https://github.com/timvisee/apbf
Tool to brute force Android security pattern through TWRP recovery. https://gitlab.com/timvisee/apbf
https://github.com/timvisee/apbf
adb android brute-force decrypt pattern-lock twrp
Last synced: 8 months ago
JSON representation
Tool to brute force Android security pattern through TWRP recovery. https://gitlab.com/timvisee/apbf
- Host: GitHub
- URL: https://github.com/timvisee/apbf
- Owner: timvisee
- License: gpl-3.0
- Created: 2019-05-08T20:12:53.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2023-07-26T16:13:06.000Z (over 2 years ago)
- Last Synced: 2025-04-12T11:37:53.631Z (10 months ago)
- Topics: adb, android, brute-force, decrypt, pattern-lock, twrp
- Language: Rust
- Homepage:
- Size: 1.34 MB
- Stars: 118
- Watchers: 6
- Forks: 24
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
README
[![Pipeline status on GitLab CI][pipeline-badge]][pipeline-link]
# Android Pattern Brute Force
A tool for brute forcing an Android security pattern through TWRP recovery.
One day I forgot what security pattern I used on my phone. Therefore I build a
tool which brute forces the pattern.
I succeeded to crack my 3x3 pattern in about 1.9 hours.
## Requirements
- A pattern lock
- Android 8.0 (Nougat) or above
- [TWRP][twrp] recovery
- [`adb`][adb] (with connectivity to phone in TWRP)
- [`git`][git]
- [`rust`][rust] `v1.32` or higher (install using [`rustup`][rustup])
## Speed
TWRP recovery enforces a hidden timeout of 10 seconds for each pattern attempt,
all consecutive attempts within that time fail with no warning. Because of this
a brute force attempt will take a long while when the pattern search space is
large.
It is highly recommended to constrain the search space as much as possible if
you partially know the pattern to greatly improve the brute force duration.
In the [`config.rs`](./src/config.rs) file you can tweak a few constants for:
- Minimum pattern length
- Maximum pattern length
- Maximum distance between dots in a pattern
- Dots to attempt patterns on (eliminate all dots that are definitely not used)
- Grid size (as chosen while setting up the pattern, usually `3`)
This tool does brute forcing on the actual device. A brute force attempt could
probably be greatly sped up by performing the attempt locally on a computer,
to work around the timeouts. That's however a lot more work to implement (if
even possible), so it's outside the scope of this project.
## Usage
- Make sure you meet the [requirements](#requirements)
- Clone the repository, and build the project
```bash
# Clone repository
git clone git@github.com:timvisee/apbf.git
cd apbf
# Build project
cargo build --release
```
- Tweak properties for brute force attempt in [`config.rs`](./src/config.rs):
```bash
# Edit constants
vim src/config.rs
```
Constrain it as much as possible to reduce pattern search space, which greatly
improves brute force speed. See [speed](#speed).
- Freshly boot phone into TWRP recovery
- Make sure your phone is connected through ADB
```bash
# Device must be visible in list
adb devices
```
- Start brute forcing
```bash
# Run tool
cargo run --release
```
- Wait for a successful attempt, this may take a long while
## License
This project is released under the GNU GPL-3.0 license.
Check out the [LICENSE](LICENSE) file for more information.
[adb]: https://developer.android.com/studio/command-line/adb
[git]: https://git-scm.com/
[rust]: https://rust-lang.org/
[rustup]: https://rustup.rs/
[twrp]: https://twrp.me/
[pipeline-badge]: https://gitlab.com/timvisee/apbf/badges/master/pipeline.svg
[pipeline-link]: https://gitlab.com/timvisee/apbf/pipelines