Last active
August 29, 2015 14:07
-
-
Save Vandalko/b87d3d6083d02510f54c to your computer and use it in GitHub Desktop.
Android device password hashing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* Simple script to check hashed device password values. | |
* Primary user file located at /data/system/password.key | |
* Other users: /data/system/users/{user-id}/password.key | |
* You may also check device_policies.xml file for password type and complexity hint | |
* | |
* @see DevicePolicyManagerService | |
* @see LockPatternUtils | |
* @see LockSettingsService | |
*/ | |
import java.security.*; | |
private String toHex(byte[] ary) { | |
final String hex = "0123456789ABCDEF"; | |
String ret = ""; | |
for (int i = 0; i < ary.length; i++) { | |
ret += hex.charAt((ary[i] >> 4) & 0xf); | |
ret += hex.charAt(ary[i] & 0xf); | |
} | |
return ret; | |
} | |
public String getSalt() { | |
return Long.toHexString(-4705081500355345447); //check /data/system/locksettings.db for user salt | |
} | |
public String passwordToHash(String password) { | |
if (password == null) { | |
return null; | |
} | |
String algo = null; | |
String hashed = null; | |
try { | |
byte[] saltedPassword = (password + getSalt()).getBytes(); | |
byte[] sha1 = MessageDigest.getInstance(algo = "SHA-1").digest(saltedPassword); | |
byte[] md5 = MessageDigest.getInstance(algo = "MD5").digest(saltedPassword); | |
hashed = (toHex(sha1) + toHex(md5))//.getBytes(); | |
} catch (NoSuchAlgorithmException e) { | |
Log.w(TAG, "Failed to encode string because of missing algorithm: " + algo); | |
} | |
return hashed; | |
} | |
println passwordToHash("yourpassword") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment