Book Image

Learning Android Forensics

By : Rohit Tamma, Donnie Tindall
Book Image

Learning Android Forensics

By: Rohit Tamma, Donnie Tindall

Overview of this book

Table of Contents (15 chapters)
Learning Android Forensics
About the Authors
About the Reviewers

Cracking an Android pattern lock

Now that we have gesture.key, which contains the pattern lock information, let's take a look at the file contents:

Contents of gesture.key in a hex editor

The hex contents of the file are an unsalted SHA-1 hash of the swipe pattern. The fact that there are a limited number of possible patterns (there is a four digit minimum and a nine digit maximum because each number can only be used once), the simplest method for cracking this hash is a dictionary attack. An examiner can create a dictionary consisting of every possible pattern, but re-inventing the wheel isn't always necessary. CCL Forensics, based in the UK, provides a free Python script to create the hash dictionary. It can be downloaded at

The file is To run it, Python 3 must be installed on the examiner's system. Python 3 can be downloaded at Many forensics tools...