03-08-2014, 12:09 AM
04-26-2014, 09:55 AM
(04-04-2013, 12:28 PM)blazer Wrote: [ -> ]I think that might work in the event that you have the telephone opened (in the feeling of PIN effectively entered and not identified with bootloader). Still on the off chance that it is bolted, you shouldn't have the capacity to transfer anything by means of adb. I figure one probability might be to introduce a pin open applications (which don't oblige root) regardless reboot, that might oblige the google play record and the telephone being joined with the web around then. In any case yes, that bodes well for PIN recuperation - then you can root the telephone and move ahead.(04-04-2013, 12:22 PM)gat3way Wrote: [ -> ]Hm, how do you practically extract that? I am trying to extract it from Samsung Galaxy S3. Of course /data/data and /data/system are not readable by the adb user and it would require to root the phone. But then we have one problem: even if USB debugging is enabled, you can't connect to the phone while locked to upload the new image. Another problem is that you might be required to unlock the bootloader (haven't done that so not 100% sure) which according to what I read will erase user data including the hashes.
Please correct me if I am wrong.
It is possible to root without unlocking boot loader therefore you won't lose any data, works on unpatched samsung devices see the Exynos Kernel Exploit linked below
https://forum.xda-developers.com/showthre...?t=2050297
another method
https://forum.xda-developers.com/showthre...?t=1894717Doogee Smartphone
You could possibly craft an APK which obviously will require root privileges allowing you to grab the data. Won't exactly be 'undetected' if the user already has a rooted phone, if the phone can be exploited then you could probably make it undetectable.
05-23-2014, 10:52 AM
how to covert easily password salt to lowercase hex
i want to convert -5526519674132311473
i want to convert -5526519674132311473
05-27-2014, 01:03 AM
There are many ways to do it. Using your shell:
Code:
$ printf "%016x\n" -5526519674132311473
b34ddba31b22d24f
09-02-2014, 11:22 AM
Very insightful stuff, thanks.
Just to clarify, is this algorithm only applied for samsung phones (as the subject would imply)?
or does it apply to all android phones?
thanks
Just to clarify, is this algorithm only applied for samsung phones (as the subject would imply)?
or does it apply to all android phones?
thanks
03-03-2015, 02:22 PM
Hi,
thanks for the manual, but it didn't work for me. I tried to crack
943E785DE3800A6235EE8D64357D8CE71E85C55F:641104FAC3CCF989
which turned out to be "kingkalle". I used the mask ?l?l?l?l?l?l?l?l?l knowing that the pw has 9 lower case letters. I used hash 5800 (android pin) as 10 and Sha 1 and Sha 512. None of them worked.
Any ideas?
thanks for the manual, but it didn't work for me. I tried to crack
943E785DE3800A6235EE8D64357D8CE71E85C55F:641104FAC3CCF989
which turned out to be "kingkalle". I used the mask ?l?l?l?l?l?l?l?l?l knowing that the pw has 9 lower case letters. I used hash 5800 (android pin) as 10 and Sha 1 and Sha 512. None of them worked.
Any ideas?
03-03-2015, 02:41 PM
All formats (also -m 5800) are explained here: https://hashcat.net/wiki/doku.php?id=example_hashes
For -m 5800 for instance it is important that the hash (and most importantly the salt) is in lower-case (yes, it is currently case-sensitive, but could possibly be changed for -m 5800).
so hashalt (everything in lowercase) should be used instead of HASH:SALT
For -m 5800 for instance it is important that the hash (and most importantly the salt) is in lower-case (yes, it is currently case-sensitive, but could possibly be changed for -m 5800).
so hashalt (everything in lowercase) should be used instead of HASH:SALT
03-03-2015, 02:58 PM
Thanks a lot! Solved the problem. Sorry for being so foolish :-)
05-25-2015, 03:30 PM
Hi. I have a problem decoding my phone's pin.
The pin is: 4870
My device is LG G2 (D802) and Android version is Stock 5.0.2.
As being said in the topic:
Location of password.key is: /data/system/password.key
The file contained this hash: 7baad69b719fe341bfb23b500abd1bf6730702453556ba277abc4b98422e97b18b3f34b1
Location of SQLite database containing Hash salt is: data/system/locksettings.db -> locksettings/lockscreen.password_salt
The salt was: -1615050273476347751
So, using first 40 bytes of hash (the sha1 part): 7baad69b719fe341bfb23b500abd1bf673070245
and Hexing the signed salt integer gives me: e99630554b0b7899
so hashalt is: 7baad69b719fe341bfb23b500abd1bf673070245:e99630554b0b7899
I saved above in a text file called "sha1-salt.txt".
Also /data/system/device_policies.xml indicated:
Using Hashcat Win v0.49, i executed:
and it couldnt decrypt it.
Am I doing anything wrong?
The pin is: 4870
My device is LG G2 (D802) and Android version is Stock 5.0.2.
As being said in the topic:
Location of password.key is: /data/system/password.key
The file contained this hash: 7baad69b719fe341bfb23b500abd1bf6730702453556ba277abc4b98422e97b18b3f34b1
Location of SQLite database containing Hash salt is: data/system/locksettings.db -> locksettings/lockscreen.password_salt
The salt was: -1615050273476347751
So, using first 40 bytes of hash (the sha1 part): 7baad69b719fe341bfb23b500abd1bf673070245
and Hexing the signed salt integer gives me: e99630554b0b7899
so hashalt is: 7baad69b719fe341bfb23b500abd1bf673070245:e99630554b0b7899
I saved above in a text file called "sha1-salt.txt".
Also /data/system/device_policies.xml indicated:
Code:
<active-password quality="196608" length="4" uppercase="0" lowercase="0" letters="0" numeric="4" symbols="0" nonletter="4" />
Using Hashcat Win v0.49, i executed:
Code:
hashcat-cli64.exe -a 3 -m 5800 sha1-salt.txt ?d?d?d?d
and it couldnt decrypt it.
Am I doing anything wrong?
05-26-2015, 12:50 PM
AFAIK Android 5.x uses a different scheme, therefore it will not work