Question| cracking Android M pattern,pin code,password
hi everyone,
i will try to make it short,
couple of years ago, it was possible to unhash(crack the hash) the pattern(gesture),pin code,password of >= android devices (up to 5.1), following this post
when Android Marshmelo came out they changed the way on how the password are stored
after looking up online i came across this post which explain pretty much everything
he provided half python script which i reproduce >

i tried to reproduce what he did to understand how it work with out success, i put the same pattern
*  *  *    > *  *  *         1 2 3
*  *  *       *  *  *         4 5 6
*  *  *       *  *  * >      7 8 9
should be Z from left to right (1235789), i attached the gatekeeper.pattern.key to this post if some one want to have a look at it, the hex of the file is 
02 22 F2 14 12 FF E8 BA 5A 00 00 00 00 00 00 00 00 B4 A3 6D B1 AC D2 43 FA FC 56 C9 29 80 1E C5 FD A6 81 D7 5E 81 FE 56 59 41 58 AE 54 7D 8C E6 AA D0 19 66 4E 5A D9 95 13 01
when reproducing with the python script the signature that i got was fc56c929801ec5fda681d75e81fe56594158ae547d8ce6aad019664e5ad99513 (which is a part of the hex of the file)
i would like to know how its possible to get the hash out of it to start cracking it,
the file were located in /data/system/gatekeeper.pattern.key (its a Samsung galaxy 7 edge)

i know that the salt is inside locksettings.db , value is -8111172969313216963 after converting its  8F6F5328C455D63D lower case 8f6f5328c455d63d

(just to mention, the attachment didnt work with .key in the end so i changed it to txt, feel free to remove the .txt after downloading it.)
u can download the python scrypt module from here

UPDATE 1, i decide to also add gatekeeper.password.key (remove the .txt from the attachment)
the salt is the same, the gatekeeper.password.key is the pin code , the password of it is 1234

Attached Files
.txt   gatekeeper.pattern.key.txt (Size: 58 bytes / Downloads: 93)
.txt   gatekeeper.password.key.txt (Size: 58 bytes / Downloads: 121)
Gatekeeper password hashing doesn't use locksettings.db. The salt is in the .key file, as the script shows. The hash (or signature) is the 32 bytes after the salt

However, note that most production versions of Android 6.0+ use TEE (TrustZone) to calculate the HMAC of your password, using a device-specific key. The key is not accessible form Android (neither kernel nor userspace), so cracking is not trivial.

Additionally, the exact algorithm varies by devices, so Samsung is likely doing something slightly different than Google (on Nexus devices), etc.

Here's some more info:

You can get the source of Google's default gatekeeper trusted application from the repository listed in the second link.