Unlock an Android phone (or device) by bruteforcing the lockscreen PIN using a Raspberry Pi Zero (or a Strawberry Pi Zero if there's no raspberry emoji yet).
It uses a USB OTG cable to connect the locked phone to the Nethunter device. It emulates a keyboard, automatically tries PINs, and waits after trying too many wrong guesses.
[Raspberry Pi Zero] ⟷ [USB cable] ⟷ [USB OTG adaptor] ⟷ [Locked Android phone]
The USB HID Gadget driver provides emulation of USB Human Interface Devices (HID). This enables a Raspberry Pi Zero to emulate keyboard input to the locked phone. It's just like plugging a keyboard into the locked phone and pressing keys.
- A locked Android phone
- a Raspberry Pi with OTG support with a USB male Micro-B cable to power it
- USB OTG (On The Go) cable/adapter (USB male Micro-B to female USB A), and a standard charging cable (USB male Micro-B to male A).
- That's all!
- Install a Linux-based OS onto the Raspberry Pi, configure the Wi-Fi access, enable SSH and log in to it
- Clone this repository onto the Pi
- Run
maketo compile thehid-keyboardbinary (originally from NetHunter) - Run
sudo dtoverlay dwc2andreboot - After reboot, double-check that
dwc2appears in thelsmodoutput, meaning that USB OTG support is enabled. - Run
sudo ./create-hid-keyboard.sh, which will create a/dev/hidg0device through which keyboard events can be fed. - Finally follow the rest of the instructions in the original README.
Make sure to change the
HID_KEYBOARDconfiguration variable to point to the newly-compiledhid-keyboardbinary above.
This repository is licensed under the GNU GPL v3 or later.