On Android devices, the gesture lock pattern is stored in the /data/system/gesture.key file in a rather insecure format. The file consists of the SHA-1 hash of the gesture pattern - unsalted! Since the gesture pattern space is relatively small, it is feasible to create a rainbow table with all the possible patterns and the corresponding hashes. In fact such rainbow tables already exist. To retrieve the gesture lock pattern, once you have acquired the gesture.key file (through the JTAG hardware interface or through adb), you can look the hash up in the rainbow table:
$ wget 'http://www.android-forensics.com/tools/AndroidGestureSHA1.rar'
$ unrar AndroidGestureSHA1.rar
$ grep `xxd -p gesture.key` AndroidGestureSHA1.rar
56742391;04 05 06 03 01 02 08 00;4895B0FDC65F7802D165140BF1A77B982BD98779
There it is, '56742391'. As was demonstrated, the gesture lock pattern is very easy to recover, and you shouldn't rely on it for security!
~ Dmitry
on windows what is the equivalent of: grep `xxd -p gesture.key` AndroidGestureSHA1.rar the command grep exists:
ReplyDeleteC:\Users\Luser\Downloads>grep `xxd -p xc.txt` AndroidGestureSHA1.rar
Error: Invalid option -p
C:\Users\Luser\Downloads>dir xc.txt
Volume in drive C is Windows8_OS
Volume Serial Number is 4AF2-91A4
Directory of C:\Users\Luser\Downloads
12/01/2013 08:28 PM 20 xc.txt
1 File(s) 20 bytes
0 Dir(s) 793,492,500,480 bytes free
C:\Users\Luser\Downloads>dir AndroidGestureSHA1.rar
Volume in drive C is Windows8_OS
Volume Serial Number is 4AF2-91A4
Directory of C:\Users\Luser\Downloads
12/02/2013 08:40 PM 26,713,032 AndroidGestureSHA1.rar
1 File(s) 26,713,032 bytes
0 Dir(s) 793,492,500,480 bytes free
C:\Users\Luser\Downloads>
not xc.txt = gesture.key
i follow this:
http://resources.infosecinstitute.com/android-forensics-cracking-the-pattern-lock-protection/?goback=.gde_4161792_member_267222081#!
and worked!!!
thanks