Locked phone: Nexus 5, Nethunter phone: Xiaomi Redmi Note 3 - hid-keyboard works, usb-devices detected, but its not cracking (even when correct pin in the list)
simtcrom opened this issue · comments
To test if its working, I modified optimised-pin-length-4.txt to have only 9 in the list with one of them being my correct pin.
I have a working nethunter phone (redmi note 3) and working locked phone (nexus 5).
Connected otg cable to locked phone and normal micros usb cable to nethunter phone.
ran command bash ./android-pin-bruteforce crack
I can see nethunter phone tried one by one pins in optimised-pin-length-4.txt, it even tried the actual pin and went further. But locked phone did not unlock.
When observed locked phone's PIN screen , I do not see pins being entered there by nethunter phone is that normal behavior?
To test hid-keyboard actually works, I opened a notepad on locked phone and ran the command again on nethunter phone, I could see pins being printed there.
If you can't see PINs being entered then that is not normal behaviour.
What config are you using, and have you tried the config files I made for the Motorola G4 and G5?
If those config files do not work then you may need to experiment using a keyword to find out what keys must be pressed before entering a PIN, such as ESCAPE, ENTER, SPACE, CTRL-ESCAPE and so on. With that information you could make a new config file.
If you can't see PINs being entered then that is not normal behaviour.
attached config and config.default (please note that on phone I kept file names as config and config.default just for uploading here i renamed to .txt
If those config files do not work then you may need to experiment using a keyword to find out what keys must be pressed before entering a PIN, such as ESCAPE, ENTER, SPACE, CTRL-ESCAPE and so on. With that information you could make a new config file.
Ah got it. I will give a try.
This variable might need to change KEYS_BEFORE_EACH_PIN="escape enter"
By the way, you can use it like this.
bash ./android-pin-bruteforce -c ./config.motorola.moto-g4-plus crack
This variable might need to change
KEYS_BEFORE_EACH_PIN="escape enter"By the way, you can use it like this.
bash ./android-pin-bruteforce -c ./config.motorola.moto-g4-plus crack
Guess I am making progress now, When I tried config.motorola.moto-g4-plus I can see first PIN in the list being printed on locked phone and saw Wrong PIN .
But then it did not print anything.
Any tips on how to make the README easier to understand would be helpful. Let me know how your journey goes.
Any tips on how to make the README easier to understand would be helpful. Let me know how your journey goes.
Sure. I am trying by connecting an actual keyboard and recording what keystrokes will get to the PIN screen.
space + enter goes to PIN screen
then typing numbers get PIN inputted
enter attempts that PIN.
But after that, if I type another PIN it is not being inputted (even though I am on PIN screen), looks like the cursor went out some where.
I am trying to find the keystroke to get the cursor back.
I connected a physical keyboard to my locked phone and ,
Pressed space + enter
Which took me to PIN screen and I could enter PIN there. After entering wrong PIN and hit enter, the cursor goes out from where PIN is entered.
I had to hit tab key 4 times to get cursor back in position.
In short, I have to hit tab key 4 times after every incorrect PIN, how can I put this in to config?
I have just added the space_enter key combination. You will need to download the latest version of the source code for this feature.
The part of the config to change is this:
KEYS_BEFORE_EACH_PIN="space_enter tab tab tab tab"
Hopefully this works. Let me know how you go. If not, do any other keys other than space + enter work to bring up the PIN screen?
I added this to this part of the script:
function send_keys() {
prompt="$1"
delay="$2"
for key in $prompt; do
case $key in
"ctrl_escape")
send_key "left-ctrl escape"
;;
"ctrl-escape")
send_key "left-ctrl escape"
;;
"space_enter")
send_key "spacebar return"
;;
"space-enter")
send_key "spacebar return"
;;
I have just added the space_enter key combination. You will need to download the latest version of the source code for this feature.
The part of the config to change is this:
KEYS_BEFORE_EACH_PIN="space_enter tab tab tab tab"Hopefully this works. Let me know how you go. If not, do any other keys other than space + enter work to bring up the PIN screen?
I added this to this part of the script:
function send_keys() { prompt="$1" delay="$2" for key in $prompt; do case $key in "ctrl_escape") send_key "left-ctrl escape" ;; "ctrl-escape") send_key "left-ctrl escape" ;; "space_enter") send_key "spacebar return" ;; "space-enter") send_key "spacebar return" ;;
I downloaded latest android-pin-bruteforce and added KEYS_BEFORE_EACH_PIN="space_enter tab tab tab tab" to config.motorola.moto-g4-plus . When I try, its not going to PIN screen any more.
