Yes. Thank you for your support and for the great job done. A really useful tool for us forensic professionals. I hope to be able to contribute to its improvement in the future! Thank you

from android-pin-bruteforce.

Hi, from my tests the CTRL + ESC combination must be performed after each wait. After five unsuccessful attempts, a warning appears which disappears when the enter key is pressed. So it should be CTR + ESC (5 attempts) - ENTER - wait 30 seconds + CTRL + ESC (5 attempts) etc. The number of attempts decreases over time

from android-pin-bruteforce.

Hi, I'm still doing tests ...

from android-pin-bruteforce.

I disabled the array and set the --from parameter

I'll let you know :-)

from android-pin-bruteforce.

I can't do factory reset because they are 'real cases'. I am a computer forensic consultant. However, I can tell you that the bruteforce attacks on Huawei, I'm talking about the most recent devices, are even more stringent than Motorola. Approximately two / three attacks every half hour / 1 hour. Thinking about an attack is impossible!

from android-pin-bruteforce.

No problem, I'll test it as soon as possible

from android-pin-bruteforce.

from android-pin-bruteforce.

Video

from android-pin-bruteforce.

You just typed the word video.

from android-pin-bruteforce.

I'm sorry! I attach a photo. on the left the phone that remains on the lock screen preventing the entry of passwords

from android-pin-bruteforce.

It is working as expected with a mask of 1236. It tries only one combination and then it is complete.
If you only want to try the numbers 1,2,3, and 6 then use a mask of "[1236][1236][1236][1236]"

from android-pin-bruteforce.

1236 unlock the device! I've shortened the list just for convenience. No PIN passes if the screen is in this state.

from android-pin-bruteforce.

OK that's interesting. Let's see if we can make it work.

First, please tell me the make, model, and year of the phone.

Second, connect a real USB keyboard instead of the Nethunter phone. Press different keys to see if any key will get the phone into a state where it accepts a PIN.

from android-pin-bruteforce.

the phone is a Moto G5 Plus but there is the same problem also on a Cubot phone from a few years ago. They are all my test phones

from android-pin-bruteforce.

If you can find a combination of keyboard keys that will get the phones to receive a PIN then I can modify the tool.

from android-pin-bruteforce.

Hi,
the CTRL+ESC key allows you to access the PIN entry mask and launch attack correctly. Fix it please.
Thank you

from android-pin-bruteforce.

Can you please use your keyboard to test that this series of key presses will work for your Moto G5 Plus?

CTRL+ESC
1001 ENTER
1002 ENTER
1003 ENTER
1004 ENTER
1005 ENTER
(WAIT for 30 seconds)
1006 ENTER
1007 ENTER
1008 ENTER
1009 ENTER
1010 ENTER
(WAIT for 30 seconds)
1011 ENTER

from android-pin-bruteforce.

Can you tell me more about "The number of attempts decreases over time"?

from android-pin-bruteforce.

after ten attempts, only one attempt every 30 seconds

from android-pin-bruteforce.

I also tried with a Samsung SM-A505FN / DS and after ten failed attempts (5 every thirty seconds) the attack is reduced to only one attempt every 30 seconds.

from android-pin-bruteforce.

So would this pattern of keys work?

(Repeat this exactly 10 times)
CTRL+ESC
1001 ENTER
1002 ENTER
1003 ENTER
1004 ENTER
1005 ENTER
(WAIT for 30 seconds)

CTRL+ESC
1051 ENTER
(WAIT for 30 seconds)

CTRL+ESC
1052 ENTER
(WAIT for 30 seconds)

from android-pin-bruteforce.

The right sequence on Moto G5 Plus is:

CTRL+ESC
1001 ENTER
1002 ENTER
1003 ENTER
1004 ENTER
1005 ENTER
ENTER (for warning screen)
(WAIT for 30 seconds)

CTRL+ESC
1001 ENTER
1002 ENTER
1003 ENTER
1004 ENTER
1005 ENTER
ENTER (for warning screen)
(WAIT for 30 seconds)

CTRL+ESC
1051 ENTER
ENTER (for warning screen)
(WAIT for 30 seconds)
...

from android-pin-bruteforce.

On some newer devices such a brute force attack can cause all data to be deleted!

from android-pin-bruteforce.

Hi @odorisiogallo what happens if you reboot the device after 9 attempts and after 10 attempts?

