither kernel nor userspace), so cracking is not trivial.
Additionally, the exact algorithm varies by devices, so Samsung is likely doing something slightly different than Google (on Nexus devices), etc.
Here's some more info:
https://source.android.com/security/auth...eeper.html
https://source.android.com/security/trusty/index.html
You can get the source of Google's default gatekeeper trusted application from the repository listed in the second link.