283Seeking the Truth from Mobile Evidence. http://dx.doi.org/10.1016/B978-0-12-811056-0.00019-4Copyright © 2018 Elsevier Inc. All rights reserved.

CHAPTER 19

Android User Enabled Security: Passwords and Gesture

Information in This Chapter

• SecurityonAndroids

• Simplesecurityvalues

• Thepasswordlock

• Hashcat

• Thepatternlock(gesture)

• Usingarainbowtable

• SHA-1exercise

Introduction—Security on Androids

Sincetheirinception,Androiddevices(thefirstbeingtheHTCG1)haveprovidedtheusertheabilitytoemploysimplesecuritymeasures.Astheoperatingsystemversionschanged,differenttypesofsecurityalsoevolved.Today,theconsumercanrelyonembeddedsecu-rityfeaturesfromaspecificOSorexclusivesettingsbasedonthemakeandmodel.Thereisalsoanabilitytodownloadandinstallspecificapplicationsforthesamepurpose.SomeofthemorepopularandembeddedbyOSand/ormakeandmodel,includebutarenotlimitedto: • PIN• Password• Pattern(gesture)• Fingerprint• Facialrecognition• Knocklock

Itwouldbeunnecessarytodedicateanentirechaptershowingeachofthesesecuritytypes.Instead,thischapterwillprimarilyaddressthepasswordandgesturelock.ThisiscontinuingtobeoneofthemorepopularuserenabledsecuritymeasuresemployedonAndroids.Some

284 Chapter 19

ofyoumaybereadingthisandsaying,“My ______ (fill in the blank) unit/machine/utility can get past that security. What do I need to know more about this process?”

Yes,intheforensicutilitymarket,manymakesandmodelsaresupportedforbypassingthegesturelock.Therearesomeexaminers,however,whomayfindtheneedtotestifyontheprocessor,insomecases,manuallyobtainthelockvalue(s)toenterthephoneforvisualvalidation,manualdocumentation,ortoenable/disableasettingtoperformanadditionalexamination.ThecontentinthischapterwillallowtheexaminertohavemoreinsightintoatleastoneofthemorepopularsecuritymeasuresthatisstoredonanAndroid.

Simple Security Values

Beforetheadventofsmartphones,theoperatingsystemonsomephoneswouldsimplystoretheactualuservaluewithintheoperatingsystem.Thismeansthatiftheuserplacedahandsetlockcodeof1325onasimplebarorflipphone,thatvaluewouldbestoredinthebasicencodingforthephone,usuallyinASCIIorUnicode.ItcouldeasilybelocatedbyemployingencodingsearchtechniquesusingpopulartoolssuchasCellebrite'sPhysicalAnalyzer.Also,manyofthedeviceswillcontaintheuserPINandusersecuritycodejustafewoffsetsfromoneanotherwithinthefilesystem.Onsomephones,thesecuritycodeisusedtobypassthePINifitisunknown.Inapastcriminalinvestigationseveralyearsago,ahomicidevictimdecidedtochangehis4-digitPINand6-digit(default)securitycodes.ThephonewasaMotorolaiDEN.Atthetimeofthisincident,automatictoolswerelimited,andlargevendorssuchasCellebritedidsupportthephoneforphysicalextraction,buttheparsingonSMSandotheruserareaswaslimited.Logicalsettings,however,wouldparsetherequiredfieldsforthecase.Atestphoneofthesamemodelwasusedtoplaceadifferent(known)valueforthePINand6-digitsecuritycode.UsingtheFind—CodetabinPhysicalAnalyzer,thevaluesonthetestphonewereeasilylocated.Theywereanoffsetapartandhaduniquecharactersbeforeandafterthesesecuritycodes.ARegEXexpressionwasthenusedtolocatethevaluesonthevictim’sphone,unlocktheGUI,andallowalogicalparsingofseveralSMSmessagesrelatedtohisdeath.Thepointofexplainingthiscaseistoconveythatthesevalueswereonthephone,intheiroriginalstate.Thiswastypicallyhowphonesstoredthesecurityimposedbytheuser.Therearemanyphonesstillsoldtodaythatworkthisway.Thesegenerallyfallintothepay-as-you-go,simple“burner-phone”categories.Theylacksophisticatedoperatingsystemsandhavelimitedfeatures.Manyaresupportedbyseveralcommercialforensictools,whileothersmaylockdowntheirUSBdataport.