After the reboot does it still only allow 1 attempt per 30 seconds, or does it go back to allowing 5 per 30 seconds?

from android-pin-bruteforce.

I also discovered that the amount of allowed unsuccessful attempts before you have to wait for 30 secs decreases after 10 unsuccessful attempts
Samsung Galaxy S10, Android 10

This would increase the amount of time needed to crack a pin from 17 hours to 3.5 days

from android-pin-bruteforce.

@odorisiogallo ⚡ try it now with the following configuration settings in the config file:

• CHANGE_AFTER_10_ATTEMPTS=1
• PROMPT_BEFORE_EACH_PIN="ctrl_escape enter"

from android-pin-bruteforce.

HID device (/dev/hidg0) found
hid-keyboard executable (system/xbin/hid-keyboard) found
HID USB device non ready...
...
what happened? how to solve?

from android-pin-bruteforce.

Try it again with the latest version from today, and show me the logs.

If it doesn't work please also show the output of the android-pin-bruteforce diag command.

from android-pin-bruteforce.

I'm sorry, by mistake I connected the OTG cable to the Nethunter phone and not the locked phone. I'll do some tests and let us know

from android-pin-bruteforce.

Hi and complete for the excellent work, however, the situation is this on Moto. The first five attacks succeed, the sixth fails due to the display that tends to go off every ten seconds. Attacks 7,8 and 9 are then launched correctly and then stops for 30 seconds but in reality there is another attack to be performed before the break, the sixth that did not hit. I hope I was clear.

from android-pin-bruteforce.

You should keep the phone display locked always on or launch a command that keeps it awake every x seconds of your choice

from android-pin-bruteforce.

Can you figure out which key will keep the phone awake?

Currently it will send an ENTER key every 5 seconds during the cooldown period to keep the phone awake, but if this doesn't work for you I can make an option to change it.

from android-pin-bruteforce.

Every 10 seconds. It would be desirable to be able to customize this value.

from android-pin-bruteforce.

I've updated the code so you can configure it with PROMPT_STAY_AWAKE_DURING_COOLDOWN.

The default is PROMPT_STAY_AWAKE_DURING_COOLDOWN="enter".
You can select multiple keys, for example PROMPT_STAY_AWAKE_DURING_COOLDOWN="escape enter".
On a Samsung the enter is necessary to dismiss any popups that might appear, for example a popup about battery levels.

from android-pin-bruteforce.

It is good what you have done but you need to be able to configure the recovery period as well. The Moto screen turns off every 10 seconds, I think this can be resolved by setting another value other than 5. The attack failed again this time :-(

from android-pin-bruteforce.

Can you show me the series of key presses that work when you have a keyboard plugged in?

from android-pin-bruteforce.

I recorded a small video...

from android-pin-bruteforce.

As you can see, the code 1236 is not sent because the device is not ready yet!

from android-pin-bruteforce.

The default that is good for most phones is PROMPT_STAY_AWAKE_DURING_COOLDOWN="enter"

Try changing the config file to these values:

PROMPT_STAY_AWAKE_DURING_COOLDOWN="escape enter"
PROMPT_STAY_AWAKE_DURING_COOLDOWN="ctrl-escape"
PROMPT_STAY_AWAKE_DURING_COOLDOWN="ctrl-escape enter"

Please let me know if any of these work on this phone.

from android-pin-bruteforce.

Perhaps also try COOLDOWN_TIME=31

from android-pin-bruteforce.

Hello and congratulations for the excellent work! On my test device the procedure worked with the following configuration:

COOLDOWN_TIME=35
PROMPT_STAY_AWAKE_DURING_COOLDOWN="enter"

However after the attempt num. 40 the cooldown time of my test device increases to 60 seconds so subsequent attacks fail.
So, OK from 1 to 40 attack, the next ones fail as the cooldowntime goes up to 60 seconds.

from android-pin-bruteforce.

I've made a config file called config.motorola.motog5plus.

Can you try using --config config.motorola.motog5plus to see if it works for you, all except the cooldown period changing.

from android-pin-bruteforce.

Can you verify this is the correct configuration for how the lockscreen on the Motorola Moto G5 Plus works?

from android-pin-bruteforce.

Hi, using the parametri --config the attack does not start! The phone stays on the look screen mask

from android-pin-bruteforce.

Could you try changing the variables in config.motorola.motog5plus to see if you can make it work?

from android-pin-bruteforce.

