{"id":17382998,"url":"https://github.com/utsanjan/android-pin-bruteforce","last_synced_at":"2025-04-09T18:18:04.800Z","repository":{"id":280552870,"uuid":"310801022","full_name":"utsanjan/Android-Pin-Bruteforce","owner":"utsanjan","description":"Turn your Kali NetHunter phone into a brute-force PIN cracker for screen locked Android devices","archived":false,"fork":false,"pushed_at":"2023-01-27T09:49:53.000Z","size":106,"stargazers_count":282,"open_issues_count":2,"forks_count":38,"subscribers_count":9,"default_branch":"main","last_synced_at":"2025-04-09T18:17:59.710Z","etag":null,"topics":["android","android-devices","android-lock-screen","android-pin-bruteforce","bruteforce","bruteforce-password-cracker","lockpicking","nethunter-phone","pin","shell","shell-script","usb","usb-hid","usb-hid-devices","vulnaribility"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/utsanjan.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"utsanjan","custom":"buymeacoffee.com/utsanjan"}},"created_at":"2020-11-07T08:33:36.000Z","updated_at":"2025-03-22T12:35:26.000Z","dependencies_parsed_at":null,"dependency_job_id":"97d54d8c-e3c6-440e-9baf-b519a1208c18","html_url":"https://github.com/utsanjan/Android-Pin-Bruteforce","commit_stats":null,"previous_names":["utsanjan/android-pin-bruteforce"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/utsanjan%2FAndroid-Pin-Bruteforce","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/utsanjan%2FAndroid-Pin-Bruteforce/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/utsanjan%2FAndroid-Pin-Bruteforce/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/utsanjan%2FAndroid-Pin-Bruteforce/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/utsanjan","download_url":"https://codeload.github.com/utsanjan/Android-Pin-Bruteforce/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248085326,"owners_count":21045139,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","android-devices","android-lock-screen","android-pin-bruteforce","bruteforce","bruteforce-password-cracker","lockpicking","nethunter-phone","pin","shell","shell-script","usb","usb-hid","usb-hid-devices","vulnaribility"],"created_at":"2024-10-16T07:40:10.514Z","updated_at":"2025-04-09T18:18:04.784Z","avatar_url":"https://github.com/utsanjan.png","language":"Shell","funding_links":["https://github.com/sponsors/utsanjan","buymeacoffee.com/utsanjan","https://www.buymeacoffee.com/utsanjan"],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e\n  \u003cbr\u003e\n  \u003ca href=\"https://github.com/utsanjan/Android-Pin-Bruteforce/\"\u003e\n  \u003cimg src=\"https://bit.ly/3M5ztgi\" width=\"220\" alt=\"Android Pin Bruteforce\"\u003e\n  \u003c/a\u003e\u003cbr\u003e\n  Android PIN Bruteforce\n  \u003cbr\u003e\n\u003c/h1\u003e\n\u003cp align=\"center\"\u003eUnlock an Android phone or device\u003cbr\u003eby bruteforcing the lockscreen PIN.\n\u003cbr\u003eTurn any Kali Nethunter phone into\u003cbr\u003ebruteforce PIN cracker of Android!\u003c/p\u003e \u003cbr\u003e\n \n## 🧭 How it works\n\n[![Buy Me A Coffee](https://img.shields.io/open-vsx/stars/redhat/java?color=D8B024\u0026label=buy%20me%20a%20coffee\u0026style=plastic)](https://www.buymeacoffee.com/utsanjan)‎ ‎\n[![](https://img.shields.io/github/languages/count/utsanjan/Android-Pin-Bruteforce?style=plastic)](https://github.com/utsanjan/Android-Pin-Bruteforce/search?l=shell)‎ ‎\n[![](https://img.shields.io/github/license/utsanjan/Android-Pin-Bruteforce?logoColor=red\u0026style=plastic)](https://github.com/utsanjan/Android-Pin-Bruteforce/blob/main/LICENSE)‎ ‎\n[![](https://img.shields.io/github/languages/top/utsanjan/Android-Pin-Bruteforce?color=light%20green\u0026style=plastic)](https://github.com/utsanjan/Android-Pin-Bruteforce)‎ ‎\n\nTo learn about the commands and other usage details [Click Here.](https://github.com/utsanjan/Android-Pin-Bruteforce#-installation--usage)\n\u003cbr\u003eIt uses a USB OTG cable to connect the locked phone to the Nethunter device.