Monday, December 21, 2015

Know about how to crack your Android Pattern Lock

Android devices support different types of locks like pattern lock, knock code, swipe, PIN, password, gesture lock, face lock etc.

Android Pattern Lock is feature which allows user to lock the device  with creating a pattern by joining nine circles in the touch screen. The Pattern dots are numbered from 0-8 which is 9 digits. In most of devices it is mandatory to join at least 4 dots i.e. 4 numbers

First let me say a few words about SHA1 Hash function which is used by android to store the Pattern lock key.

a) Secure Hash Algorithm is a series of algorithms designed by the National Security Agency of USA for cryptographic purposes. There are 4 hash functions namely SHA, SHA1, SHA2, SHA3

b) SHA1 which is second in the series contains 20 byte hash value which is typically a hexadecimal value with 40 characters. Every two characters forms a byte and thus 40 characters consists of 20 bytes

c)  SHA1 is not fully secure and its vulnerable to cryptographic attacks and its easier to decode SHA1 has values

I kindly request you to bear with the links given in this post!!!

To know further read this article in Wikipedia (SHA1)

To know documentation of SHA1 read this page (SHA1 documentation)

Now I am going to explain how to bypass pattern lock in any android phone. This is just for people who would like to explore more with android phones. The following should be kept in mind

1. Kindly note that this method works with ROOTED phones only!!!!!!
2. You need SQLite Browser
3. You need Hexadecimal editor. Either online editor or downloaded software
3. You need SHA1 pattern database

1. First Lock your phone with a pattern. In my LG G3 Beat the option is in Settings->Lock Screen->Pattern
I have locked my phone as 4-7-8-5-2-1-0-3-6

2. You need to root your phone for this. This is mandatory . For rooting and how to enable root explorer in ES file explorer, see this link (Rooting your phone)

3. Open ES task Manager.  Go To Device->Data->System and find gesture.key file.

4.  Copy the gesture.key file to your device memory or SD card. I have copied it to SD card

5. Now its time to do something with your Computer. Either connect your phone to your PC and copy the gesture.key file to your desktop or email it from your phone

6. Now you need hexadecimal editor which can be downloaded free from this link (hexa decimal editor). You can download any other editor other than this

Now you need to open the gesture.key file in the editor

7. Once you open the gesture.key file in the editor it will display the 20 byte hexadecimal hash. Now what you have to do is, copy the 20 byte hexadecimal hash and paste in Notepad or any other word editor and remove the spaces in between. Every two characters forms a byte( therefore 40 characters). Now my hash looks like this


8. Next download SHA1 Pattern (GestureRainbowTable) database from this link ( SHA1 database)

a) Now next step is to download and install SQLite Browser for windows from this link (SQlite Browser).

Open SQLite Browser and open the "GestureRainbowTable" Database (Ctrl+O or File Menu->Open Database)

b) Now in the "Database Structure" tab Right Click on table and select Browse Table

The table will be opened in the "Browse Data" tab. The table will have two columns, "hash" and its corresponding "pattern"

 c) In the hash column paste the 20 byte Hash Code i.e "c526ad03f51992df49df6006b9cf49bd04c784fa" (without quotes). 

d) Once you paste the hash code it will automatically give the corresponding pattern which is [4, 7, 8, 5, 2, 1, 0, 3, 6]

THAT'S ALL !!!!!!! Now you can find that the pattern we obtained from SQLite browser is same as the lock pattern we set up in STEP 1