Hi, the config.motorola.motog5plus file is not working! While if I use the appropriately modified config file, it works perfectly. There remains the problem of 60 seconds from attack 41 onwards

from android-pin-bruteforce.

Can you verify this is the correct configuration for how the lockscreen on the Motorola Moto G5 Plus works?
attempt number attempts until cooldown cooldown
0 5 30
11 1 30
41 1 60

Yes, that's right

from android-pin-bruteforce.

Can you please copy/paste your config that works perfectly so I can update config.motorola.motog5plus

from android-pin-bruteforce.

If I use --config config.motorola.motog5plus dosen't work, if I use --config config It world by changing ctrl_escape enter in PROMP_BEFORE_EACH_PIN.
I still have the problem of 60 seconds

from android-pin-bruteforce.

I've changed the behaviour of CHANGE_AFTER_10_ATTEMPTS so that after 40 attempts the COOLDOWN period is 60 seconds. I also renamed CHANGE_AFTER_10_ATTEMPTS to PROGRESSIVE_COOLDOWN.

Can you try testing it again with config.motorola.motog5plus?

from android-pin-bruteforce.

the config.motorola.motog5plus file does not work, it seems that the parameter is not passed ... if I set a delay of 35 seconds, the value is ignored and the attack does not even start

from android-pin-bruteforce.

There was a bug that caused the config file to not be loaded. I've fixed it so try again now with config.motorola.motog5plus

from android-pin-bruteforce.

config.motorola.motog5plus now works however after the fortieth attack the wait continues to be 30 seconds and the screen shutdown time should also be considered so that after the fortieth attack the correct delay would be 65 seconds

from android-pin-bruteforce.

There is also a considerable battery drain of the phone blocked but it could be my problem. Could you recommend an OTG cable with charging capability? Thank you

from android-pin-bruteforce.

I haven't tested any OTG cables with charging capability but this article looks useful https://gadgetstouse.com/blog/2016/04/07/usb-otg-cables-that-support-charging/

Do the keys to keep the phone awake during the cool down period work?

Do your logs include the following lines?

[SEND] 1993. Attempt 40 (0%) at Feb28 12:36:53 am
[DEBUG] Sending key: 1
[DEBUG] Sending key: 9
[DEBUG] Sending key: 9
[DEBUG] Sending key: 3
[DEBUG] Sending key: enter
[DEBUG] Countdown for 30 <-- I only just added this line
[INFO] Forty attempts have been reached! Now cooldown for 60 seconds after every PIN attempt.
[DEBUG] Sending key: left-ctrl escape
[DEBUG] Sending key: enter
[SEND] 1985. Attempt 41 (0%) at Feb28 12:36:56 am
[DEBUG] Sending key: 1
[DEBUG] Sending key: 9
[DEBUG] Sending key: 8
[DEBUG] Sending key: 5
[DEBUG] Sending key: enter
[DEBUG] Countdown for 60 <-- you should see 60 seconds

from android-pin-bruteforce.

So ... after the fortieth attempt the waiting time is still 30 seconds while it rises to 60 at the forty-first attempt. Immediately after the attack no. 40 the waiting time must increase to 60 seconds. You're almost there :-)

from android-pin-bruteforce.

OK, I've updated the script. Can you try it now?

from android-pin-bruteforce.

Now it works but the waiting time of 60 seconds coincides with the screen turning off and the attack does not start. Could you add 30 seconds to the initial value that way it would work and be more customizable ...

from android-pin-bruteforce.

I assume that the PROMPT_STAY_AWAKE_DURING_COOLDOWN feature isn't working to keep the screen from turning off.

from android-pin-bruteforce.

I try to change the value to the SEND_KEY_STAY variable ... and let you know

from android-pin-bruteforce.

My mistake, the new variable name is KEYS_STAY_AWAKE_DURING_COOLDOWN.

from android-pin-bruteforce.

I've tried with different values: 3 second, 27 second, 9 second... ​​but it doesn't work

from android-pin-bruteforce.

I tried several odd-numbered solutions to avoid falling to 30 seconds and 60 seconds

from android-pin-bruteforce.

I have added mouse movement simulation.

Try using this to see if this keeps the phone from sleeping during the cooldown.
KEYS_STAY_AWAKE_DURING_COOLDOWN="mouse_move mouse-left-button"

from android-pin-bruteforce.

I have changed the way the progressive cooldown works and also found the bug that was causing problems for you.
Now you will have full control over the progressive cooldown from the config file.

