Last active
August 18, 2021 20:55
-
-
Save norohind/d1e0d785788a41110633c23e57b9f9d7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import subprocess | |
| from time import sleep | |
| # from time import time | |
| """ | |
| This script bruteforce applock (aka Privacy Protection) feature in MIUI. | |
| ! NO ROOT NEEDED ! | |
| It can be useful if you forgot password | |
| If you wanna just get access to locked app then execute in adb shell: | |
| settings put secure access_control_lock_enabled 0 | |
| But it doesn't give you access to applock settings. | |
| If you want to get access to applock settings then you have to bruteforce | |
| pin by this script. | |
| Some notes for your information: | |
| 1. Some names may be inaccurate because I used Russian interface | |
| 2. It works only with 4 numbers pin code, but you can use principle | |
| of this script to try bruteforce others option (check out "Common algorithm of the script" section). | |
| 3. It has been tested only with Redmi Note 8 pro, for others phone | |
| you may have to get screen coordinates of numbers in screen keyboard | |
| How to start bruteforce: | |
| 1. Open screen of lockapp settings with pin code requirements (Settings -> App -> Apps protection) | |
| 2. Run this script | |
| 3. Wait | |
| Common algorithm of the script: | |
| 1. Choose next pin to test (from range 0000 -> 9999) | |
| 2. Enter it by using "input" command | |
| 3. By using command "settings get secure applock_countDownTimer_deadline" find out if pin was correct. If was then exit from script | |
| 4. Press back key by using "input" adb command | |
| 5. Reset cooldown timer by "settings put secure applock_countDownTimer_deadline 0" adb command (that's why it all works) | |
| 6. Enter into applock pin requirements screen | |
| 7. Back to point 1 | |
| Huge thanks to | |
| https://www.webcazine.com/19186/miui-what-to-do-if-youve-forgotten-your-privacy-protection-password/ | |
| """ | |
| """ | |
| key x y | |
| 1 230 1525 | |
| 2 537 1534 | |
| 3 853 1502 | |
| 4 256 1723 | |
| 5 528 1737 | |
| 6 850 1761 | |
| 7 208 1870 | |
| 8 510 1917 | |
| 9 841 1904 | |
| 0 532 2100 | |
| """ | |
| app_guard = [815, 1110] # coords for app guard button | |
| def number2coords(number: int): | |
| return { | |
| 1: [230, 1525], | |
| 2: [537, 1534], | |
| 3: [853, 1502], | |
| 4: [256, 1723], | |
| 5: [528, 1737], | |
| 6: [850, 1761], | |
| 7: [208, 1870], | |
| 8: [510, 1917], | |
| 9: [841, 1904], | |
| 0: [532, 2100]}.get(number) | |
| def exec_adb_shell(command: str): | |
| print(f"$ {command}") | |
| command = command.split() | |
| process = subprocess.run(['adb ', 'shell', *command], capture_output=True) | |
| if process.returncode != 0: | |
| print(f"returncode {command.returncode}") | |
| print(f"command: {command}") | |
| exit() | |
| return process.stdout | |
| for i in range(0, 10000): | |
| # time1 = time() | |
| i = '{:d}'.format(i).zfill(4) # convert 0 -> 0000 | |
| print(f'Trying {i}') | |
| for number in str(i): | |
| coords = number2coords(int(number)) | |
| command = f'input tap {coords[0]} {coords[1]}' | |
| exec_adb_shell(command) | |
| if exec_adb_shell('settings get secure applock_countDownTimer_deadline') == b'0\r\n': | |
| print(f"I found code: {i}") | |
| break | |
| exec_adb_shell('input keyevent 4') # back key | |
| sleep(0.1) | |
| exec_adb_shell('settings put secure applock_countDownTimer_deadline 0') # reset kd timer | |
| exec_adb_shell(f'input tap {app_guard[0]} {app_guard[1]}') # open app guard back | |
| sleep(0.1) | |
| # print(f"Iteration took {time()-time1}s") | |
| # print("End of loop") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment