search

urbanadventurer / Android-PIN-Bruteforce

Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)
3.93k stars 720 forks source link

Hid-Keyboard binary fix #120

Open Gr1MM-Hond0 opened 2 years ago

Gr1MM-Hond0 commented 2 years ago

I think this script is great, It has allowed me to unlock the mobile device of a family member who has passed. After many hours of troubleshooting I stumbled onto this solution, I have done a small write up to see if this will help anyone else. This method should fix the error 126/127 if all other items are implemented correctly

Compiling the binary yourself:

If the binary is not on your device you will need to compile yourself. You will need to go and grab the hid-gadget-test utility as a basis for the file you will need. Using git:

git clone- https://github.com/aagallag/hid_gadget_test

Edit the hid_gadget_test.c file. You need to edit 3 sections: First you add the values for the number keys to the static struct options kval on line 32.

{.opt = "1",        .val = 0x1e},
{.opt = "2",        .val = 0x1f},
{.opt = "3",        .val = 0x20},
{.opt = "4",        .val = 0x21},
{.opt = "5",        .val = 0x22},
{.opt = "6",        .val = 0x23},
{.opt = "7",        .val = 0x24},
{.opt = "8",        .val = 0x25},
{.opt = "9",        .val = 0x26},
{.opt = "0",        .val = 0x27},

Secondly remove the print_options section on lines from 209 – 239. 
Thirdly remove the print_options function call around line 260.

Now you can move the directory to the device being used for the brute forcing. You have to compile the binary ON THAT DEVICE. The binary will not work if compiled on another device then transferred.

On the device navigate to the directory you just transferred across. Run the “make” command In that directory. Rename the new binary to match what the script looks for “hid-keyboard”, you can either move that file or keep it in that directory. Edit the config file for the Android-PIN-Bruteforce. On line 67 change the path for the hid-keyboard variable to where your new binary is, you will also need to edit this value in any pre-made configs that come with the script.

This should now work. Some tweaking may be required depending on the phone being brute forced.

urbanadventurer commented 2 years ago

Thank you for this @Gr1MM-Hond0 ! 🎉

Cerber123 commented 1 year ago

I'm doing as in this description and nothing works :/

Anyone else got any ideas on how to fix this? IMG_20230531_085626

Outlawed-Earl commented 8 months ago

Same issue here op 7 pro

ZedbeHiro commented 7 months ago

I think this script is great, It has allowed me to unlock the mobile device of a family member who has passed. After many hours of troubleshooting I stumbled onto this solution, I have done a small write up to see if this will help anyone else. This method should fix the error 126/127 if all other items are implemented correctly

Compiling the binary yourself:

If the binary is not on your device you will need to compile yourself. You will need to go and grab the hid-gadget-test utility as a basis for the file you will need. Using git:

git clone- https://github.com/aagallag/hid_gadget_test

Edit the hid_gadget_test.c file. You need to edit 3 sections: First you add the values for the number keys to the static struct options kval on line 32.

{.opt = "1",      .val = 0x1e},
{.opt = "2",      .val = 0x1f},
{.opt = "3",      .val = 0x20},
{.opt = "4",      .val = 0x21},
{.opt = "5",      .val = 0x22},
{.opt = "6",      .val = 0x23},
{.opt = "7",      .val = 0x24},
{.opt = "8",      .val = 0x25},
{.opt = "9",      .val = 0x26},
{.opt = "0",      .val = 0x27},

Secondly remove the print_options section on lines from 209 – 239. 
Thirdly remove the print_options function call around line 260.

Now you can move the directory to the device being used for the brute forcing. You have to compile the binary ON THAT DEVICE. The binary will not work if compiled on another device then transferred.

On the device navigate to the directory you just transferred across. Run the “make” command In that directory. Rename the new binary to match what the script looks for “hid-keyboard”, you can either move that file or keep it in that directory. Edit the config file for the Android-PIN-Bruteforce. On line 67 change the path for the hid-keyboard variable to where your new binary is, you will also need to edit this value in any pre-made configs that come with the script.

This should now work. Some tweaking may be required depending on the phone being brute forced.

step3 - remove print_options function call around line 260.

really cant find it, could u be a bit more specific in step3 please?

is it this line?

print_options(argv[2][0]);

UPDATE:

@Gr1MM-Hond0

it works, thank u very very much

mintfelicity commented 4 months ago

@ZedbeHiro How did you do it?

So i went to change all that but i wasn't sure on the print_options(argv[2][0]);. do i delete the wait(42) as well?

After that do i mv hid_gadget_tst.c to /Android-PIN-Brutefoce folder?

and when you say compile the binary do you mean to run the file eg. bash ./hid_gagdet_tst.c?

i tried to do all that and got

line 1 : /Android-PIN-Bruteforce: Is a directory line 15 : struct: command not found line 16: const: command not found line 17: unsigned command not found line 18: Syntax error near unexpected token '}' line 18: '};'

Anyone got any tutorial? Help is appreciated

Update, Got it to work the code wasnt the problem i had just to figure out what compiling means. If anyone is stuck like me to compile need to use gcc command eg. gcc hid_gadget_test.c

Outlawed-Earl commented 4 months ago

I like to think I know what I'm doing, but that's not always true. I followed what everyone has suggested, but I get the below error. image image

I've retried several time now. Even reinstalling Net Hunter and this is the only time, I can say, with out a doubt that I installed Net Hunter correctly.

