android手机被设置了密码,由于开了root并且开启了USB调试,在终端下
adb pull /data/system/password.key ~/
,之后cat password.key
B10DE316C14D82701D418D03B85A02EFBCD02DBFAEFEA0BA8E1007D6CB4AF9F281419D67
把这个文件删除之后,手机重启就不需要输入密码了,但是想知道这种加密方法,没有密码学基础,没有思路,看了网上的不少说是sha1。另:已经知道了手机上设置的密码为123654。求大神点拨。
分享
参考 Android Forensics May 27
加密是类似下面的方法,盐值是在/data/data/com.android.providers.settings/databases/settings.db数据库secure的表里面,你文件里面看到的就是sha1+md5: (40位+32位)的值
public byte[] passwordToHash(String password)
{
if (password == null)
{
return null;
}
String algo = null;
byte[] hashed = null;
try
{
byte[] saltedPassword = (password + getSalt()).getBytes();
byte[] sha1 = MessageDigest.getInstance(algo = "SHA-1").digest(saltedPassword);
byte[] md5 = MessageDigest.getInstance(algo = "MD5").digest(saltedPassword);
hashed = (toHex(sha1) + toHex(md5)).getBytes();
}
catch (NoSuchAlgorithmException e)
{
Log.w(TAG, "Failed to encode string because of missing algorithm: " + algo);
}
return hashed;
}
- Pull out the salt using adb. Salt is stored in the ‘secure’ table from /data/data/com.android.providers.settings/databases/settings.db
- Get the password : sha1+md5: (40+32) (stored at /data/system/password.key)
Ex: 0C4C24508F0D29CF54FFC4DBC5520C3C10496F43313B4D3ADDFF8ACDD5C8DC3CA69CE740
- Once you have the md5 and the salt you can brute force using the tools available in market (Ex hashcat) to get password.
分享