Fig.19.1isafilesystemfromanLGVX8100thatwasacquiredfromBitpim.Withinthenvm_securityfolderwecanseethedefault6-digitsecurityvalueof000000.TheuserenabledsecurityPINisbelowthis,towardtheendofoffset90as1397(bottomimageinFig.19.1).

Android User Enabled Security: Passwords and Gesture 285

Smartphones

Inmostcaseswhentheuseremploysaspecifictypeofsecurityonasmartphone,theactualvalueisconvertedoutofthissimpleformatshowninFig.19.1.Dependingonwhichtypeofsecuritytheuserchooses,itrunsacheckagainstaspecifichashvalueofthatsecuritywhentheuserwantstoentertheGUI.Itisimportantthatexaminersunderstandthatwhenitcomestothegestureandpasswordlocks,wearenotaddressingtheentirefile

Figure 19.1Example of default security and user set PIN values of an LG VX8100 mobile phone.

286 Chapter 19

systemencryption,butsimplythesecurity(value)encryptionthatisperformedeachtimeauserentersthephone.Thisisnottosaythatthereisnohardware-basedencryptionthatmaybegoingonwithnewerchipsets.ManyreadersareprobablyawareofissueswithneweriPhones.ThisalsoappliestonewerdevicesusingtheUFSchip.Thiswillbecomeevenmoreproblematic,andnewtechniqueswillhopefullyaddressexploitsfortheseissues.

Thischapterwilldiscussthesecurityaspectofboththepassword lockandthepattern lock employedonAndroids.Itwillconcludewithfocusingonmanuallycreatingahashvaluebasedonabinaryfilecreatedfromthegesturepattern.

The Password Lock

Whenausersetsupapasswordlock,he/shecanemployhis/herownchoiceofdatathatcontainspecialcharacters,numbers,letters,oranycombinationofthesame.Iftheusersetsupapasswordlock,itisgivenahashthatusesacombinationofSHA-1andMD5.Thevalueisalsosalted.Saltorsaltingistheprocessofaddingadditionalsecurity,asitrandomizesthehash.Thiscanpreventdictionariesandrainbowtablesfrombreakingthehashvaluesthatarealwaysthesame,suchaswhatreaderswillseewhenwediscussthegesturevalue.TheAndroidpasswordcanbecomplex,with4–16charactersinlength.Thereare94possiblecharactersperspace,withusershavingthechoiceoflower/uppercaseletters,digits,andpunctuation.Thegoodnews(ifitcanbecalledthat)isthattherearenospacesallowed.Ifwemanuallylocatethevaluewithinthefilepassword.key(Data/System/)location,thepasswordhashhasa72-bytehexadecimalvalue.Fromlefttoright,itiscomprisedofthefirst40bytesshowingtheSHA-1hash.Thisisimmediatelyfollowedbytheremaining32bytesoftheMD5hash.Becausethevalueissalted,thesaltvaluemustberecoveredfirst.Saltisrepresentedinhexadecimalasarandom64-bitinteger.Saltisstoredinsettings.db(SQLitedatabasefile),whichisnamedlockscreen.password_salt.Thiswillbewithinthe(rebuilt)filesystemshownhere:

data/data/com.android.providers.settings/databases/settings.db

IfexaminershavepulledabinarythathasnotbeenrebuiltanddecodedwithtoolssuchasPhysicalAnalyzer,itisalittlebitmoretime-consumingtolocatethepassword.keyandthesaltvalue.IfexaminersconductanASCIIsearchfor“lockscreen.password_salt,”theywillobtainatleastonehitthatplacesthemingeneraltheareatheyneedtolookfortheentiresaltvalue.Thesaltisastringofthehexadecimalrepresentationofarandom64-bitinteger.ThevaluealongwiththeMD5orSHA-1fromthepasswordkeylocationcanthenbeusedtobruteforceattackthevalueswithHashcat.HerearesomestepstohelpexaminerslocatethesaltwhentheyhaveaphysicalfilefromaJTAG,ISP,orchip-offexamination.

Android User Enabled Security: Passwords and Gesture 287

Hashcat

Hashcatisafree,open-sourcetool,whichsupportsseveraldifferentalgorithms,andcanbeinstalledinmultipleoperatingsystems[1].Usingtheirlatestlistfromtheversionavailableatthetimethiswaswritten(3.30),thefollowingalgorithmscanbeattacked: • MD4,MD5,HalfMD5(left,mid,right),SHA1,SHA-224,SHA-256,SHA-384,SHA-

512,SHA-3(Keccak),SipHash,RipeMD160,Whirlpool,DES(PT=$salt,key=$pass),3DES(PT=$salt,key=$pass),GOSTR34.11-9,GOSTR34.11-2012(Streebog)256-bit,GOSTR34.11-2012(Streebog)512-bit,DoubleMD5,DoubleSHA1,md5($pass.$salt),md5($salt.$pass),md5(unicode($pass).$salt),md5($salt.unicode($pass)),md5(sha1($pass)),md5($salt.md5($pass)),md5($salt.$pass.$salt),md5(strtoupper(md5($pass))),sha1($pass.$salt),sha1($salt.$pass),sha1(unicode($pass).$salt),sha1($salt.unicode($pass)),sha1(md5($pass)),sha1($salt.$pass.$salt),sha1(CX),sha256($pass.$salt),sha256($salt.$pass),sha256(unicode($pass).$salt),sha256($salt.unicode($pass)),sha512($pass.$salt),sha512($salt.$pass),sha512(unicode($pass).$salt),sha512($salt.unicode($pass)),HMAC-MD5(key=$pass),HMAC-MD5(key=$salt),HMAC-SHA1(key=$pass),HMAC-SHA1(key=$salt),HMAC-SHA256(key=$pass),HMAC-SHA256(key=$salt),HMAC-SHA512(key=$pass),HMAC-SHA512(key=$salt),PBKDF2-HMAC-MD5,PBKDF2-HMAC-SHA1,PBKDF2-HMAC-SHA256,PBKDF2-HMAC-SHA512,MyBB,phpBB3,SMF,vBulletin,IPB,WoltlabBurningBoard,osCommerce,xt:Commerce,PrestaShop,MediawikiBtype,Wordpress,Drupal,Joomla,PHPS,Django(SHA-1),Django(PBKDF2-SHA256),EPiServer,ColdFusion10+,ApacheMD5-APR,MySQL,PostgreSQL,MSSQL,OracleH:Type(Oracle7+),OracleS:Type(Oracle11+),OracleT:Type(Oracle12+),Sybase,hMailServer,DNSSEC(NSEC3),IKE-PSK,IPMI2RAKP,iSCSICHAP,CramMD5,MySQLChallenge-ResponseAuthentication(SHA1),PostgreSQLChallenge-ResponseAuthentication(MD5),SIPDigestAuthentication(MD5),WPA,WPA2,NetNTLMv1,NetNTLMv1+ESS,NetNTLMv2,Kerberos5AS-REQPre-Authetype23Kerberos5TGS-REPetype23,NetscapeLDAPSHA/SSHA,LM,NTLM,DomainCachedCredentials(DCC),MSCache,DomainCachedCredentials2(DCC2),MSCache2,MS-AzureSyncPBKDF2-HMAC-SHA256,descrypt,bsdicrypt,md5crypt,sha256crypt,sha512crypt,bcrypt,scrypt,OSXv10.4,OSXv10.5,OSXv10.6,OSXv10.7,OSXv10.8,OSXv10.9,OSXv10.10,AIX{smd5},AIX{ssha1},AIX{ssha256},AIX{ssha512},Cisco-ASA,Cisco-PIX,Cisco-IOS,Cisco$8$,Cisco$9$,JuniperIVE,JuniperNetscreen/SSG(ScreenOS),AndroidPIN,Windows8+phonePIN/Password,GRUB2,CRC32,RACF,Radmin2,Redmine,OpenCart,CitrixNetscaler,SAPCODVNB(BCODE),SAPCODVNF/G(PASSCODE),SAPCODVNH(PWDSALTEDHASH)iSSHA-1,PeopleSoft,PeopleSoftPS_TOKEN,Skype,WinZip,7-Zip,RAR3-hp,RAR5,AxCrypt,AxCryptin

