问题
Does anyone know where I can find some technical articles explaining the Android's screen locker mechanism? I want to understand how a password is protected, where it is saved, how it communicates with the locker screen, gui, etc.
回答1:
How does Android's screen locker work?
The password works like a traditional password. Its digested and stored. The data security is a little weak (see the bug reports below).
The pattern locker turns the pattern into a string, and then it works like a traditional password. The data security is a little weak (see the bug reports below).
The face unlocker is based on facial recognition. It falls back to passwords if detection fails. I don't know anything about the recognizer.
sstendal's answer below provides a link to using Yubikeys and One-Tme Passwords (OTP) over NFC to unlock your Android phone. Nikolay Elenkov's blog rocks, so you'll almost certainly learn something.
For the password and pattern locker source code, see https://android.googlesource.com/platform/frameworks/base/+/HEAD/core/java/com/android/internal/widget/LockPatternUtils.java.
For face recognition source code, see https://android.googlesource.com/platform/frameworks/base/+/HEAD/core/java/com/android/internal/widget/FaceUnlockView.java. Also see https://android.googlesource.com/platform/frameworks/base/+/99f2f5e/packages/Keyguard/src/com/android/keyguard/FaceUnlock.java.
As of Android 4.4, the unlocker (called KeyGuard) was moved to a separate component. I believe its source is at https://android.googlesource.com/platform/frameworks/base/+/99f2f5e/packages/Keyguard/src/com/android/keyguard.
You can use ADB to reset the relevant fields in the system's SQLite database. Here's the Google Search from VenomVendor below.
The implementation has some rough edges. I know there are some bug reports on the subject. For example:
- Lock Pattern/Pattern uses Immutable Strings
- Password/Pattern Serialization use 8 byte salts
- Lock Pattern/Pattern uses Unsalted SHA Hash
- Lock Pattern/Password uses MD5 Hash
回答2:
Nikolay Elenkov explains how you can implement your own screenlock authentication mechanism for Android:
http://nelenkov.blogspot.no/2014/03/unlocking-android-using-otp.html
来源:https://stackoverflow.com/questions/22601046/how-does-androids-screen-locker-work