I thought I compiled correctly but I'm not really sure if I did that right. _commands: (gcc -o hid-keyboard hid_gadgettest.c) & (chmod u+x hid-keyboard) I've also tried moving the file to directories and tested with (bash ./android-pin-bruteforce crack --length 3) image

any more detail comments would be appreciated

mintfelicity commented 4 months ago

I like to think I know what I'm doing, but that's not always true. I followed what everyone has suggested, but I get the below error. image image

I've retried several time now. Even reinstalling Net Hunter and this is the only time, I can say, with out a doubt that I installed Net Hunter correctly.

I thought I compiled correctly but I'm not really sure if I did that right. _commands: (gcc -o hid-keyboard hid_gadgettest.c) & (chmod u+x hid-keyboard) I've also tried moving the file to directories and tested with (bash ./android-pin-bruteforce crack --length 3) image

any more detail comments would be appreciated

Hey,

It might not be the answer. But on your config, "HID_KEYBOARD=etc/Android-PIN-Bruteforce-master/hid_gadget_test" shouldn't it be "HID_KEYBOARD=etc/Android-PIN-Bruteforce-master/hid-keyboard" ? since you compile it to hid-keyboard not hid_gadget_test

Outlawed-Earl commented 4 months ago

I tested it out just to be sure. Same error. From my understanding of the error the hid-keyboard executable isn't found in the hid_gadget_test file. Is there any debug options that shows me the step of accessing the file. I don't think permissions is the issue though.

Outlawed-Earl commented 4 months ago

I like to think I know what I'm doing, but that's not always true. I followed what everyone has suggested, but I get the below error. image image

I've retried several time now. Even reinstalling Net Hunter and this is the only time, I can say, with out a doubt that I installed Net Hunter correctly.

I thought I compiled correctly but I'm not really sure if I did that right. _commands: (gcc -o hid-keyboard hid_gadgettest.c) & (chmod u+x hid-keyboard) I've also tried moving the file to directories and tested with (bash ./android-pin-bruteforce crack --length 3) image

any more detail comments would be appreciated

Hey,

It might not be the answer. But on your config, "HID_KEYBOARD=etc/Android-PIN-Bruteforce-master/hid_gadget_test"

shouldn't it be "HID_KEYBOARD=etc/Android-PIN-Bruteforce-master/hid-keyboard" ? since you compile it to hid-keyboard not hid_gadget_test

Hey, it looks like you actually have to go to the actual file in the folder. The full path. Thank you so much

vsa77 commented 4 months ago

I like to think I know what I'm doing, but that's not always true. I followed what everyone has suggested, but I get the below error. image image

I've retried several time now. Even reinstalling Net Hunter and this is the only time, I can say, with out a doubt that I installed Net Hunter correctly.

I thought I compiled correctly but I'm not really sure if I did that right. _commands: (gcc -o hid-keyboard hid_gadgettest.c) & (chmod u+x hid-keyboard) I've also tried moving the file to directories and tested with (bash ./android-pin-bruteforce crack --length 3) image

any more detail comments would be appreciated

First, let me point out I'm in here because I like to think I know what I'm doing as well, then find out otherwise. You don't mention whether you got it to compile and work, so if you have, this is for everyone who comes later.

The instructions say to use the 'make' command, not 'gcc'. Navigate to the folder and type make

If it doesn't work, that means you messed up editing hid_gadget_test.c

That's where I screwed up. I ended up just deleting the folder then cloned it again so I had a fresh copy to work with.

It helps if you use an app that numbers the lines (I used Squircle CE), then start from the bottom, because it looks like half the instructions were written while looking at the unedited file, with Step 3. Like so:
Step 3: go down to around Line 260 (actually Line 269). The call you're deleting is print_options(argv[2][0]); also delete the two empty lines so there is only one empty line (268) between the } on Line 267 and 'while...' which is now on Line 269. Step 2: Remove the entire section from 209 to 239. Again, make it pretty with only one blank line between the sections that were above and below. Step 1: Go to the end of Line 32. Hit Enter. You're now on a blank Line 33. Copy and paste as plain text the number values as outlined in the instructions above.

For those new to programming, the key phrase that will help you here is contextual clues. When pasting the numbers as plain text some may notice that the { at the start of each line you just inserted is offset from the ones that were already there. So go to the beginning of each of those 10 lines and add a space so they all line up with the { below them.

Save the file. Exit out of your editor. Go back to the Nethunter Terminal. Navigate to the hid_gadget_test folder. Type make If you followed the instructions it will make the file hid_gadget_test. Rename the file you just made to hid-keyboard Then chmod +x hid-keyboard Go to the Android Pin Bruteforce folder and open the config file. I just left hid-keyboard where it was and it works for me on my Moto G Stylus (2021). So in editing the config file, I changed the HID_KEYBOARD= line near the bottom to read: HID_KEYBOARD=/hid_gadget_test/hid-keyboard Save the file. Exit out your editor. Everything should now be compiled correctly and pointed at the right things.

If you're still having problems, before opening up an issue, delete the both the gadget test and Bruteforce directories, clone them again, and start over.

Except this time you follow every step in the instructions.(90% of my errors are literally me missing some step)