288 Chapter 19

memorySHA1,PDF1.1–1.3(Acrobat2–4),PDF1.4–1.6(Acrobat5–8),PDF1.7Level3(Acrobat9),PDF1.7Level8(Acrobat10–11),MSOffice<=2003MD5,MSOffice<=2003SHA1,MSOffice2007,MSOffice2010,MSOffice2013,LotusNotes/Domino5,LotusNotes/Domino6,LotusNotes/Domino8,Bitcoin/Litecoinwallet.dat,Blockchain,MyWallet,1Password,agilekeychain,1Password,cloudkeychain,Lastpass,PasswordSafev2,PasswordSafev3,Keepass1(AES/Twofish)andKeepass2(AES),Plaintext,eCryptfs,AndroidFDE<=4.3,AndroidFDE(SamsungDEK),TrueCrypt,VeraCrypt[1].

TheuseofHashcatcouldeasilytakeupacoupleofdifferentchapters.Wewillnotspendtoomuchtimecoveringtheexactstepsofthisprogram.Inpreviousversions,theuserneededtospecifyiftheyneededoclHashcat,forAMDgraphiccards,orCudaHashcat,iftheyusedNvidia.Theyhavecombinedtheuseintooneprogram,andsomeoftheexamplesusedinthischapterusedversion3.30.

WhenweattempttobreakthepasswordonanAndroid,Hashcathastheabilitytobreaktheentirestringof72bytes,alongwiththesalt,butthetimeevolvedtremendouslyincreases.Ifwefocusonseparatingthesehashes,andthenlocatingthesalt,itmakestheattackmucheasiertomanage.Ofcourse,thelongerthepassword,themoretimeneeded.Mostindividualsdonotuseall16charactersandgenerallykeeptheirpasswordrelativelyshort.Thefoodforthoughthereisifyouhavearobustforensicmachine,whynottryit?Hashcatusuallyrunsanestimatedtimeonhowlongtheprocesswilltake.Fromthereyoucandecideifyouwanttocontinueorkeepitrunningandhanditovertoyourreplacementafteryouretirewith30yearsofservice.

Ifwearedealingwitharawphysicalpullthathasnotbeendecoded,wecanusethesearchtechniquepreviouslydescribed(lockscreen.password_salt)tolocatethegeneralareatofindthesalt.Aswelookatthesearchresults,weneedtoexaminethebytevaluedirectlyinfrontofthissearchhit.Itwillbeinarangebetween0×0Fand0×35.Thatbyteprovidestheexaminerthelengthofthesalt.Directlyinfrontoftheseseriesofbytes,therewillbeabytedisplayingthevalueof0×3D.Thisbyterepresentsastringlengthof24,whichisthelengthofourvaluewearelookingfor.Fig.19.2depictsanactualsaltvaluethatrepresentsthesevalueswejustexplainedandtheASCIIsearchhitthatwasused.Forreaderswhoareviewingthisbookelectronically,theyarecolorcodedandlabeledtoillustratethisfurther.Oncewelocatethesaltinteger,itneedstobeconvertedtohexadecimal.InolderversionsofHashcat,theuppercaselettersintheconvertedvaluemustbeconvertedtolowercasetoconductbruteforceattempts.ThenewerversionofHashcat(3.30)nolongerrequiresthisstep.Fig.19.3depictsthesaltvaluefromthesettings.dbarea,whichismucheasiertolocate.Again,dependingonwhichtypeofextractionexaminershaveperformed,themethodneededforlocatingthesaltwillbedetermined.Obviously,thedatabaseismucheasierandpreferred,ifthisispossibleinyourcasework.

