Password cracking on Android
Summary
This article briefly describes how you can use the unused processing power of your Android phone to crack passwords using John the Ripper (JtR).
Requirements
- Android Phone (Custom builds)
- Enable USB-Debugging in the Android Developer options
- Host with Android Debug Bridge (ADB) installed (Guide)
- Optionally: Terminal Emulator installed on Android (e.g. Termux)
Procedure
Unlike hashcat, JtR is very flexible and can be installed on almost any platform. It is also very easy to get John the Ripper to run on Android. Generic builds for ARM, x86 and MIPS processor architectures can be found on the Openwall wiki. A rooted device is not needed but a place in the filesystem with write permission. This is in most cases: /data/local, /data/tmp or /data/local/tmp/. Note that those folders are cleared after a restart. Termux terminal emulation tool with its built-in package manager pkg and apt may be used to download and install John, but this works rather badly in some scenario.
Download and extract the John the Ripper Android binaries from the host device. Then open the binaries folder in a terminal window on the host device.
- Start ADB Deamon
Host$ adb devices
List of devices attached
1c5c667023047ece device
- Get Android device CPU architecture
Host$ adb shell getprop ro.product.cpu.abi
arm64-v8a
- Copy files to a writable space on the Android device
Host$ adb push $JOHN_ANDROID/user/. /data/local/tmp user/./: 8 files pushed. 19.1 MB/s (7436597 bytes in 0.370s) Host$ adb push $JOHN_ANDROID/libs/$ARCHITECTURE/john /data/local/tmp libs/arm64-v8a/john: 1 file pushed. 12.5 MB/s (236032 bytes in 0.018s)
Rooted Android
- On your Android device launch some terminal application and become root (by executing
su
); - Remount /system read-write:
Android$ mount -o remount,rw /system
- Copy 'john' from the supplied 'libs' directory (based on your cpu-arch) to /system/xbin/:
Android$ cp /data/local/tmp/libs/$ARCHITECTURE/john /system/xbin/
- Fix the permissions and remount /system to be read-only
Android$ chmod 0755 /system/xbin/john Android$ mount -o remount,ro /system
- Drop root's privileges by exiting the shell.
- Benchmark to test the 'installation'
Android$ john --test
Non-Rooted Android
- Start an android shell
Host$ adb shell
- Done. Change permissions and run.
Android$ cd /data/local/tmp Android$ chmod +x ./* && ./john
- Benchmark to test the 'installation'
Android$ ./john --test
Tested Devices
- Samsung S9, Exynos M3, Android 9
- Samsung Tab S3, Snapdragon 820, Android 9
- Xiaomi Mi Mix 3, Snapdragon 845, Android 9
Courses
- Seminar Paper: Password Cracking: Software and Hardware Comparison
References
- Based on the official installation notes by (Internal-Error) and (GalaxyMaster)
- https://openwall.info/wiki/john/custom-builds#Compiled-for-Android (Accessed 11. April 2020)
- https://termux.com/ (Accessed 11. April 2020)