Book Image

Learning Android Forensics

Book Image

Learning Android Forensics

Overview of this book

Table of Contents (15 chapters)
Learning Android Forensics
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Cracking an Android pattern lock


Now that we have gesture.key, which contains the pattern lock information, let's take a look at the file contents:

Contents of gesture.key in a hex editor

The hex contents of the file are an unsalted SHA-1 hash of the swipe pattern. The fact that there are a limited number of possible patterns (there is a four digit minimum and a nine digit maximum because each number can only be used once), the simplest method for cracking this hash is a dictionary attack. An examiner can create a dictionary consisting of every possible pattern, but re-inventing the wheel isn't always necessary. CCL Forensics, based in the UK, provides a free Python script to create the hash dictionary. It can be downloaded at http://www.cclgroupltd.com/product/android-pattern-lock-scripts/.

The file is GenerateAndroidGestureRainbowTable.py. To run it, Python 3 must be installed on the examiner's system. Python 3 can be downloaded at https://www.python.org/downloads/. Many forensics tools...