With KEYS_BEFORE_EACH_PIN="ctrl_escape enter" in config.motorola.moto-g4-plus and latest android-pin-bruteforce , at least its going to the PIN screen and input the first PIN in the list and try it. Its the next PIN onwards, its not able to input.
I will find out if any key other than space + enter takes me to PIN screen.
Note: The locked phone I am trying is Nexus 5
I set,
KEYS_BEFORE_STARTING="space enter"
And tried setting below to
KEYS_BEFORE_EACH_PIN="tab tab tab tab"
and its going PIN screen, but not selecting PIN field.
And tried setting below to
KEYS_BEFORE_EACH_PIN="ctrl_escape enter"
Now going to PIN screen and get selected and first PIN get inputted correctly. But after 1st PIN inputted, PIN field selection gone. I know that tab tab tab tab (4 times tab keys) will bring back the selection. But some how not able to make the script do that.
Can you combine those?
KEYS_BEFORE_EACH_PIN="ctrl_escape enter tab tab tab tab"
Above you wrote : KEYS_BEFORE_STARTING="space enter"
This sends space, a short delay, then sends enter.
That is different to: KEYS_BEFORE_EACH_PIN="space_enter
This sends space and enter at the same time.
Can you combine those?
KEYS_BEFORE_EACH_PIN="ctrl_escape enter tab tab tab tab"
Above you wrote :
KEYS_BEFORE_STARTING="space enter"
This sends space, a short delay, then sends enter.That is different to:
KEYS_BEFORE_EACH_PIN="space_enter
This sends space and enter at the same time.
I tried KEYS_BEFORE_EACH_PIN="ctrl_escape enter tab tab tab tab" and also set KEYS_BEFORE_EACH_PIN="space_enter" still its not doing. Also noticed, during cool off period also its trying PINs on the script.
I made a video of trying different combinations. I am hoping once you see it you will get different behaviors, and you will be able to suggest correct settings to me.
I have added KEYS_AFTER_EACH_PIN by default it is "enter" but you could try changing it to "enter tab tab tab tab"
I have added
KEYS_AFTER_EACH_PINby default it is "enter" but you could try changing it to "enter tab tab tab tab"
That did not help either.
I was thinking of sending keystrokes using hid-keyboard and get the working pattern.
If I want to write couple of below commands, as part of a shell script, how should I do it?
I tried putting them as is, and get error “/dev/hidg0: No such file or directory”
When I try the command individually on shell it works.
echo left-ctrl escape enter | hid-keyboard /dev/hidg0 keybaord
also spacebar an allowed keystroke or is it space ?
spacebar should work, but if it isn't working try space.
The following command should work in a shell script:
echo "enter" | /system/xbin/hid-keyboard /dev/hidg0 keyboard
The /system/xbin/hid-keyboard will combine some keys, but combined keys can only be used in this script when an underscore joins them, for example with ctrl_escape.
@simtcrom were you successful in making a config file for your Nexus 5?
Try making a script like this for testing:
echo "left-ctrl escape" | /system/xbin/hid-keyboard /dev/hidg0 keyboard
echo "spacebar" | /system/xbin/hid-keyboard /dev/hidg0 keyboard
echo "1 2 3 4" | /system/xbin/hid-keyboard /dev/hidg0 keyboard
echo "enter" | /system/xbin/hid-keyboard /dev/hidg0 keyboard
Try making a script like this for testing:
echo "left-ctrl escape" | /system/xbin/hid-keyboard /dev/hidg0 keyboard echo "spacebar" | /system/xbin/hid-keyboard /dev/hidg0 keyboard echo "1 2 3 4" | /system/xbin/hid-keyboard /dev/hidg0 keyboard echo "enter" | /system/xbin/hid-keyboard /dev/hidg0 keyboard
I got busy with work.
But I definitely plan to come back and try this.
I will sure post my results.
Have you had a chance to look at this again?
Have you had a chance to look at this again?
Sorry I could not. Busy at work place.
Also the touch of nexus stopped working. So will have to spend some considerable amount of time to try this out again.
locked out unlock