VivienGiraud · August 29, 2015 13:56 · VivienGiraud · Feb 10, 2014
diff --git a/samsung_hash_crack.py b/samsung_hash_crack.py
 #!/usr/bin/python

 '''
 Python implementation of passcode hashing algorithm
 used on the Samsung Galaxy S4 GT-I9505 4.2.2
 Correct PIN for hash and salt below is 1234.

 Get 40-character hash value in ascii hex format
 from file /data/system/password.key on the phone

 Get salt in signed numeric format by doing sqlite3 query
 SELECT value
 FROM locksettings
 WHERE name = 'lockscreen.password_salt' on /data/system/locksettings.db

 by @hubert3 2014-01-23
 '''

 from hashlib import sha1
 from binascii import unhexlify
 import time
 import multiprocessing

 hex_hash = '867B4B7F6C7E5CCC50A1BD183D8C3E5801F20344'
 salt_to_pass = '-3343618892075477414'


 def get_salt(salt):
        int_salt = int(salt)
        int_salt = (int_salt & 0xffffffffffffffff)
        salt = hex(int(int_salt)).lstrip("0x")
        salt = salt.rstrip('L')
        return salt


 def compute(min_per_thread, max_per_thread):
    for pin in map('{:04}'.format, range(min_per_thread, max_per_thread)):
        #binary digest, not ascii hex
        digest = sha1('0' + pin + salt).digest()
        #Samsung uses 1024 SHA-1 iterations
        for i in map(str, range(1, 1024)):
            digest = sha1(digest + i + pin + salt).digest()
            if digest == samsung_hash:
                print 'FOUND PIN %s' % pin
                end = time.time()
                print "The assignment took", end-start, "seconds."
                exit(0)


 if __name__ == '__main__':
    start = time.time()

    n_cores = multiprocessing.cpu_count()
    print n_cores, "cores found !"

    samsung_hash = unhexlify(hex_hash.lower())
    salt = get_salt(salt_to_pass)

    limit_per_cores = 10000 / n_cores

    for i in range(0, n_cores):
        p = multiprocessing.Process(
            target=compute,
            args=(i * limit_per_cores, (i + 1) * limit_per_cores))
        p.start()

    p.join()
	#!/usr/bin/python

	'''
	Python implementation of passcode hashing algorithm
	used on the Samsung Galaxy S4 GT-I9505 4.2.2
	Correct PIN for hash and salt below is 1234.

	Get 40-character hash value in ascii hex format
	from file /data/system/password.key on the phone

	Get salt in signed numeric format by doing sqlite3 query
	SELECT value
	FROM locksettings
	WHERE name = 'lockscreen.password_salt' on /data/system/locksettings.db

	by @hubert3 2014-01-23
	'''

	from hashlib import sha1
	from binascii import unhexlify
	import time
	import multiprocessing

	hex_hash = '867B4B7F6C7E5CCC50A1BD183D8C3E5801F20344'
	salt_to_pass = '-3343618892075477414'


	def get_salt(salt):
	int_salt = int(salt)
	int_salt = (int_salt & 0xffffffffffffffff)
	salt = hex(int(int_salt)).lstrip("0x")
	salt = salt.rstrip('L')
	return salt


	def compute(min_per_thread, max_per_thread):
	for pin in map('{:04}'.format, range(min_per_thread, max_per_thread)):
	#binary digest, not ascii hex
	digest = sha1('0' + pin + salt).digest()
	#Samsung uses 1024 SHA-1 iterations
	for i in map(str, range(1, 1024)):
	digest = sha1(digest + i + pin + salt).digest()
	if digest == samsung_hash:
	print 'FOUND PIN %s' % pin
	end = time.time()
	print "The assignment took", end-start, "seconds."
	exit(0)


	if __name__ == '__main__':
	start = time.time()

	n_cores = multiprocessing.cpu_count()
	print n_cores, "cores found !"

	samsung_hash = unhexlify(hex_hash.lower())
	salt = get_salt(salt_to_pass)

	limit_per_cores = 10000 / n_cores

	for i in range(0, n_cores):
	p = multiprocessing.Process(
	target=compute,
	args=(i * limit_per_cores, (i + 1) * limit_per_cores))
	p.start()

	p.join()