android手機被設置了密碼,由於開了root並且開啟了USB調試,在終端下
adb pull /data/system/password.key ~/
,之後cat password.key
B10DE316C14D82701D418D03B85A02EFBCD02DBFAEFEA0BA8E1007D6CB4AF9F281419D67
把這個文件刪除之後,手機重啟就不需要輸入密碼了,但是想知道這種加密方法,沒有密碼學基礎,沒有思路,看了網上的不少說是sha1。另:已經知道了手機上設置的密碼為123654。求大神點撥。
參考 Android Forensics May 27
加密是類似下面的方法,鹽值是在/data/data/com.android.providers.settings/databases/settings.db數據庫secure的表裡面,你文件裡面看到的就是sha1+md5: (40位+32位)的值
public byte[] passwordToHash(String password)
{
if (password == null)
{
return null;
}
String algo = null;
byte[] hashed = null;
try
{
byte[] saltedPassword = (password + getSalt()).getBytes();
byte[] sha1 = MessageDigest.getInstance(algo = "SHA-1").digest(saltedPassword);
byte[] md5 = MessageDigest.getInstance(algo = "MD5").digest(saltedPassword);
hashed = (toHex(sha1) + toHex(md5)).getBytes();
}
catch (NoSuchAlgorithmException e)
{
Log.w(TAG, "Failed to encode string because of missing algorithm: " + algo);
}
return hashed;
}
- Pull out the salt using adb. Salt is stored in the ‘secure’ table from /data/data/com.android.providers.settings/databases/settings.db
- Get the password : sha1+md5: (40+32) (stored at /data/system/password.key)
Ex: 0C4C24508F0D29CF54FFC4DBC5520C3C10496F43313B4D3ADDFF8ACDD5C8DC3CA69CE740
- Once you have the md5 and the salt you can brute force using the tools available in market (Ex hashcat) to get password.
