I know this question has been asked before, but hoping there might be a solution. I have three devices all belonging to the same person. I was able to get a physical extraction off of one of the devices and everything decoded without issue. The policies.xml stated the passcode is just 4 numerics. Is there any means by which I could brute force the passcode with the salt and gatekeeper.password.key?
AES256 + XTS is a hard enemy, starting with Android 7.x I don't think there is a solution for what you try to do.
On the other hand, finding the Android PIN is possible using a safe in-lab brute force solution, but that has it's price. The device must be fully operational because the TrustZone is needed )
Is the hash the hex of the gatekeeper.password.key?
Is the hash the hex of the gatekeeper.password.key?
No, that file contains a value generated from the salt + encryption key + Android password.