Home

Awesome

<h1 align="center"> <br> <a href="https://github.com/utsanjan/Android-Pin-Bruteforce/"> <img src="https://bit.ly/3M5ztgi" width="220" alt="Android Pin Bruteforce"> </a><br> Android PIN Bruteforce <br> </h1> <p align="center">Unlock an Android phone or device<br>by bruteforcing the lockscreen PIN. <br>Turn any Kali Nethunter phone into<br>bruteforce PIN cracker of Android!</p> <br>

🧭 How it works

Buy Me A Coffee‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎

To learn about the commands and other usage details Click Here. <br>It uses a USB OTG cable to connect the locked phone to the Nethunter device. <br>It emulates a keyboard, automatically tries PINs, and waits after trying too many wrong guesses. <br><br> [Nethunter phone] ⇌ [USB cable] ⇌ [USB OTG adaptor] ⇌ [Locked Android phone]

The USB HID Gadget driver provides emulation of USB Human Interface Devices (HID). <br>This enables an Android Nethunter device to emulate keyboard input to the locked phone. <br>It's just like plugging a keyboard into the locked phone and pressing keys.

⏳ This takes a bit over 16.6 hours to try all possible 4 digit PINs,<br> but with the optimised PIN list it should take you much less time.

✅ You will need

✨ Benefits

👉🏻 Features

⚙ Installation & Usage


Android-PIN-Bruteforce is used to unlock an Android phone (or device) by bruteforcing the lockscreen PIN.

  Find more information at: https://github.com/utsanjan/Android-Pin-Bruteforce

Commands:
  crack             Begin cracking PINs
  resume            Resume from a chosen PIN
  rewind            Crack PINs in reverse from a chosen PIN
  diag              Display diagnostic information

Options:
  -f, --from PIN    Resume from this PIN
  -m, --mask REGEX  Use a mask for known digits in the PIN
  -t, --type TYPE   Select PIN or PATTERN cracking
  -l, --length NUM  Crack PINs of NUM length
  -d, --dry-run     Dry run for testing. Doesn't send any keys.
  -v, --verbose     Output verbose logs.

Usage:
  android-pin-bruteforce <command> [options]

📌 PIN Lists

Optimised PIN list

pinlist.txt is an optimised list of all possible 4 digit PINs,<br> sorted by order of likelihood. pinlist.txt is from the following:<br> https://github.com/mandatoryprogrammer/droidbrute

This list is used with permission from Justin Engler & Paul Vines from Senior Security Engineer, iSEC Partners, and was used in their Defcon talk, Electromechanical PIN Cracking with Robotic Reconfigurable Button Basher (and C3BO)

🎭 Cracking with Masks

Masks use regular expressions with the standard grep extended format.

./android-pin-bruteforce crack --mask "...[45]" --dry-run

🙁 Troubleshooting

Executing the script

If you installed the script to /sdcard/, you can <br>execute it with the following command.

bash ./android-pin-bruteforce

Note that Android mounts /sdcard with the noexec flag. You can verify this with mount.

Check the cables

The OTG cable should be connected to the locked Android phone. <br>The regular USB cable should be connected to the Nethunter phone.

Diagnostics

Use the diagnostic command.

bash ./android-pin-bruteforce diag

Note that Nethunter USB HID support was inconsistent during testing and development.<br> However after it starts working, it should continue working until you crack the PIN.

If you receive this message when the USB cable is plugged in then try taking<br> the battery out of the locked Android phone and power cycling it.

[FAIL] HID USB device not ready. Return code from /system/xbin/hid-keyboard was 5.

Known Issues

Tips & Tricks

🧑🏻‍💻 Technical Details

This works from an Android phone because the USB ports<br> are not bidirectional, unlike the ports on a laptop.

Keys are sent using /system/xbin/hid-keyboard. <br> To test this and send the key 1 you can use the following: <br> echo 1 | /system/xbin/hid-keyboard dev/hidg0 keyboard

Before each PIN, we send the escape and enter keys. This is to keep the Android responsive and dismiss any popups about the number of incorrect PIN attempts or a low battery warning. My original motivation to develop this was to unlock a Samsung S5 Android phone. It had belonged to someone who had passed away, and their family needed access to the data on it. As I didn't have a USB Rubber Ducky or any other hardware handy, I tried using a variety of methods, and eventually realised I had to develop something new.

✒️ Credits

Andrew Horton<br>

Work: Andrew Horton designed the Bruteforce tool<br> which helped me a lot to design my piece of Bash Script<br> Click here to visit his Bruteforce Bash Script Repository.<br>

Justin Engler & Paul Vines<br>

Work: The optimised PIN list is from Justin Engler & Paul Vines<br> from Senior Security Engineer, iSEC Partners and was used in their<br> Defcon talk, Electromechanical PIN Cracking with Robotic <br> Reconfigurable Button Basher and C3BO.<br>

🌎 Contact me

For Queries: My Instagram Profile
Check Out My YouTube Channel