Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Support for Android 4.4 FDE #1442
Although Android 4.4 has been released for 4 years now, approximately 16% of Android devices still run this OS version (as of August 2017). KitKat (4.4) has also continued to receive Security Patches as recently as September 2017.
As the last major release of Android before hardware backed FDE started to become common, it would be great if support for Android 4.4 FDE could be added into Hashcat.
This was referenced in a Twitter conversation with Nikolay Elenkov in 2014: https://twitter.com/kapitanpetko/status/484653251355082754
The python script that he referred to (https://github.com/nelenkov/Santoku-Linux/blob/master/tools/android/android_bruteforce_stdcrypto/bruteforce_stdcrypto.py) has been updated since that Twitter discussion to check magic values for ext4, as well as additional encryption checks.
Devices running 4.4 FDE continue to frustrate many people, so it makes perfect sense for the world's fastest password cracker to implement support for this ;)
I can provide sample data if needed.
Thanks in advance!
You are correct that this PoC code is only for PINs. However, Android 4.4 lockscreens can have a password set instead, which is then used as the basis for the FDE encryption. So whilst most users would have PINs for which this script is sufficiently fast, it is not fast enough to use for passwords which are still frequent enough to cause problems when attempting to recover data from these devices.