Jump to content


Photo

[Payload] Android Brute Force 4-digit pin


  • Please log in to reply
37 replies to this topic

#21 DrDinosaur

DrDinosaur
  • Active Members
  • Hak5 Zombie

  • PipPipPipPipPip
  • 189 posts
  • Gender:Male
  • Location:Honolulu, Hawaii

Posted 26 December 2012 - 10:22 PM

Will it continue to go deep into the brute forcing even with a different pin lock screen? For example the Galaxy S3 might have a different login screen for PINs than the Nexus because of touchwiz. Does that affect the payload at all? Would it press the wrong numbers or keys because of a different key layout?

Rawr. 


#22 Xcellerator

Xcellerator
  • Active Members
  • Hak5 Pirate

  • PipPipPipPipPipPip
  • 267 posts
  • Gender:Male

Posted 27 December 2012 - 08:09 AM

It's not based on the layout of the interface. The payload is based on the manual entry of the pass code by the keyboard, ie literally pressing 1-2-3-4. As long as the new models support USB keyboard by default, then I can't see any reason why it wouldn't work.

#23 JDale

JDale
  • Active Members
  • Hackling

  • Pip
  • 10 posts
  • Gender:Male

Posted 28 December 2012 - 02:52 PM

Hi All,
I have a Motorla ME863 cell phone and after a few xmas drinks was a pratt and changed my 4 digit number pass code ....and yup you guessed it ...promptly forgot the damm thing.

Is there anyone in the UK southeast / Berks/Bucks/ London area that can help me fix without having to do a factory reset ?

Many thanks in advance for all and any help

Rgds

JD

#24 JDale

JDale
  • Active Members
  • Hackling

  • Pip
  • 10 posts
  • Gender:Male

Posted 28 December 2012 - 03:03 PM

Just to add, it is the Chinese version (purchased august 2012) and not the usa version so the gmail backdoor does not work, as china blocks gmail, facebook etc

#25 Xcellerator

Xcellerator
  • Active Members
  • Hak5 Pirate

  • PipPipPipPipPipPip
  • 267 posts
  • Gender:Male

Posted 29 December 2012 - 11:56 AM

If it has USB keyboard support, get yourself a ducky or a Teensy board, and brute-force it. If it doesn't support USB keyboard, then you're kinda stuck. (As far as I know, anyway...)

#26 Bountyhunter50

Bountyhunter50
  • Active Members
  • Hak5 Zombie

  • PipPipPipPipPip
  • 171 posts
  • Gender:Male
  • Location:The Desert
  • Interests:Pentesting, Wifi and System wide.

Posted 09 January 2013 - 08:48 AM

I saw Darren's bash code, (I'm not gonna lie I was intimidated) but after running it, COOL!!! Now I Just need to find a willing test subject (Locked in for 2 yrs on my iPhone :unsure: )


Bitmessage

 

BM-2cXhfdYS4g8drmvXnqy3hMbyNgyjhqm2Nf

 

or

 

BM-2cWFvftq9nfMP3vXu9cNzYbyPZCNxWUbis


#27 Martinus101

Martinus101
  • Active Members
  • Newbie

  • 3 posts

Posted 26 January 2013 - 01:44 PM

Love the shows!

Question: Is this the only way to do this? I would think to connect the phone to a normal computer and run the needed scripts from there will do the same?

Question: What kind of software OS is running on the chip?



#28 no42

no42
  • Ducky Moderators
  • Hak5 Ninja

  • PipPipPipPipPipPipPip
  • 929 posts
  • Gender:Male
  • Location:Earth
  • Interests:RIP

Posted 26 January 2013 - 02:05 PM

Q1: No see above.

Q2: The chip is a micro-controller, not an actual full-blown OS, its pre-programmed with a set of instructions triggered/executed by a series of interrupts.


Forever enter the realm of 42; Everything is saved https://github.com/h...SB-Rubber-Ducky


#29 beka

beka
  • Members
  • Newbie

  • 1 posts

Posted 30 January 2013 - 03:28 AM

Just playing around with the Android 4 digit pin code and a Samsung Galaxy S2.

I noticed the S2 (maybe it depends on the version) didn't respond to the ENTER key on a external keyboard while in "standbye" mode. It will respond to the ESC key so if you have this problem change the DELAY 5000\nENTER to DELAY 5000\nESC.

