标题: Android图案密码破解 https://scz.617.cn/android/201411141408.txt Android Pattern Lock Cracker (crack.pattern.py) https://github.com/sch3m4/androidpatternlock 假设键盘如下: +---+---+---+ | 0 | 1 | 2 | +---+---+---+ | 3 | 4 | 5 | +---+---+---+ | 6 | 7 | 8 | +---+---+---+ 假设图案密码顺序如下: 0->1->2->4->6->7->8 取明文: \x00\x01\x02\x04\x06\x07\x08 计算它的SHA1: import hashlib hashlib.sha1("\x00\x01\x02\x04\x06\x07\x08").hexdigest() '6a062b9b3452e366407181a1bf92ea73e9ed4c48' hexout "\x00\x01\x02\x04\x06\x07\x08" | openssl sha1 6a062b9b3452e366407181a1bf92ea73e9ed4c48 gesture.key中就是这个SHA1值,用"xxd -g 1 gesture.key"确认: 0000000: 6a 06 2b 9b 34 52 e3 66 40 71 81 a1 bf 92 ea 73 j.+.4R.f@q.....s 0000010: e9 ed 4c 48 ..LH 明文取值范围是[\x00-\x08],Android 2.3.3之前最短3个字节,之后最短4个字节, 最多9个字节。图案密码不允许各个点重复出现,计算SHA1时也没有salt参与,因此 很容易暴力穷举。由于明文落在不可打印字符区间,不能用常规在线SHA1破解网站: http://www.hashkiller.co.uk/sha1-decrypter.aspx 可以用这个: http://android.saz.lt/cgi-bin/pattern.py 2017-07-18 17:44 scz Android 7.0上用 /data/system/gatekeeper.pattern.key /data/system/gatekeeper.password.key -------------------------------------------------------------------------- Question cracking Android M pattern,pin code,password - [2016-11-01] https://hashcat.net/forum/thread-6000.html Password storage in Android M - [2015-06-25] https://nelenkov.blogspot.tw/2015/06/password-storage-in-android-m.html m-pass-hash.py https://pastebin.com/G3Fq68H4 Gatekeeper https://source.android.com/security/authentication/gatekeeper Trusty TEE https://source.android.com/security/trusty/ 文件级加密(FBE) https://source.android.com/security/encryption/file-based 全盘加密(FDE) https://source.android.com/security/encryption/full-disk -------------------------------------------------------------------------- kapitanpetko: The salt is in the .key file. The hash (or signature) is the 32 bytes after the salt. Most production versions of Android 6.0+ use TEE (TrustZone) to calculate the HMAC of your password, using a device-specific key. The key is not accessible form Android (neither kernel nor userspace), so cracking is not trivial. Additionally, the exact algorithm varies by devices, so Samsung is likely doing something slightly different than Google (on Nexus devices), etc. In Marshmallow, PIN and pattern locks are still breakable, but no longer use simple hashes. Gatekeeper password storage manages and verifies passwords via Hash-based Message Authentication Code (HMAC) with a hardware-backed secret key. It authenticates pattern or password locks in a Trusted Execution Environment (TEE), which calculates the HMAC using a device-specific key. The HMAC key is kept solely in Gatekeeper.