- Mobile Device Exploitation Cookbook
- Prashant Verma Akshay Dixit
- 510字
- 2025-02-20 13:46:32
Bypassing Android lock screen protection
Android users are advised to protect their devices by setting up a password, pin, or lock screen (graphical pattern). When users talk about lock screen bypass, they usually mean they have locked their phone or forgotten their pattern, not how to bypass the screen and get into the device. We are approaching the topic in a more aggressive fashion, as this book is about mobile device exploitation. As an attacker, how could we bypass a victim's lock screen? Now, this topic is widely spoken about and there is already a wide range of tricks to do it; various exploits/methods may work in specific Android or device versions but may not work with others.
Getting ready
We are going to take a case where we reset the lock pattern in a phone via ADB. So for this recipe, you need ADB ready. We learned about ADB in the previous recipe. Let's now use that what we learnt, to hack. Apart from ADB, you need to obtain an Android device with USB debugging enabled, and has a that password needs to be reset.
How to do it...
Follow these steps to bypass the lock screen protection:
- Connect to the target Android device using ADB. If we have obtained a phone with USB debugging enabled and the phone is rooted, things are much easier. If the phone is not rooted, then there are hacks to do so as well. For this recipe, let's consider a rooted phone.
- Now that you are connected via ADB, type the following command:
adb shell - This gives you the shell in a connected Android device.
- Next, change the current working directory to /data/system, which is where keys are located. To do this, we have to type the following command to change the directory:
cd /data/system - Then finally you need to delete the relevant key. Simply run the remove command to delete it:
rm *.key - It can also be run as follows:
rm <correct-filename>.key - In case you are prompted for superuser permissions, you can run the
sucommand. The preceding commands delete the key files containing lock screen information. - Next, do a device reboot and the lock screen should have gone.
How it works...
This works because the key files in the /data/system folder contain system information, such as the lock screen's password information. If these key files are deleted, on reboot the device is not able to locate a lock screen setting, so effectively it allows access without a password.
Note
A device already in USB debugging mode, and rooted as well, allows this recipe to work quite easily.
There's more...
The key message is; this is not the only way to bypass the lock screen, nor is this method guaranteed to work in all cases. Hackers have come up with multiple ways to bypass Android lock screens. To further complicate matters, not all methods work for all Android versions. So you may have to spend a lot of effort in certain cases to figure out how to bypass the Android lock screen.