Figure 19.2Breakdown of locating the salt value in Hex View and converting the integer value to hexadecimal.

Figure 19.3Breakdown of locating the salt value from the com.android.providers.settings/databases/settings.

db location and converting the integer value.

290 Chapter 19

HashcatcanattemptbruteforcewiththeSHA-1orMD5followedbythesaltvalue.Useoneortheother,buttosavetime,nottheentirecombined72-byte(SHA-1/MD5)passwordcombination.Fromlefttoright,thefirst40bytesaretheSHA-1,followedbytheremainingbytesforMD5.SincetheMD5isshorter(32bytes),itismucheasiertousethatvaluefromthepassword.keylocationtoattempttheattack.

Thefirstfourscreenshots(figures)containedonthecompanionsitedealdirectlywiththehelplistfromHashcat.Thefirstfigure,Fig.19.1(companionsite),isobtainedfromHashcat3.30.Thisisdirectlyfromthehelpcommand(C:\>hashcat64.exe-h),whichdisplaysthevariousoptionsandcommandsthatcanbeused.Thisfirstscreenshotisjustsomeofthechoices,therearemore.Fig.19.1(companionsite)showsthefirstchoice,whichisthe“Options.”Fig.19.2(companionsite)isafewofthe“Hashmodes.”Again,nottheentirelistofallthechoices.Fig.19.3(companionsite)depictsthe“AttackModes.”ThelastfigurefromHashcat3.30(companionsite,Fig.19.4)showssome“BasicExamples”andlinkstowherepeoplecanlocateadditionalhelp.

Obviously,thetoolrunsinthecommandline(Run As Administrator)and,dependingonthevideocardused,willrepresentwhichadditionallinecodesauserwoulduse.IfweinstallHashcatintherootofC:driveinWindows,wecoulduseacommandlineona64-bitWindowsmachinethatisrunningasupportedGPUasthefollowing:

C:\.Hashcat64.exe-a3-m110AE36A990BF8300123E43EBF01E39EE41335F1406:b6c0bdef9c965d96

UsingtheembeddedHashcatgeneralhelplistwouldshowthat-a 3isabruteforceattackoption,andqualifiernotedas-misouroptionforhashtype,andthe110isusedforSHA-1($pass.$salt).IfwehadusedtheMD5value,thecommandwouldbethesameexceptwewouldchangethe110to10fortheMD5($pass.$salt).

ThiscombinationofsaltingthehashvaluemadefromaSHA-1andMD5isnotalwaysfollowedineveryAndroid.Samsung,forexample,changedsomeoftherules.SamsungIIIandhighernolongerutilizetheSHA-1andMD5combinationandinsteadtakethehashandsaltandperform1024SHA-1interactions.

