Glad to see other people are reversing handset hashes, I've only noticed this 'more secure' version of hash storage in the galaxy S3 and newer; What other devices have you guys seen this on?
I checked the S2 and it was using the typical plain sha1 on iteration.
^
Edit: If the S2 is running Android 4.x or higher it seems to be using the 1024 iteration but prior to that it is a single sha-1 round
Edit: my last post salt code conversion had a couple issues, the main one was the sql table stores the salt as a signed 64 bit number, java store longs as signed 64 bit numbers, but when long.tohexstring is called on a long it is first converted to an unsigned long and then converts to hex; The bellow code should work for all salts
I checked the S2 and it was using the typical plain sha1 on iteration.
^
Edit: If the S2 is running Android 4.x or higher it seems to be using the 1024 iteration but prior to that it is a single sha-1 round
Edit: my last post salt code conversion had a couple issues, the main one was the sql table stores the salt as a signed 64 bit number, java store longs as signed 64 bit numbers, but when long.tohexstring is called on a long it is first converted to an unsigned long and then converts to hex; The bellow code should work for all salts
Code:
def get_salt(salt):
int_salt = int(salt)
int_salt = (int_salt & 0xffffffffffffffff)
salt= hex(int(int_salt)).lstrip("0x")
salt= salt.rstrip('L')
#print salt
return salt