Thursday, 14 August 2014

How To Crack The Android Gesture Pattern Lock

android gesture pattern cracked

In this tutorial I am going to demonstrate that how to crack the Gesture Pattern of ROOTED android devices.
This tutorial doesn't seem very effective in attacking some victim but it is good for those who want to try it on some android device after getting a metasploit meterpreter session.

How Gesture Pattern Lock Works??

Well first of all we need to understand that how gesture pattern works. Patterns are nothing but the path traced by the fingers on the nine circles with the number starting from 1 to 9 from top-left corner to the right bottom corner as shown in the figure below.

android gesture pattern

If we select a pattern 1478, the pattern would look like the following figure.

android gesture pattern keys
Gesture pattern is encrypted as a SHA-1 hash without a salt in gesture.key file at /data/system/gesture.key .

Tools Required:

1- ADB shell
2- ROOTED android device
3- Gesture Pattern SHA-1 dictionary and script to compare those hashes

1- First of all, enable usb debugging in your mobile's settings and connect your cell phone with your pc so that we may copy the gesture.key file for decryption purpose.

2- Download ADB shell from ADB official site and extract it on your drive. Open cmd, go to adb folder and execute the following command.

gesture key copied with adb shell

3- Now download the Gesture Pattern SHA-1 dictionary and python script from the above given links and extract those on your drive. Then execute the following command.

From the above image you can see the decrypted Gesture Pattern which is 14569.

This attack hardly takes 1-2 seconds as total number of possible patterns are only 9,85,825.