UsingJohnLehr’s“AndroidPasswordPossibilities”chart[2],letusputthisintoperspectivewithalengthandnumberofpasswordpossibilitiescomparison:

Length (PW) Number of (PW) possibilities

4 78,074,8965 3,339,040,2246 689,869,781,0567 64,847,759,419,2648 6,095,689,385,410,816

Android User Enabled Security: Passwords and Gesture 291

Length (PW) Number of (PW) possibilities

9 572,994,802,228,616,70410 53,861,511,409,489,970,17611 5,062,982,072,492,057,196,54412 475,920,314,814,253,376,475,13613 44,736,509,592,539,817,388,662,78414 4,205,231,901,698,742,834,534,301,69615 395,291,798,759,681,826,446,224,359,42416 37,157,429,083,410,091,685,945,089,785,856

Aswecansee,toolssuchasHashcatareneededtospeeduptheprocessofbruteforcecrackingpasswords.ReaderscanlocateadditionalinformationregardingHashcatthroughInternetsearches.Anotherinterestingwaysomeexaminersaretacklingtheproblem,isbydaisychainingseveralhigh-endgraphiccardsandcreateamachinededicatedtocrackingpasswords.

Q. Why decode the password lock?

Inmostforensicscenarios,theexaminerhasperformedaphysicalpull,andforvariouscase-relatedreasons,decodingofthepasswordlockisneeded.Itmaybeacasewhereafilesystemorlogicalpullisnecessary,andtheexaminermustgetintotheGUIofthedevicetoenabletheUSBdebugging.Theremayalsobecaseswheretheexaminerneedstoviewapplicationdataunderanexigentsituationorvalidatedata.Whateverthereason,theremaybetimeswhenthephysicalexaminationisnotenoughforthecaserequirements.

TheactualpullitselfwhenthereisapasswordlockenabledcanbeaccomplishedwithrootedAndroids,debuggingbeingenabledalready,orinsomecasesusingJTAGorISPpulls.TherearesomenewerAndroidsthatwillnotsupportrootingand/orJTAP/ISP.Becauseofthecomplexityofsomepasswords,pythonscriptscouldtakeinsomecases,over8500millenniatocomplete.However,forensicmachinesthatemployhigher-endgraphiccardormultiplecardscouldcrackthesamepasswordinhours.Therearespecificlimitationsandtheremaybesituationswherethepasscodecannotbebruteforcedintheexaminer’slifetimeoratleastwithoutmorehardwarecostsbeingemployedonthehostmachine.

The Pattern Lock (Gesture)

TheGUIoftheAndroidshowsthepatternlockasaseriesofrounddotsasshowninthesimpleillustrationinFig.19.4.Therearetotallynine—threeinthreerows.Ifwenumbereachoftheseandbegincountingfromlefttorightandcontinuecountinglefttoright,eachwillhaveitsownnumber.Likethepasswordlock,thesecuritydoesnotstorethevaluesofeachoftheseasanumber,butSHA-1hashesthevalue,andstorestheSHA-1.Userswhocreateapatternarenotallowedtomoveoveronepointseveraltimes,andthereareonly895,924variantstothepatternonanAndroid.ThehashedSHA-1valuegiventothebytes

292 Chapter 19

isplacedinthefilesysteminthegesture.keyfile,againwiththesamepathasbefore:/data/system.Computersbegincountingatvalue0.Thefirstgestureisnotavalueof1convertedtobytesthenSHA-1,butratheravalueof0.Thismeansthatthevaluesstartatzeroandendwitheight,notnine.Thehexadecimalequivalentofeachsinglepointis0×00,through0×08.

Figure 19.4Illustration to show the numbering of the 9 pattern (dots) on the screen of an Android and how they

are counted in hexadecimal.

Ifwecreatedtheminimumlengthofagesturepatternoffourareasandbeginwiththenumberedvaluesused1,2,3,4(leftsideimageinFig.19.5),thiswouldutilizecorrespondingbytes00010203,whichwouldinturnperformaSHA-1hash.TheresultinghashalgorithmwouldbestoredontheAndroidinthegesture.keylocationas:

A02A05B025B928C039CF1AE7E8EE04E7C190C0DB

Android User Enabled Security: Passwords and Gesture 293

Ifwecreatethegesturecombinationof9,8,7,6,5,4,3,2,1,itwouldshowaswhatisdepictedintherightsideimageinFig.19.5,andconvertthebytestotheSHA-1value,whichisalsostoredinthegesture.keylocationas:

853822DCEE4C6B59D4A9F0C4CDAF97989E29C83A

Extraction Summary

Therearecommerciallyavailableforensicprogramsthatcandecodethegesturepatternanddisplayitinthesummaryofthereport.Forexample,ifwedecodethegesturepatternonanLGLS-670,itmaydisplaywithinthesummaryasunlockpattern1->2->3->6->9->8->5->4->7.