If you want to playaround with the rubber ducky script, first give it a try with an external keyboard. Maybe your timeout settings are different so you need to change the delay settings.



#30 ed_ed

ed_ed
  • Members
  • Newbie

  • 1 posts

Posted 13 February 2013 - 07:18 AM

This could work incredibly well when "Quick unlock" is enabled in Android's security settings, anyone tried it out yet?



#31 JDale

JDale
  • Active Members
  • Hackling

  • Pip
  • 10 posts
  • Gender:Male

Posted 13 February 2013 - 11:16 AM

Been trying to the Ducky with paylaod script to brute force 4 digit phone lock, it times out after 3,000 attempts of 10,000 ???

Any thoughts as to why it stops at 3,000 when the script is for 10,000

Thanks in advance



#32 ersoncokaj

ersoncokaj
  • Active Members
  • Newbie

  • 5 posts

Posted 02 November 2013 - 06:35 AM

Can someone please tell me how to insert the payloads in the USB Rubber Ducky and does anyone have the payload for EFI PIN's (4 digits)



#33 Hak 5 ish

Hak 5 ish
  • Members
  • Newbie

  • 1 posts

Posted 22 April 2014 - 11:47 PM

Can someone please tell me how to insert the payloads in the USB Rubber Ducky and does anyone have the payload for EFI PIN's (4 digits)

 im looking for the same. I have the code for Teensy 3. but i cant seem to get the payload to work correctly on the rubber duck. 

 

 

These links list the codes used for the teensy 3 For EFI brute forcing and icould pin brute forcing.. Can someone PLEASE take a look at it and see if it need to be edited to work on the rubber ducky

http://orvtech.com/e...ook-pro/#UPDATE

http://orvtech.com/e...uta-pin-icloud/



#34 S3V3N

S3V3N
  • Active Members
  • Hak5 Fan +

  • PipPipPip
  • 32 posts

Posted 17 June 2014 - 10:09 PM

the adapter that will work for the iPhone is called the Apple Camera adapter. I have a few apple devices, and it works for all of them. I have yet to try the iPhone5 yet though as this requires the new camera adapter. Now we just need to get the timing/code corrected as the iPhone is a bit different than the Android.

 

Awesome Work!! Keep it up Darren!!



#35 S3V3N

S3V3N
  • Active Members
  • Hak5 Fan +

  • PipPipPip
  • 32 posts

Posted 17 June 2014 - 10:17 PM

Part Number for iPhone up to 4S:   MC531ZM

Part Number for iPhone 5:               MD821ZM



#36 dataghost

dataghost
  • Active Members
  • Hak5 Fan

  • PipPip
  • 21 posts

Posted 04 January 2015 - 04:18 PM

To adapt Darren's simple script to generate android.txt on OSX, you need Mac Ports installed and you need to install gsed (gnu-sed), as gnu-sed is slightly different to OSX's default bsd-sed.
 

port install gsed
then:

echo DELAY 5000 > android_brute-force_0000-9999.txt; echo {0000..9999} | xargs -n 1 echo STRING | gsed '0~5 s/$/\nWAIT/g' | gsed '0~1 s/$/\nDELAY 1000\nENTER\nENTER/g' | gsed 's/WAIT/DELAY 5000\nENTER\nDELAY 5000\nENTER\nDELAY 5000\nENTER\nDELAY 5000\nENTER/g' >> android_brute-force_0000-9999.txt
Not sure whats going wrong with cygwin?

 

How can i modify this script to put a delay between each key stroke. so basically enter 0 delay 500ms enter 0 delay 500ms enter 0 delay 500ms enter 1 etc



#37 Ninjalizard

Ninjalizard
  • Members
  • Newbie

  • 4 posts

Posted 05 March 2015 - 08:43 AM

Hey all, I'm trying to execute this payload on my ASUS tablet and it doesn't respond to ENTER, as suggested ive tried ESC along with OK,SPACE,RETURN,SUBMIT and TAB... any suggestions would be appriciated!



#38 Jhall1

Jhall1
  • Members
  • Newbie

  • 2 posts

Posted 20 March 2015 - 06:24 AM

Hi great Ducky payload!

This works great on my android platform of 4.4.2 Samsung but is that any update or way through more recent android versions, I have tested it on the HTC one M8 and the script begins to run and navigates to the pin screen but the keypad will only work from physical access to the phone and not by the ducky or usb keyboard.

 

Any advice or tips would be great

 

Jake






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users