Locked phone: Nexus 5, Nethunter phone: Xiaomi Redmi Note 3 - hid-keyboard works, usb-devices detected, but its not cracking (even when correct pin in the list) about android-pin-bruteforce HOT 22 OPEN

If you can't see PINs being entered then that is not normal behaviour.

What config are you using, and have you tried the config files I made for the Motorola G4 and G5?

If those config files do not work then you may need to experiment using a keyword to find out what keys must be pressed before entering a PIN, such as ESCAPE, ENTER, SPACE, CTRL-ESCAPE and so on. With that information you could make a new config file.

from android-pin-bruteforce.

If you can't see PINs being entered then that is not normal behaviour.

attached config and config.default (please note that on phone I kept file names as config and config.default just for uploading here i renamed to .txt

config.default.txt
config.txt

from android-pin-bruteforce.

If those config files do not work then you may need to experiment using a keyword to find out what keys must be pressed before entering a PIN, such as ESCAPE, ENTER, SPACE, CTRL-ESCAPE and so on. With that information you could make a new config file.

Ah got it. I will give a try.

from android-pin-bruteforce.

This variable might need to change KEYS_BEFORE_EACH_PIN="escape enter"

By the way, you can use it like this.

bash ./android-pin-bruteforce -c ./config.motorola.moto-g4-plus crack

from android-pin-bruteforce.

This variable might need to change KEYS_BEFORE_EACH_PIN="escape enter"

By the way, you can use it like this.

bash ./android-pin-bruteforce -c ./config.motorola.moto-g4-plus crack

Guess I am making progress now, When I tried config.motorola.moto-g4-plus I can see first PIN in the list being printed on locked phone and saw Wrong PIN .
But then it did not print anything.

from android-pin-bruteforce.

Any tips on how to make the README easier to understand would be helpful. Let me know how your journey goes.

from android-pin-bruteforce.

Any tips on how to make the README easier to understand would be helpful. Let me know how your journey goes.

Sure. I am trying by connecting an actual keyboard and recording what keystrokes will get to the PIN screen.

space + enter goes to PIN screen
then typing numbers get PIN inputted
enter attempts that PIN.

But after that, if I type another PIN it is not being inputted (even though I am on PIN screen), looks like the cursor went out some where.
I am trying to find the keystroke to get the cursor back.

from android-pin-bruteforce.

I connected a physical keyboard to my locked phone and ,
Pressed space + enter
Which took me to PIN screen and I could enter PIN there. After entering wrong PIN and hit enter, the cursor goes out from where PIN is entered.
I had to hit tab key 4 times to get cursor back in position.

In short, I have to hit tab key 4 times after every incorrect PIN, how can I put this in to config?

from android-pin-bruteforce.

I have just added the space_enter key combination. You will need to download the latest version of the source code for this feature.

The part of the config to change is this:
KEYS_BEFORE_EACH_PIN="space_enter tab tab tab tab"

Hopefully this works. Let me know how you go. If not, do any other keys other than space + enter work to bring up the PIN screen?

I added this to this part of the script:

function send_keys() {
  prompt="$1"
  delay="$2"

  for key in $prompt; do

    case $key in 
      "ctrl_escape")
        send_key "left-ctrl escape"
        ;;
      "ctrl-escape")
        send_key "left-ctrl escape"
        ;;
      "space_enter")
        send_key "spacebar return"
        ;;
      "space-enter")
        send_key "spacebar return"
        ;;

from android-pin-bruteforce.

I have just added the space_enter key combination. You will need to download the latest version of the source code for this feature.

The part of the config to change is this:
KEYS_BEFORE_EACH_PIN="space_enter tab tab tab tab"

Hopefully this works. Let me know how you go. If not, do any other keys other than space + enter work to bring up the PIN screen?

I added this to this part of the script:

function send_keys() {
  prompt="$1"
  delay="$2"

  for key in $prompt; do

    case $key in 
      "ctrl_escape")
        send_key "left-ctrl escape"
        ;;
      "ctrl-escape")
        send_key "left-ctrl escape"
        ;;
      "space_enter")
        send_key "spacebar return"
        ;;
      "space-enter")
        send_key "spacebar return"
        ;;

I downloaded latest android-pin-bruteforce and added KEYS_BEFORE_EACH_PIN="space_enter tab tab tab tab" to config.motorola.moto-g4-plus . When I try, its not going to PIN screen any more.

