• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Is it possible to crack the password.key or any other .key file from /data/system/?

T

tanmaybexe

Newbie
I am a newbie... So this question came in my mind when I removed my screen lock using adb by deleting the .key file from the /data/system/ folder.... For removing we delete the .key file, but what if we copy the .key file to our local PC using adb command and then try to brute force the encryption of the .key file using hashcat (like what we do when cracking the .cap file to get the WiFi password). Also we can use a wordlist. If we can do this then we can easily brute force PIN screen lock because it has the limited range of possible number combinations. I don't know what kind of encryption method is used for encrypting the plain password/pin for android screen lock so please answer this. So please let me know if this is possible.... Also I don't if this is discussed before....
 
Is your device rooted? Because without that you should not be able to pull (or delete) stuff from /data/system. I've tested this with my unrooted Pixel and confirmed that it will not let me do that (but will for stuff in the user-accessible part of the internal storage). If your phone isn't rooted please warn us which model it is, because the security seems weaker than it should be.

If your concern is security, revoke all adb authorisations so that nobody can use ADB without unlocking the screen in order to grant the authorisation. And of course you should never give people unsupervised access to your phone, but I guess you are worried about theft.

As the the decryption, I don't know. Best is not to give anyone the opportunity to test it.
 
Hadron said:
Is your device rooted? Because without that you should not be able to pull (or delete) stuff from /data/system. I've tested this with my unrooted Pixel and confirmed that it will not let me do that (but will for stuff in the user-accessible part of the internal storage). If your phone isn't rooted please warn us which model it is, because the security seems weaker than it should be.

If your concern is security, revoke all adb authorisations so that nobody can use ADB without unlocking the screen in order to grant the authorisation. And of course you should never give people unsupervised access to your phone, but I guess you are worried about theft.

As the the decryption, I don't know. Best is not to give anyone the opportunity to test it.
Click to expand...
I am testing this one of my old phone(Panasonic T44, rooted) with Resurrection Remix Custom ROM Android 7.1(ported).
So no worries I just wanted to know if this possible without root on any device. And yes the phone is almost not used thats why I am tring it.
Is it possible?
 
Hadron said:
Yes, I'd already said that it doesn't work on my unrooted Pixel, and that there's something wrong if it works on any unrooted
Hadron said:
Yes, I'd already said that it doesn't work on my unrooted Pixel, and that there's something wrong if it works on any unrooted device.
Click to expand...
No it doesn't let me copy the .key file to my local pc when I unrooted my device....
Thanks @Hadron & @ocnbrze for answering...
Click to expand...
 
You must log in or register to reply here.
Back
Top Bottom