You can customise it with the following variables, and I have just added them into all the config files:

## PROGRESSIVE_COOLDOWN can be set to 1 for enabled or 0 disabled. When enabled, after 10 attempts it changes the COOLDOWN_AFTER_N_ATTEMPTS to 1.
PROGRESSIVE_COOLDOWN=1

## The PROGRESSIVE_COOLDOWN_ARRAY variables act as multi-dimensional array to customise the progressive cooldown
## PROGRESSIVE_ARRAY_ATTEMPT_COUNT__________ is the attempt number
## PROGRESSIVE_ARRAY_ATTEMPTS_UNTIL_COOLDOWN is how many attempts to try before cooling down
## PROGRESSIVE_ARRAY_COOLDOWN_IN_SECONDS____ is the cooldown in seconds

PROGRESSIVE_ARRAY_ATTEMPT_COUNT__________=(1  11 41)
PROGRESSIVE_ARRAY_ATTEMPTS_UNTIL_COOLDOWN=(5   1  1)
PROGRESSIVE_ARRAY_COOLDOWN_IN_SECONDS____=(30 30 60)

The array is the same as this table.

from android-pin-bruteforce.

I found another bug and fixed it just now with the progressive cooldown.

from android-pin-bruteforce.

Hi, I ran some tests with this and the previous version ... well, I can't understand how the countdown counter works because it counts one more attempt. In my tests I left it on 1,11,41 as default (I attach the bruter.log file) however the problem is solved by setting a different value in the array. The big problem is that the motion after 50 failed attempts the waiting time goes from 60 to 120 seconds. Can you add infinite elements to the array or is it only set three elements like now? Thank you
bruter.log

from android-pin-bruteforce.

from android-pin-bruteforce.

Perfect! Huge strides have been made and the program is now more flexible. I'll do a few more tests and update you but the ability to add items to the array is great. I also report excessive consumption of the battery of the locked phone. With the battery charged at 100% I only managed 55 attacks before zero. Have you also detected excessive battery consumption?

from android-pin-bruteforce.

Thanks @odorisiogallo as I have been making changes based on your feedback.

I've found that battery can be a problem and I had to pause and restart while using the script. Can you reduce the screen brightness while it is locked? An OTG cable with a splitter can be useful to charge the devices. Perhaps you can try that.

from android-pin-bruteforce.

Hi, I'm glad I made my contribution ... how did you scare the script and then take it back? The battery is a big problem, at the moment I still can't find a working OTG cable that actually recharges the device during the attack and I can't change the brightness of the locked phone display. In any case I will run a new test reconfiguring the array correctly and update you on the result. Thank you

from android-pin-bruteforce.

So, to work properly the array must be set up like this:

PROGRESSIVE_ARRAY_ATTEMPT_COUNT __________ = (10 40 50)
PROGRESSIVE_ARRAY_ATTEMPTS_UNTIL_COOLDOWN = (1 1 1)
PROGRESSIVE_ARRAY_COOLDOWN_IN_SECONDS ____ = (35 65 125)

this is because up to the tenth attack the rule of five attacks every 10 seconds applies. I also found that the frozen phone's excessive battery drain is due to it powering the attacking NetHunter device. I will try to run a new test this time with the attack phone 100% charged.

from android-pin-bruteforce.

Hi, after the last attack and before waiting for the next one a popup message appears. Can you keep it on screen until the next attack? It would be helpful to read the type of warning before the next attack...

from android-pin-bruteforce.

The pop up message is disappearing because of keys that are sent during the cooldown time period.

The Motorola config has the following configuration to send the enter key every 1 second during the cooldown. This is done to keep the phone awake.

You could change this to the default of 5 seconds or even a longer time to make the popup messages easier to read.

## KEYS_STAY_AWAKE_DURING_COOLDOWN the keys that are sent during the cooldown period to keep the phone awake
KEYS_STAY_AWAKE_DURING_COOLDOWN="enter"

## SEND_KEYS_STAY_AWAKE_DURING_COOLDOWN_EVERY_N_SECONDS how often the keys are sent, in seconds
SEND_KEYS_STAY_AWAKE_DURING_COOLDOWN_EVERY_N_SECONDS=1

from android-pin-bruteforce.

