Question| cracking Android M pattern,pin code,password
#1
hi everyone,
i will try to make it short,
couple of years ago, it was possible to unhash(crack the hash) the pattern(gesture),pin code,password of >= android devices (up to 5.1), following this post https://hashcat.net/forum/thread-2202.html
when Android Marshmelo came out they changed the way on how the password are stored
after looking up online i came across this post https://nelenkov.blogspot.co.il/2015/06/...oid-m.html which explain pretty much everything
he provided half python script which i reproduce > m-pass-hash.py http://pastebin.com/G3Fq68H4

i tried to reproduce what he did to understand how it work with out success, i put the same pattern
*  *  *    > *  *  *         1 2 3
*  *  *       *  *  *         4 5 6
*  *  *       *  *  * >      7 8 9
should be Z from left to right (1235789), i attached the gatekeeper.pattern.key to this post if some one want to have a look at it, the hex of the file is 
Code:
02 22 F2 14 12 FF E8 BA 5A 00 00 00 00 00 00 00 00 B4 A3 6D B1 AC D2 43 FA FC 56 C9 29 80 1E C5 FD A6 81 D7 5E 81 FE 56 59 41 58 AE 54 7D 8C E6 AA D0 19 66 4E 5A D9 95 13 01
when reproducing with the python script the signature that i got was fc56c929801ec5fda681d75e81fe56594158ae547d8ce6aad019664e5ad99513 (which is a part of the hex of the file)
i would like to know how its possible to get the hash out of it to start cracking it,
the file were located in /data/system/gatekeeper.pattern.key (its a Samsung galaxy 7 edge)

i know that the salt is inside locksettings.db , value is -8111172969313216963 after converting its  8F6F5328C455D63D lower case 8f6f5328c455d63d



(just to mention, the attachment didnt work with .key in the end so i changed it to txt, feel free to remove the .txt after downloading it.)
u can download the python scrypt module from here https://pypi.python.org/pypi/scrypt/

UPDATE 1, i decide to also add gatekeeper.password.key (remove the .txt from the attachment)
the salt is the same, the gatekeeper.password.key is the pin code , the password of it is 1234


Attached Files
.txt   gatekeeper.pattern.key.txt (Size: 58 bytes / Downloads: 203)
.txt   gatekeeper.password.key.txt (Size: 58 bytes / Downloads: 198)
#2
Gatekeeper password hashing doesn't use locksettings.db. The salt is in the .key file, as the script shows. The hash (or signature) is the 32 bytes after the salt

However, note that most production versions of Android 6.0+ use TEE (TrustZone) to calculate the HMAC of your password, using a device-specific key. The key is not accessible form Android (neither kernel nor userspace), so cracking is not trivial.

Additionally, the exact algorithm varies by devices, so Samsung is likely doing something slightly different than Google (on Nexus devices), etc.


Here's some more info:

https://source.android.com/security/auth...eeper.html

https://source.android.com/security/trusty/index.html

You can get the source of Google's default gatekeeper trusted application from the repository listed in the second link.
#3
here is my result:
> crack.py
signature fc56c929801ec5fda681d75e81fe56594158ae547d8ce6aad019664e5ad99513
Hash: 5f1a046dd5e8054ecf9023ca494667d47fade9632f5c02fc62669c88afe933a5
Equal: False

python 2.7 ,windows10(failed),The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali)(failed),ubuntu14x64(failed),and the result all is '5f1a046dd5e8054ecf9023ca494667d47fade9632f5c02fc62669c88afe933a5'

god.