Proj 12x: Android Password Cracking with Nox (40 pts)

What You Need for This Project

Purpose

To recover a PIN from an Android 5 device. Don't use a more recent Android version or it won't work.

Start Nox

Start Nox. If there is no PIN, Open Settings, Security, "Screen lock" and assign a PIN of 1234 as shown below.

Connecting with ADB

As you did in previous projects, connect to your Nox emulator from Kali, as shown below.

Gathering the Password Hash and Salt

On Kali, in a Terminal, execute these commands, one by one:
adb shell
cat /data/system/password.key
sqlite3 /data/system/locksettings.db
.tables
SELECT * FROM locksettings;
.quit
exit
You now have the password hash and salt. In the image below, the password hash is highlighted, and the salt is outlined in yellow.

Find the two values on your system. You will need them below.

Calculating the Hash with Python

On Kali, open a second Terminal window and execute these commands, replacing the PIN and salt values with the correct values on your system:
python

import binascii, struct, hashlib

pin = "1234"
salt = -101421406356286441 

s = binascii.hexlify(struct.pack('>q', salt ))
hashlib.new('sha1', (pin + s)).hexdigest()
The SHA-1 hash you calculated in Python should match the first portion of the Android hash you found on the phone, as shown below.

12x.1: Saving a Screen Image (10 pts)

Put both Terminal windows on your desktop, as shown above.

Make sure you can see the required features listed below:

Save a full-desktop image. On a Mac, press Shift+Commmand+3. On a PC, press Shift+PrntScrn and paste into Paint.

YOU MUST SUBMIT A FULL-SCREEN IMAGE FOR FULL CREDIT!

Save the image with the filename "YOUR NAME Proj 12x", replacing "YOUR NAME" with your real name.


12x.2: Challenge: 4-Digit PIN (15 pts)

I chose a different four-digit PIN. Find it from this information:
root@shamu:/ # cat /data/system/password.key
7DBD9B2D8DD734510D2894AAA9FF6B0AD8DC69BFEFD0B48F82FCC55018F151C5310FCFFB

sqlite> SELECT * FROM locksettings;
6|lockscreen.password_salt|0|-101421406356286441
Include the PIN in the body of your email when turning this project in.

12x.3: Challenge: 8-Digit PIN (15 pts)

I chose an eight-digit PIN. Find it from this information:
root@shamu:/ # cat /data/system/password.key
59A364BD3954E5FF1DD524BD948CCC9F6C7EAD949A08F1A0C5983969D481672AA2EC344C

sqlite> SELECT * FROM locksettings;
6|lockscreen.password_salt|0|-101421406356286441
Include the PIN in the body of your email when turning this project in.

Turning in your Project

Email the image and the recovered PINs to to cnit.128sam@gmail.com with the subject line: Proj 12x from YOUR NAME

Posted 3-20-19