My tests continue and after setting

SEND_KEYS_STAY_AWAKE_DURING_COOLDOWN_EVERY_N_SECONDS = 3

the attack was successful until attempt no. 40 when, due to the parameter set to three seconds, attempts from 41 onwards have failed. How can I resume knowing that I have reached 43 attempts with a waiting time of 65 seconds starting from the code '1985'?

The problem of excessive battery consumption seems to have been considerably reduced by starting the attack with the NetHunter Device charged to 100% and keeping the phone locked with OTG cable with charging support in charge

from android-pin-bruteforce.

I'd updated the README with this section. What do you think?

🔋 Managing Power Consumption

If your phone runs out of power too soon, follow these steps:

• Make sure both phones are fully charged to 100% before you begin
• Use a USB OTG cable with a Y splitter for an external power supply, to allow charging while cracking
• Reduce the screen brightness on both the victim phone and NetHunter phone
• Increase the SEND_KEYS_STAY_AWAKE_DURING_COOLDOWN_EVERY_N_SECONDS configuration option. This will cause the locked phone to wakes up less often during cooldown, and the screen will use less power.
• Take breaks to charge your devices. Pause the script with CTRL-Z and resume with the fg shell command.

from android-pin-bruteforce.

Perfect, I confirm this information and continue my tests. I'm trying to go beyond the 60 attack limit to understand how Moto behaves. A bruteforce attack should be fully automated considering the execution time but it is a great tool. You with the Samsung have you managed to pierce the device? Which model? Huawei seems to allow three attacks every hour ... :-( I could try one these days ...

from android-pin-bruteforce.

On the Moto after 60 attempts the waiting time increases to 240 seconds. At this point I believe it doubles every 10 failed attempts so at the 70th attempt it should go up to 480 seconds ...: - ((

from android-pin-bruteforce.

PROGRESSIVE_ARRAY_ATTEMPT_COUNT __________ = (10 40 50 60)
PROGRESSIVE_ARRAY_ATTEMPTS_UNTIL_COOLDOWN = (1 1 1 1)
PROGRESSIVE_ARRAY_COOLDOWN_IN_SECONDS ____ = (35 65 125 245)

SEND_KEYS_STAY_AWAKE_DURING_COOLDOWN_EVERY_N_SECONDS = 3

from android-pin-bruteforce.

I launched a new attack, this time starting from 0 and setting the array up to the 80th attempt. I let him work ...

It would be useful to launch the attack by-passing the operating system. Can't load something into the bootloader so you can try from there?

from android-pin-bruteforce.

The default config will successfully crack a Samsung S5, and there is no progressive cooldown period. I think some of the more recent Samsung phones are different. Loading this into the bootloader is beyond my skills,but is something I'm interested in.

I've had a look at the numbers 35,65,125,245 and there appears to be a pattern of 15*2**n + 5 where n is the position in the series.

I can use ruby to output the next numbers in the series.

(1..25).map { |n|  15*2**n + 5 }
=> [35, 65, 125, 245, 485, 965, 1925, 3845, 7685, 15365, 30725, 61445, 122885, 245765, 491525, 983045, 1966085, 3932165, 7864325, 15728645, 31457285, 62914565, 125829125, 251658245, 503316485]

To see how long that is I used this script

# from https://gist.github.com/shunchu/3175001
def formatted_duration(total_seconds)
    days = total_seconds / (60 * 60 * 24)
    hours = total_seconds / (60 * 60)
    hours -= (24 * days) if days >= 1
    minutes = (total_seconds / 60) % 60
    seconds = total_seconds % 60

    "#{days}d #{hours}h #{minutes}min #{seconds}s"
end

(1..25).each { |x|  seconds = 15*2**x + 5;  puts "#{x}\t#{seconds}\t\t#{formatted_duration(seconds)}" }
1	35		0d 0h 0min 35s
2	65		0d 0h 1min 5s
3	125		0d 0h 2min 5s
4	245		0d 0h 4min 5s
5	485		0d 0h 8min 5s
6	965		0d 0h 16min 5s
7	1925		0d 0h 32min 5s
8	3845		0d 1h 4min 5s
9	7685		0d 2h 8min 5s
10	15365		0d 4h 16min 5s
11	30725		0d 8h 32min 5s
12	61445		0d 17h 4min 5s
13	122885		1d 10h 8min 5s
14	245765		2d 20h 16min 5s
15	491525		5d 16h 32min 5s
16	983045		11d 9h 4min 5s
17	1966085		22d 18h 8min 5s
18	3932165		45d 12h 16min 5s
19	7864325		91d 0h 32min 5s
20	15728645		182d 1h 4min 5s
21	31457285		364d 2h 8min 5s
22	62914565		728d 4h 16min 5s
23	125829125		1456d 8h 32min 5s
24	251658245		2912d 17h 4min 5s
25	503316485		5825d 10h 8min 5s

from android-pin-bruteforce.

