HomePassword AttackAndroid pin Bruteforce attack

Android pin Bruteforce attack

Turn your Kali Linux PC or Kali Nethunter phone into a brute-force PIN cracker for Android devices

Android-Pin-Bruteforce – Android phones are quite popular. Android offers a password lock option for self-data security, with two password locks, one pin lock, and two pattern locks. In this post, we will see how to hack this pin lock.

The method we will use to crack the android pin password is bruteforce, and the tool we will use for this is Android-Pin-Bruteforce, which can be used on both Android and Linux and is entirely written in shell script.

How Android-Pin-Bruteforce Tool works

Click Here to learn more about the commands and how to use them.
It connects the locked phone to the Nethunter gadget via a USB OTG cord.
It simulates a keyboard, automatically attempts PINs, and waits after too many incorrect guesses.

[Nethunter phone] ⇌ [USB cable] ⇌ [USB OTG adaptor] ⇌ [Locked Android phone]

The USB HID Gadget driver emulates USB Human Interface Devices (HID).
This allows an Android Nethunter device to mimic keyboard input to the locked phone.
It’s the same as inserting a keyboard into a locked phone and pressing keys.

It takes a little more than 16.6 hours to try all possible 4 digit PINs, but with the optimised PIN list, you should be able to do it in much less time.


  • A locked Android phone
  • A Nethunter phone (or any rooted Android with HID kernel support)
  • USB OTG (On The Go) cable/adapter (USB male Micro-B to female USB A),
    and a standard charging cable (USB male Micro-B to male A).

Benifits of Android-Pin-Bruteforce

  • Turn your NetHunter phone into an Android PIN cracking machine
  • Unlike other methods, you do not need ADB or USB debugging enabled on the locked phone
  • You don’t need to buy special hardware, e.g. Rubber Ducky, Teensy, Cellebrite, XPIN Clip, etc.
  • You can easily modify the backoff time to crack other types of devices
  • It works!

Features of Android-Pin-Bruteforce

  • Optimised PIN list
  • Bypasses phone pop-ups including the Low Power warning
  • Detects when the phone is unplugged or powered off, and waits while retrying every 5 seconds
  • Configurable delays of N seconds after every X PIN attempts
  • Log file gets created for further debugging

Installetion & Usages

Android-PIN-Bruteforce is used to unlock an Android phone (or device) by bruteforcing the lockscreen PIN.

  Find more information at: https://github.com/utsanjan/Android-Pin-Bruteforce

  crack             Begin cracking PINs
  resume            Resume from a chosen PIN
  rewind            Crack PINs in reverse from a chosen PIN
  diag              Display diagnostic information

  -f, --from PIN    Resume from this PIN
  -m, --mask REGEX  Use a mask for known digits in the PIN
  -t, --type TYPE   Select PIN or PATTERN cracking
  -l, --length NUM  Crack PINs of NUM length
  -d, --dry-run     Dry run for testing. Doesn't send any keys.
  -v, --verbose     Output verbose logs.

  android-pin-bruteforce <command> [options]

Optimised pin list

pinlist.txt is an optimised list of all possible 4 digit PINs,
sorted by order of likelihood. pinlist.txt is from the following:

This list is used with permission from Justin Engler & Paul Vines from Senior Security Engineer, iSEC Partners, and was used in their Defcon talk, Electromechanical PIN Cracking with Robotic Reconfigurable Button Basher (and C3BO)

Cracking with masks

Masks use regular expressions with the standard grep extended format.

./android-pin-bruteforce crack --mask "...[45]" --dry-run

  • To try all years from 1900 to 1999, use a mask of 19..
  • To try PINs that have a 1 in the first digit, and a 1 in the last digit, use a mask of 1..1
  • To try PINs that end in 4 or 5, use ...[45]


Leave A Reply

Please enter your comment!
Please enter your name here

Most Popular