Skip to content
/ apbf Public

Tool to brute force Android security pattern through TWRP recovery. https://gitlab.com/timvisee/apbf

License

Notifications You must be signed in to change notification settings

timvisee/apbf

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Pipeline status on GitLab CI

Android Pattern Brute Force

A tool for brute forcing an Android security pattern through TWRP recovery.

Screenshot

One day I forgot what security pattern I used on my phone. Therefore I build a tool which brute forces the pattern.

I succeeded to crack my 3x3 pattern in about 1.9 hours.

Requirements

  • A pattern lock
  • Android 8.0 (Nougat) or above
  • TWRP recovery
  • adb (with connectivity to phone in TWRP)
  • git
  • rust v1.32 or higher (install using rustup)

Speed

TWRP recovery enforces a hidden timeout of 10 seconds for each pattern attempt, all consecutive attempts within that time fail with no warning. Because of this a brute force attempt will take a long while when the pattern search space is large.

It is highly recommended to constrain the search space as much as possible if you partially know the pattern to greatly improve the brute force duration.

In the config.rs file you can tweak a few constants for:

  • Minimum pattern length
  • Maximum pattern length
  • Maximum distance between dots in a pattern
  • Dots to attempt patterns on (eliminate all dots that are definitely not used)
  • Grid size (as chosen while setting up the pattern, usually 3)

This tool does brute forcing on the actual device. A brute force attempt could probably be greatly sped up by performing the attempt locally on a computer, to work around the timeouts. That's however a lot more work to implement (if even possible), so it's outside the scope of this project.

Usage

  • Make sure you meet the requirements

  • Clone the repository, and build the project

    # Clone repository
    git clone [email protected]:timvisee/apbf.git
    cd apbf
    
    # Build project
    cargo build --release
  • Tweak properties for brute force attempt in config.rs:

    # Edit constants
    vim src/config.rs

    Constrain it as much as possible to reduce pattern search space, which greatly improves brute force speed. See speed.

  • Freshly boot phone into TWRP recovery

  • Make sure your phone is connected through ADB

    # Device must be visible in list
    adb devices
  • Start brute forcing

    # Run tool
    cargo run --release
  • Wait for a successful attempt, this may take a long while

License

This project is released under the GNU GPL-3.0 license. Check out the LICENSE file for more information.