Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sandgetpwdhash #2

Open
hubert3 opened this issue Jan 22, 2014 · 2 comments
Open

sandgetpwdhash #2

hubert3 opened this issue Jan 22, 2014 · 2 comments

Comments

@hubert3
Copy link

hubert3 commented Jan 22, 2014

For PIN 1234 set on my Samsung S4 4.2.2, sandgetpwdhash extracts the following:

867B4B7F6C7E5CCC50A1BD183D8C3E5801F20344:-3343618892075477414

How do I crack this? Is it a SHA1 hash? Does the salt not need to be converted to ascii hex?

I couldn't find any documentation of this in your talk slides or the sandy code.

Just checking before I do more work trying to work it out myself :)
@bkerler
Copy link

bkerler commented Jan 22, 2014

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Hubert,

it's actually SHA1 with salt.
The basic android calculation would be :
SHA1(passwort+hex_lowercase[salt]) = resulthash

for example if the pass would be "test"
hex_lowercase[-3343618892075477414]=d1991455398e565a

SHA1(testd1991455398e565a) = 867B4B7F6C7E5CCC50A1BD183D8C3E5801F20344

For Samsung however, the algorithm is slightly different.
See my page over there :

http://hashcat.net/forum/thread-2202.html

The fastest way to crack it is using hashcat and gpu (samsung algo) :)

Cheers,
Bjoern

Am 22.01.2014 06:23, schrieb hubert3:

For PIN 1234 set on my Samsung S4 4.2.2, sandgetpwdhash extracts
the following:

867B4B7F6C7E5CCC50A1BD183D8C3E5801F20344:-3343618892075477414

How do I crack this? Is it a SHA1 hash? Does the salt not need to
be converted to ascii hex?

I couldn't find any documentation of this in your talk slides or
the sandy code.

Just checking before I do more work trying to work it out myself
:)

— Reply to this email directly or view it on GitHub
#2.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJS37/cAAoJEKPg+vefL0V4hpAP+wS0cfId1XflWb8cnLI89KD5
Uahi5bvP7BJk25Ky+uGX/mhVyKMyL85paKImEhea6HccZiyD5xHrrBPm18L70Ilg
EN4Mb0OBsQaXq7+rhFI7irAJXUa2lkI36EhYtYu54X4lNqoaoyivKVRp6RAny2Ll
zVhIpgwNc79aJZVN+SQ44NzXr8PElPk3aQdEVowWILCybN1YNdT7AXzpCdLMTB85
BKewwNy8S9ySccRI7gv2howMarTgnfKiMM1P5LtnUWO78tEG+wmmQbKxBCp081X+
hFYqE76Jcb713XnZuPIDw+E/wqK9A2C29aTvK+wzoWey/S+lLsaIWsonYGXeFhNH
GBomA04AwlE31ZjSoq8UmwSyFblRQwtF3Gn5RLYNtUPADPmDMkvJNoeMcULuJxc5
ckdKH2uVee/bc7LjONrTwEsv8p3r8LzP+Z5YbJmnTqKsXnuPlVVg13YsFVaei91H
e6sPDUpVMjBMLc2QPBHiA1cJUYb8soJnFYYjDe8r29QRcgSXInj9dximP/Fm0GLn
1arW7DFQL70CaXDlyhosqmYE0kGRFNgBf6M9ecc0f5hy1KzBUpNfhIyK+MnPiGc3
ZFn/K+DzhBEDWqt8iaukKsBvcY/yBXt5B/1/8IAgObUlm9Qif5Ja9CbxQE7+2xdc
0P+XfAdBSvqW2qg62BtD
=dMNI
-----END PGP SIGNATURE-----

@hubert3
Copy link
Author

hubert3 commented Jan 22, 2014

Many thanks for the explanation and pointers. I made a python implementation here:

https://gist.github.com/hubert3/8560499

Feel free to add this to the Sandy framework if it’s useful.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hubert3 @bkerler