Building the array becomes complicated but having a multiplier after a certain number of attempts can be useful. I continue my tests on the Moto ...

from android-pin-bruteforce.

Try this

PROGRESSIVE_ARRAY_ATTEMPT_COUNT __________ = (1 10 40 50 60 70  80 90 100  110 120 130 140 150 160 170 180 190)
PROGRESSIVE_ARRAY_ATTEMPTS_UNTIL_COOLDOWN = (5 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1)
PROGRESSIVE_ARRAY_COOLDOWN_IN_SECONDS ____ = (30 35 65 125 245 485 965 1925 3845 7685 15365 30725 61445 122885 245765 491525 983045 1966085)

from android-pin-bruteforce.

Tonight I try, however, if you look, after the first ten attacks it is always a single attempt with a waiting time to go up for this I said that a multiplier could be useful. Building an array can be complicated while doing so would be easier. Or you could choose between array and multiplier. What do you think about it?

from android-pin-bruteforce.

I tried to modify as you said but the attack doesn't really start. I had to replace the config.motorola file and manually populate the array up to 80 attempts. I update you

from android-pin-bruteforce.

Hi, I was unable to complete the attack but the array is working correctly. I did not understand why I lose some attacks despite the parameter

SEND_KEYS_STAY_AWAKE_DURING_COOLDOWN_EVERY_N_SECONDS = 1

I will try again trying to garrison the attack. These days I will try on a Huawei device ...

from android-pin-bruteforce.

After sixty attempts I had to recharge the locked phone. I put this in charge, I restart with fg shell but I have lost the connection with the device. Fifteen failed attempts and the attack ended. I try again ...

from android-pin-bruteforce.

Hi, I stopped the Moto G tests to dedicate myself to two huawei devices that I have available. Unfortunately here the bruteforce becomes impossible as in a short time you reach 30 minutes of waiting every two attempts ... :(

from android-pin-bruteforce.

I'm surprised to learn that Huawei devices are most secure from bruteforce attacks. Is that in the default configuration after a factory reset?

from android-pin-bruteforce.

I have a Motorola gmoto4 now, and I'm building a config for it.

from android-pin-bruteforce.

Motorola Moto G4

I've got a working configuration file for the Motorola Moto G4 Plus config.motorola.moto-g4-plus but this is very different to the G5 Plus. It lets the user fail 6 times (not 5) before changing the behaviour.

The progressive array looks like this:

PROGRESSIVE_ARRAY_ATTEMPT_COUNT__________=(1   6 )
PROGRESSIVE_ARRAY_ATTEMPTS_UNTIL_COOLDOWN=(6   1 )
PROGRESSIVE_ARRAY_COOLDOWN_IN_SECONDS____=(30 30 )

I also disabled the SEND_KEYS_STAY_AWAKE_DURING_COOLDOWN feature I created for the Motorola G5, as it seems to drain the battery by keeping the display on.

I added the following configurable behaviour:

## SEND_KEYS_DISMISS_POPUPS_N_SECONDS_BEFORE_COOLDOWN_END defines how many seconds before the end of the cooldown period, keys will be sent
# set to 0 to disable
SEND_KEYS_DISMISS_POPUPS_N_SECONDS_BEFORE_COOLDOWN_END=5
## SEND_KEYS_DISMISS_POPUPS_AT_COOLDOWN_END configures the keys that are sent to dismiss messages and popups before the end of the cooldown period
SEND_KEYS_DISMISS_POPUPS_AT_COOLDOWN_END="enter enter enter"

Motorola Moto G5

I have just now created config.motorola.moto-g5-plus but I can't test it.

It is like config.motorola-moto-g4 except for the following:

PROGRESSIVE_ARRAY_ATTEMPT_COUNT__________=(1  10 40  50  60 70   80    90  100  110  120    130   140    150    160    170    180     190)
PROGRESSIVE_ARRAY_ATTEMPTS_UNTIL_COOLDOWN=(5   1  1   1   1  1    1     1    1    1    1      1     1      1      1      1      1       1)
PROGRESSIVE_ARRAY_COOLDOWN_IN_SECONDS____=(30 35 65 125 245 485 965  1925 3845 7685 15365 30725 61445 122885 245765 491525 983045 1966085)

from android-pin-bruteforce.