\n\u003cbr\u003eIt emulates a keyboard, automatically tries PINs, and waits after trying too many wrong guesses.\n\u003cbr\u003e\u003cbr\u003e\n`[Nethunter phone] ⇌ [USB cable] ⇌ [USB OTG adaptor] ⇌ [Locked Android phone]`\n\nThe USB HID Gadget driver provides emulation of USB Human Interface Devices (HID).\n\u003cbr\u003eThis enables an Android Nethunter device to emulate keyboard input to the locked phone.\n\u003cbr\u003eIt's just like plugging a keyboard into the locked phone and pressing keys.\n\n⏳ This takes a bit over 16.6 hours to try all possible 4 digit PINs,\u003cbr\u003e\nbut with the optimised PIN list it should take you much less time.\n\n### ✅ You will need\n\n- A locked Android phone\n- A Nethunter phone (or any rooted Android with HID kernel support)\n- USB OTG (On The Go) cable/adapter (USB male Micro-B to female USB A),\u003cbr\u003e\nand a standard charging cable (USB male Micro-B to male A).\n\n## ✨ Benefits\n\n- Turn your NetHunter phone into an Android PIN cracking machine\n- Unlike other methods, you do not need ADB or USB debugging enabled on the locked phone\n- You don't need to buy special hardware, e.g. Rubber Ducky, Teensy, Cellebrite, XPIN Clip, etc.\n- You can easily modify the backoff time to crack other types of devices\n- It works!\n\n## 👉🏻 Features\n\n- Optimised PIN list\n- Bypasses phone pop-ups including the Low Power warning\n- Detects when the phone is unplugged or powered off, and waits while retrying every 5 seconds\n- Configurable delays of N seconds after every X PIN attempts\n- Log file gets created for further debugging\n\n## ⚙ Installation \u0026 Usage\n\n```\n\nAndroid-PIN-Bruteforce is used to unlock an Android phone (or device) by bruteforcing the lockscreen PIN.\n\n  Find more information at: https://github.com/utsanjan/Android-Pin-Bruteforce\n\nCommands:\n  crack             Begin cracking PINs\n  resume            Resume from a chosen PIN\n  rewind            Crack PINs in reverse from a chosen PIN\n  diag              Display diagnostic information\n\nOptions:\n  -f, --from PIN    Resume from this PIN\n  -m, --mask REGEX  Use a mask for known digits in the PIN\n  -t, --type TYPE   Select PIN or PATTERN cracking\n  -l, --length NUM  Crack PINs of NUM length\n  -d, --dry-run     Dry run for testing. Doesn't send any keys.\n  -v, --verbose     Output verbose logs.\n\nUsage:\n  android-pin-bruteforce \u003ccommand\u003e [options]\n```\n\n## 📌 PIN Lists\n\n### Optimised PIN list\n\n`pinlist.txt` is an optimised list of all possible 4 digit PINs,\u003cbr\u003e\nsorted by order of likelihood. pinlist.txt is from the following:\u003cbr\u003e\nhttps://github.com/mandatoryprogrammer/droidbrute\n\nThis list is used with permission from Justin Engler \u0026 Paul Vines from Senior Security Engineer, iSEC Partners,\nand was used in their Defcon talk, [Electromechanical PIN Cracking with Robotic Reconfigurable Button Basher (and C3BO)](https://www.defcon.org/html/defcon-21/dc-21-speakers.html#Engler)\n\n### 🎭 Cracking with Masks\n\nMasks use regular expressions with the standard grep extended format.\n\n`./android-pin-bruteforce crack --mask \"...[45]\" --dry-run`\n\n- To try all years from 1900 to 1999, use a mask of `19..