With KEYS_BEFORE_EACH_PIN="ctrl_escape enter" in config.motorola.moto-g4-plus and latest android-pin-bruteforce , at least its going to the PIN screen and input the first PIN in the list and try it. Its the next PIN onwards, its not able to input.

I will find out if any key other than space + enter takes me to PIN screen.

Note: The locked phone I am trying is Nexus 5

from android-pin-bruteforce.

I set,
KEYS_BEFORE_STARTING="space enter"

And tried setting below to
KEYS_BEFORE_EACH_PIN="tab tab tab tab"

and its going PIN screen, but not selecting PIN field.

And tried setting below to
KEYS_BEFORE_EACH_PIN="ctrl_escape enter"

Now going to PIN screen and get selected and first PIN get inputted correctly. But after 1st PIN inputted, PIN field selection gone. I know that tab tab tab tab (4 times tab keys) will bring back the selection. But some how not able to make the script do that.

from android-pin-bruteforce.

Can you combine those?

KEYS_BEFORE_EACH_PIN="ctrl_escape enter tab tab tab tab"

Above you wrote : KEYS_BEFORE_STARTING="space enter"
This sends space, a short delay, then sends enter.

That is different to: KEYS_BEFORE_EACH_PIN="space_enter
This sends space and enter at the same time.

from android-pin-bruteforce.

Can you combine those?

KEYS_BEFORE_EACH_PIN="ctrl_escape enter tab tab tab tab"

Above you wrote : KEYS_BEFORE_STARTING="space enter"
This sends space, a short delay, then sends enter.

That is different to: KEYS_BEFORE_EACH_PIN="space_enter
This sends space and enter at the same time.

I tried KEYS_BEFORE_EACH_PIN="ctrl_escape enter tab tab tab tab" and also set KEYS_BEFORE_EACH_PIN="space_enter" still its not doing. Also noticed, during cool off period also its trying PINs on the script.
I made a video of trying different combinations. I am hoping once you see it you will get different behaviors, and you will be able to suggest correct settings to me.

https://youtu.be/tNc6RuflGgs

from android-pin-bruteforce.

I have added KEYS_AFTER_EACH_PIN by default it is "enter" but you could try changing it to "enter tab tab tab tab"

from android-pin-bruteforce.

I have added KEYS_AFTER_EACH_PIN by default it is "enter" but you could try changing it to "enter tab tab tab tab"

That did not help either.

I was thinking of sending keystrokes using hid-keyboard and get the working pattern.
If I want to write couple of below commands, as part of a shell script, how should I do it?
I tried putting them as is, and get error “/dev/hidg0: No such file or directory”
When I try the command individually on shell it works.

echo left-ctrl escape enter | hid-keyboard /dev/hidg0 keybaord

also spacebar an allowed keystroke or is it space ?

from android-pin-bruteforce.

spacebar should work, but if it isn't working try space.

The following command should work in a shell script:

echo "enter" | /system/xbin/hid-keyboard /dev/hidg0 keyboard

The /system/xbin/hid-keyboard will combine some keys, but combined keys can only be used in this script when an underscore joins them, for example with ctrl_escape.

from android-pin-bruteforce.

@simtcrom were you successful in making a config file for your Nexus 5?

from android-pin-bruteforce.

Try making a script like this for testing:

echo "left-ctrl escape" | /system/xbin/hid-keyboard /dev/hidg0 keyboard
echo "spacebar" | /system/xbin/hid-keyboard /dev/hidg0 keyboard
echo "1 2 3 4" | /system/xbin/hid-keyboard /dev/hidg0 keyboard
echo "enter" | /system/xbin/hid-keyboard /dev/hidg0 keyboard

from android-pin-bruteforce.

Try making a script like this for testing:

echo "left-ctrl escape" | /system/xbin/hid-keyboard /dev/hidg0 keyboard
echo "spacebar" | /system/xbin/hid-keyboard /dev/hidg0 keyboard
echo "1 2 3 4" | /system/xbin/hid-keyboard /dev/hidg0 keyboard
echo "enter" | /system/xbin/hid-keyboard /dev/hidg0 keyboard

I got busy with work.
But I definitely plan to come back and try this.
I will sure post my results.

from android-pin-bruteforce.

Have you had a chance to look at this again?

from android-pin-bruteforce.

Have you had a chance to look at this again?

Sorry I could not. Busy at work place.
Also the touch of nexus stopped working. So will have to spend some considerable amount of time to try this out again.

from android-pin-bruteforce.

locked out unlock

from android-pin-bruteforce.