SHA-1 Exercise

Tohelpbetterunderstandthevaluesthatarestoredinthegesture.keylocation,thereisasimpleexercisethatreplicatesthestoredgesturethatishashasaSHA-1.Severalofthetools

Figure 19.5Two different examples of gesture security patterns (1,2,3,4 and 1,2,3,4,5,6,7,8,9).

294 Chapter 19

usedinthisexamplearefree.TheexamplealsousesPhysicalAnalyzertoviewthefileafterwecreateit.Viewingthefilethatwascreatedisnotnecessarybutitdoeshelpvalidatethatnomistakesweremadewiththebytesthatwerecreated.Also,otherfreeviewerssuchasFTKImagerwillwork.Tostartwith,downloadafreehexcreationtool.TheonethatisshowninthisexampleiscalledHexEditorXVI32andiscreatedbyChristianMas.XVI32isafree-warehexeditorrunningunderWindows9x/NT/2000/XP/Vista/7.ThenameXVI32isderivedfromXVI,theromannotationforthenumber16[3].

OnceHexEditorXVI32isdownloadedandinstalled,gotoEdit—Insert String.ThiswillbringuptheInsertwindow.LeavetheText stringand“as Unicode Latin (UTF-16LE)” settingsblank.SelecttheHex stringsetting.Leavealltheothersettingsintheirdefaultsettingsasseenwhentheprogramfirstopens.IntheblankboxbelowtheHex string setting,typeasimplegesturepatternof00010203.Thefieldwillautomaticallyspacethebytesaccordingly.ThisrepresentsausercreatingapatternlockfromlefttorightontheGUIofthephoneof1,2,3,4asshowninourpreviousexample(image)containedintheleftsideofFig.19.5.Oncethishasbeencompleted,selectOK.Thefilemustbesaved.SelectFile—Save as,andnamethefile.Intheexampleprovided,thefilewasnamed01_through_04.Inthe“Saveastype”makecertain(*.*)isselected.Onthecompanionsite,Fig.19.5depictsthefirsttwostepswhencreatingthefileusingtheHexEditorXVI32program.Fig.19.6ofthecompanionsitealsoshowsthenamingconfigurationthefileneedstobesavedin.

ThisfilecanbeopenedwithahexviewerorFTKImager.ThenextstepistocreateaSHA-1hashvalue.Again,thereareseveralfreeprogramsavailable,andFTKImagercancreatebothanMD5andSHA-1,exportingthevaluestoa.csvfile.Inourexample,weuseDigitalVolcanoHashTool1.1.“A freeware utility to calculate the hash of multiple files. This is a 128-bit number usually expressed as a 32-character hexadecimal number. It can be said to be the ‘signature’ of a file or string and is used in many applications, including checking the integrity of downloaded files. This compact application helps you quickly and easily list the hashes of your files” [4].ThisfreeutilityallowstheusertohashdesiredfilesusingMD5,SHA-1,SHA-256,SHA-384,SHA-512,andCRC-32algorithms.

