Now that we have gesture.key, which contains the pattern lock information, let's take a look at the file contents:

Contents of gesture.key in a hex editor

The hex contents of the file are an unsalted SHA-1 hash of the swipe pattern. The fact that there are a limited number of possible patterns (there is a four digit minimum and a nine digit maximum because each number can only be used once), the simplest method for cracking this hash is a dictionary attack. An examiner can create a dictionary consisting of every possible pattern, but re-inventing the wheel isn't always necessary. CCL Forensics, based in the UK, provides ...