Simulating a phone combination brute force

 

If a malicious individual were to steal your android or iPhone, plug in a device to emulate a keyboard and have it test every single pass code possible, it would take a while, using the following tutorial, you can calculate the time It would take to do so.

Screenshot_2016-03-02-16-46-31

 

 

 

 

 

 

Firstly, you need to grab Python 3.4.3, or you can probably use the version you have installed. Next we need to create the code.

Firstly we need to import datetime to convert the guesses into time it would have taken, we also need to write down what the combination is, for this example, it will be ‘3502’.

import datetime
combination = "3502"

print (" [Info] Starting")

Then we need to add a guess and how long has passed while performing a guess, as it takes time to enter the numbers into the device, we will simulate this as well as 1 second.

guess = "0000"
seconds_taken = 0

def addsec(seconds):
     global seconds_taken
     seconds_taken = seconds_taken + seconds

I could have added the seconds section into the code directly, but adding as a def allowed me to edit it if I needed to, now that we have done the basics, we need to start guessing, there are 10,000 possible combinations, thats combinations such as 0001, this is problematic as leading zeros will not be carried over into integers in python, we can fix this using .zfill(4), which will add the leading zeros back into the guess, allowing us to compare it with the actual combination. This also means that we can convert the guess back into an integer in order to see if we have exceeded our limit. We also need to add a second for a combination guess.

def addsec(seconds):
     global seconds_taken
     seconds_taken = seconds_taken + seconds

while int(guess) <= 9999:
     addsec(1)
     if guess.zfill(4) == combination:
          print (" [Alert] Combination guessed, combination is " + combination)
          break
     else:
          guess = str(int(guess) + 1)
          print (" [Info] Guess is now '" + str(guess).zfill(4) + "'")

Finally, we need to convert our result into a time, we can do this by dividing our seconds_taken (which is coincidentally the number of guesses if you add one for ‘0000’) by 5 (because it takes 5 guesses before a penalty), and then tuning that into an integer, rounding down and then multiplying by 300, to simulate 5 minutes lockout. then we combine penalties_incurred and seconds_taken, to get the time it takes to guess the combination (in seconds), then use that to convert into an hh:mm:ss format, using datetime.

penalties_incurred = int(seconds_taken / 5) * 300
time_taken = (str(datetime.timedelta(seconds=(penalties_incurred + seconds_taken))))
print (" [Finished] The combination would have taken '" + time_taken + "' to brute force. (h:m:s)")
print (" [Finished] You would have had to wait for " + str(int(penalties_incurred / 300)) + " lockout session(s)" )

What have we learnt?

  • There are 10,000 possible combinations.
  • For my combination, it would take 6 days, 30 minutes to guess.

On an Android Device,

  • It would take over 2,000 lockouts to guess every combination.
  • It would take 7 days, 1 hour, 26 minutes and 40 seconds to guess every combination.
  • It would take 8 hours, 28 minutes and 20 seconds to guess 500 combinations.
  • It would take 50 minutes and 50 seconds to guess 50 combinations, with 10 lockouts.

On an Apple Device*,

  • It would take 1666 lockouts to guess every combination.
  • It would take 5 days, 21 hours, 36 minutes and 40 seconds to guess every combination.
  • It would take 7 hours, 3 mintes and 20 seconds to guess 500 combinations.
  • It would take 40 minutes and 50 seconds to guess 50 combinations, with 8 lockouts.

*However, apple wipes their devices after 11 bad combinations, to avoid this, the combinations would have to be entered correctly after the sixth try in order for the apple device estimates to be correct, which defeats the purpose of brute forcing, for that reason apple devices are much more secure, however there is potential for data to be deleted accidentally.

This simulation is flawed because,

  • It does not take into account combinations greater than 4 digits
  • It does not take into account cumulative waiting times
  • It does not take into account device combinations that don’t involve numbers
  • You could increase the number of digits allowed in order to calculate your combination, for example if it was 67890, replacing the 13th line with 99999 would allow you to calculate it.

Here is the full code extract,