Oncetheprogramisdownloadedandinstalled,weselectSHA-1,andthenselectoursaved*.*file,andinourexampleof1,2,3,4(bytes00010203),theSHA-1valuecreatedis:

a02a05b025b928c039cf1ae7e8ee04e7c190c0db

IfwetakeadictionaryofpossibleSHA-1patterns(RainbowTable)thatuseallthevariantspossible,wewillseethatthisSHA-1matchesourpatternof1,2,3,4(or0,1,2,3).The

Android User Enabled Security: Passwords and Gesture 295

Figure 19.6DigitalVolcano Hash Tool and comparison with an Android Gesture dictionary (Rainbow Table).

companionsite(Chapter19),containstextfiletitled“Gesture Dictionary_Rainbow table—Notepad.”ThiswasusedtocomparetheSHA-1valuewecreatedfromourbytesof00010203.Fig.19.6showstheSHA-1valuecreatedusingDigitalVolcanoHashTool1.1followedbypastingthevalueusingCtrl+Fkeysintothedictionary.ThematchingvaluesarehighlightedinthebottomimageofFigure19.6.

296 Chapter 19

ThisrainbowtablecanbeutilizedtodecodeanySHA-1valuethatisinthegesture.keylocation.ThisisalsohowPhysicalAnalyzerdecodesthesameentry.Byunderstandinghowthepatternisstored,aswellashowtoreplicateanddecodethesameSHA-1bytevalues,examinersshouldnowhaveabetterunderstandingofthissecurityfeatureonAndroids.

Chapter Summary Key Points

Simple(nonsmartstyle)phonestypicallystoretheuserenabledsecuritycredentialsonthephone.Thevaluesareusuallyeasytodecode.Asphonesbecomemorecomplex,sodothetypesofsecurityfeaturesthatareavailabletotheuser.Androiduserscontinuetoemployboththegesturepatternandpassword.Theusercancreateapasswordwithvariouscombinationsofcharactersupto16entries.AndroidpasswordsuseacombinationofSHA-1andMD5.Thevalueisalsosaltedwitharandominteger.Ifexaminersaredecodingafilethathasnotbeenrebuiltwithdatabases,theycanemploysearchtechniquestolocatethegeneralareaofthesaltvalueforthepasswordlock.Ifthepartitionsandsubsequentdatabaseshavebeenrebuilt,thesaltlocationismucheasiertofind.

Theintegervalueofthesaltwillneedtobeconvertedtohexadecimal,anduppercaselettersconvertedtolowercase,whenexaminersuseolderversionsofHashcattobruteforcethepassword.Oncethisiscompleted,theSHA-1orMD5canbecombinedwiththeconvertedsaltvalue.SpecificlinecommandscanbefoundinthehelpmenutoassistwithusingHashcat.Thesystemusedmusthaveaspecifictypeofvideocardanddriver.Themorecardsthatareused,thefasterthebruteforceworks.

ThegesturepatternthatusersstoreontheirAndroidsisstoredasaSHA-1value.Thiswillbeinthegesture.keylocationwithinthefilesystem.Examinerscanmanuallydecodethisvalueusingadictionary(RainbowTable).Tohelpbetterunderstandhowthebytesofthegesturearestored,examinerscanreplicatetheactualbytes,createaSHA-1value,andmanuallylocatethesamevalueinadictionary.Thiscanhelptobetterunderstandtheprocessandassistduringanyexplanationsneededduringthejudicialprocess.

ThischapterbrieflytouchesonhowtwopopularformsofAndroidsecurityarestored,andhowexaminersmaygoaboutlocatingandpotentiallycrackingthesecurity.Therearemanymoreformsofsecurityattheuser’sdisposal.IfyouhappentoownanAndroidanduseeitherthegesturepatternorpasswordsecurity,hopefullyyouunderstandtheseconceptsevenmore.

References

[1] Hashcat,AdvancedPasswordRecovery,January6,2017.https://hashcat.net/hashcat/.[2] What’sinanAndroidPassword?,December31,2012.

http://linuxsleuthing.blogspot.com/2012/10/android-pinpassword-cracking-halloween.html.[3] FreewareHexEditorXVI32,June26,2012.http://www.chmaas.handshake.de/delphi/freeware/xvi32/xvi32.htm.[4] DigitalVolcanoSoftware.https://www.digitalvolcano.co.uk/hash.html.