`\n- To try PINs that have a 1 in the first digit, and a 1 in the last digit, use a mask of `1..1`\n- To try PINs that end in 4 or 5, use `...[45]`\n\n\n## 🙁 Troubleshooting\n\n### Executing the script\n\nIf you installed the script to /sdcard/, you can\n\u003cbr\u003eexecute it with the following command.\n\n```bash ./android-pin-bruteforce``` \n\nNote that Android mounts /sdcard with the noexec flag. You can verify this with ```mount```.\n\n### Check the cables\n\nThe OTG cable should be connected to the locked Android phone.\n\u003cbr\u003eThe regular USB cable should be connected to the Nethunter phone.\n\n### Diagnostics\n\nUse the diagnostic command.\n\n```bash ./android-pin-bruteforce diag```\n\nNote that Nethunter USB HID support was inconsistent during testing and development.\u003cbr\u003e\nHowever after it starts working, it should continue working until you crack the PIN.\n\nIf you receive this message when the USB cable is plugged in then try taking\u003cbr\u003e\nthe battery out of the locked Android phone and power cycling it.\n\n```[FAIL] HID USB device not ready. Return code from /system/xbin/hid-keyboard was 5.```\n\n### Known Issues\n- This cannot detect when it unlocks\n\n### Tips \u0026 Tricks\n\n- Try powering off the phone and taking out the battery\n- Try sending keys to your PC or laptop\n- Note that the ```Device not Found``` messages\u003cbr\u003e\nare not as important as sending keys successfully.\n\n## 🧑🏻‍💻 Technical Details\n\nThis works from an Android phone because the USB ports\u003cbr\u003e\nare not bidirectional, unlike the ports on a laptop.\n\nKeys are sent using `/system/xbin/hid-keyboard`. \u003cbr\u003e\nTo test this and send the key 1 you can use the following: \u003cbr\u003e\n`echo 1 | /system/xbin/hid-keyboard dev/hidg0 keyboard`\n\nBefore each PIN, we send the escape and enter keys. This is to keep the Android responsive and dismiss any popups about the number of incorrect PIN attempts or a low battery warning. My original motivation to develop this was to unlock a Samsung S5 Android phone. It had belonged to someone who had passed away, and their family needed access to the data on it. As I didn't have a USB Rubber Ducky or any other hardware handy, I tried using a variety of methods, and eventually realised I had to develop something new.\n\n## ✒️ Credits \n### [Andrew Horton](https://github.com/urbanadventurer)\u003cbr\u003e\n**Work: Andrew Horton designed the Bruteforce tool\u003cbr\u003e\nwhich helped me a lot to design my piece of Bash Script**\u003cbr\u003e\n**[Click here](https://github.com/urbanadventurer/Android-PIN-Bruteforce)  to visit his Bruteforce Bash Script Repository.**\u003cbr\u003e\n\n### [Justin Engler \u0026 Paul Vines](https://defcon.org/html/defcon-21/dc-21-speakers.html#Engler)\u003cbr\u003e\n**Work: The optimised PIN list is from Justin Engler \u0026 Paul Vines\u003cbr\u003e\nfrom Senior Security Engineer, iSEC Partners and was used in their\u003cbr\u003e\nDefcon talk, Electromechanical PIN Cracking with Robotic \u003cbr\u003e\nReconfigurable Button Basher and C3BO.**\u003cbr\u003e\n\n## 🌎 Contact me  \n\nFor Queries: [My Instagram Profile](https://www.instagram.com/utsanjan/)  \n[Check Out My YouTube Channel](https://www.youtube.com/DopeSatan)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Futsanjan%2Fandroid-pin-bruteforce","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Futsanjan%2Fandroid-pin-bruteforce","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Futsanjan%2Fandroid-pin-bruteforce/lists"}