Android pattern lock brute forcing
Friend asked me for help, he needed that I unlock his Android phone without losing important data. So I did. The phone was locked with 9-pattern.
First horrifying thing that I saw was that there are 350 000 possible combinations on 9-pattern. But humans are predictable with passwords and patterns.
I found this link, it helped me a ton with sorting pattern – which pattern to try first:
Now that I know which patterns to use first, I continued with my work:
First I gathered all things I needed:
- Patterns, which I gathered from internet
- Arduino M0 to emulate mouse and keyboard
- OTG cable
- 2 USB cables to connect PC and Arduino
Things left to do left to were:
- Write code in C for Arduino : receive commands from PC, write patterns through emulated mouse and press keys through emulated keyboard
- Write code for PC program (in C#) : send patterns to Arduino, take pictures, save progress
That was it!
The things I didn’t do but should:
- Detect through computer vision when phone got unlocked (simple, display gets bright when phone unlocks)
- Modify USB OTG so that phone could charge through Arduino port
I didn’t do those things because I got lucky, I was testing the program and in 10 minutes of testing phone got unlocked! Ou yea!
Arduino, target phone, cables, code
Camera, which was duct taped on phone:
Quickly written software:
Images, which were automatically captured before unlock:
Video in action (software is older than shown here):
That was it!