Unfortunately, without bypassing the operating system it becomes difficult to apply a bruteforce attack. On Huawei with 6-digit pin code it would take forever

from android-pin-bruteforce.

I can't do factory reset because they are 'real cases'. I am a computer forensic consultant. However, I can tell you that the bruteforce attacks on Huawei, I'm talking about the most recent devices, are even more stringent than Motorola. Approximately two / three attacks every half hour / 1 hour. Thinking about an attack is impossible!

About those cooldowns. Some androids seem to remember the number of attempts but forget the cooldown itself after a reload. It takes 20-30 seconds to reload. So it becomes a "Attempt -> Reload -> Attempt -> Reload" etc with 30 seconds taken for each attempt. It eats away at the battery charge though.
Question is can this bruteforcer do automated reloads? Is it possible?

I tried as you say but it doesn't work. In the meantime, I'm running the test on the Moto G5 plus

from android-pin-bruteforce.

I can't do factory reset because they are 'real cases'. I am a computer forensic consultant. However, I can tell you that the bruteforce attacks on Huawei, I'm talking about the most recent devices, are even more stringent than Motorola. Approximately two / three attacks every half hour / 1 hour. Thinking about an attack is impossible!

About those cooldowns. Some androids seem to remember the number of attempts but forget the cooldown itself after a reload. It takes 20-30 seconds to reload. So it becomes a "Attempt -> Reload -> Attempt -> Reload" etc with 30 seconds taken for each attempt. It eats away at the battery charge though.
Question is can this bruteforcer do automated reloads? Is it possible?

@m-funtikov Do you have a phone that forgets about the attempts after a reboot, and can you tell me what make and model it is?

from android-pin-bruteforce.

I managed to carry out the attack: 79 attempts in almost three hours. Consumption has been drastically reduced, I find that with the new configurations the waiting time can go back to being a multiple of 30 seconds and not 30 + 5. In my opinion it could work. But now you have to find a way to stop the attack once you find the code otherwise the phone will lock again :-)

from android-pin-bruteforce.

Pixel 2xl, I think its android 10. So can I somehow make it reload for each attempt? Sorry for invading the thread btw.

edit: Oh it still remembers the number of attempts and gives the appropriate long cooldown. It's just a 120 seconds cooldown is longer than a 20 seconds reload. Seems like an appropriate bypass to me.

@m-funtikov please go ahead and make a new issue for the Pixel 2xl with as many details about the timing as you can.

from android-pin-bruteforce.

I managed to carry out the attack: 79 attempts in almost three hours. Consumption has been drastically reduced, I find that with the new configurations the waiting time can go back to being a multiple of 30 seconds and not 30 + 5. In my opinion it could work. But now you have to find a way to stop the attack once you find the code otherwise the phone will lock again :-)

@odorisiogallo I have updated config.motorola.moto-g5-plus with the following

It sends the enter keys every 30 seconds to stop the phone from going to sleep and locking after it has unlocked.

## KEYS_STAY_AWAKE_DURING_COOLDOWN the keys that are sent during the cooldown period to keep the phone awake
KEYS_STAY_AWAKE_DURING_COOLDOWN="enter"

## SEND_KEYS_STAY_AWAKE_DURING_COOLDOWN_EVERY_N_SECONDS how often the keys are sent, in seconds
SEND_KEYS_STAY_AWAKE_DURING_COOLDOWN_EVERY_N_SECONDS=30

Is this correct? I have reduced each cooldown by 5 seconds.

PROGRESSIVE_ARRAY_ATTEMPT_COUNT__________=(1  10 40  50  60 70   80    90  100  110  120    130   140    150    160    170    180     190)
PROGRESSIVE_ARRAY_ATTEMPTS_UNTIL_COOLDOWN=(5   1  1   1   1  1    1     1    1    1    1      1     1      1      1      1      1       1)
PROGRESSIVE_ARRAY_COOLDOWN_IN_SECONDS____=(30 30 60 120 240 480 960 1920 3840 7680 15360 30720 61440 122880 245760 491520 983040 1966080)

from android-pin-bruteforce.

Can I close this issue now that the Motorola G5 Plus is supported?

from android-pin-bruteforce.