Android-Pin-Bruteforce – Android phones are quite popular. Android offers a password lock option for self-data security, with twoย passwordย locks, one pin lock, and two pattern locks. In this post, we will see how to hack this pin lock.
The method we will use to crack the android pin password is bruteforce, and the tool we will use for this is Android-Pin-Bruteforce, which can be used on both Android and Linux and is entirely written in shell script.
How Android-Pin-Bruteforce Tool works
Click Here to learn more about the commands and how to use them.
It connects the locked phone to the Nethunter gadget via a USB OTG cord.
It simulates a keyboard,ย automatically attempts PINs, and waits after too many incorrect guesses.
[Nethunter phone] โ [USB cable] โ [USB OTG adaptor] โ [Locked Android phone]
The USB HID Gadget driver emulates USB Human Interface Devices (HID).
This allows an Android Nethunter device to mimic keyboard input to the locked phone.
It’s the same as inserting a keyboard into a locked phone and pressing keys.
It takes a little more than 16.6 hours to try all possible 4 digit PINs, but with the optimised PIN list, you should be able to do it in much less time.
Requirements
- A locked Android phone
- A Nethunter phone (or any rooted Android with HID kernel support)
- USB OTG (On The Go) cable/adapter (USB male Micro-B to female USB A),
and a standard charging cable (USB male Micro-B to male A).
Benifits of Android-Pin-Bruteforce
- Turn your NetHunter phone into anย Android PINย cracking machine
- Unlike other methods, you do not need ADB or USB debugging enabled on the locked phone
- You don’t need to buy special hardware, e.g. Rubber Ducky, Teensy, Cellebrite, XPIN Clip, etc.
- You can easily modify the backoff time to crack other types of devices
- It works!
Features of Android-Pin-Bruteforce
- Optimised PIN list
- Bypasses phone pop-ups including the Low Power warning
- Detects when the phone is unplugged or powered off, and waits while retrying every 5 seconds
- Configurable delays of N seconds after every X PIN attempts
- Log file gets created for further debugging
Installetion & Usages
Android-PIN-Bruteforce is used to unlock an Android phone (or device) by bruteforcing the lockscreen PIN.
Find more information at: https://github.com/utsanjan/Android-Pin-Bruteforce
Commands:
crack Begin cracking PINs
resume Resume from a chosen PIN
rewind Crack PINs in reverse from a chosen PIN
diag Display diagnostic information
Options:
-f, --from PIN Resume from this PIN
-m, --mask REGEX Use a mask for known digits in the PIN
-t, --type TYPE Select PIN or PATTERN cracking
-l, --length NUM Crack PINs of NUM length
-d, --dry-run Dry run for testing. Doesn't send any keys.
-v, --verbose Output verbose logs.
Usage:
android-pin-bruteforce <command> [options]
Optimised pin list
pinlist.txtย is an optimised list of all possible 4 digit PINs,
sorted by order of likelihood. pinlist.txt is from the following:
https://github.com/mandatoryprogrammer/droidbrute
This list is used with permission from Justin Engler & Paul Vines from Senior Security Engineer, iSEC Partners, and was used in their Defcon talk,ย Electromechanical PIN Cracking with Robotic Reconfigurable Button Basher (and C3BO)
Cracking with masks
Masks use regular expressions with the standard grep extended format.
./android-pin-bruteforce crack --mask "...[45]" --dry-run
- To try all years from 1900 to 1999, use a mask ofย
19.. - To try PINs that have a 1 in the first digit, and a 1 in the last digit, use a mask ofย
1..1 - To try PINs that end in 4 or 5, useย
...[45]