Simulating a phone combination brute force

 

If a malicious individual were to steal your android or iPhone, plug in a device to emulate a keyboard and have it test every single pass code possible, it would take a while, using the following tutorial, you can calculate the time It would take to do so.

Screenshot_2016-03-02-16-46-31

 

 

 

 

 

 

Firstly, you need to grab Python 3.4.3, or you can probably use the version you have installed. Next we need to create the code.

Firstly we need to import datetime to convert the guesses into time it would have taken, we also need to write down what the combination is, for this example, it will be ‘3502’.

import datetime
combination = "3502"

print (" [Info] Starting")

Then we need to add a guess and how long has passed while performing a guess, as it takes time to enter the numbers into the device, we will simulate this as well as 1 second.

guess = "0000"
seconds_taken = 0

def addsec(seconds):
     global seconds_taken
     seconds_taken = seconds_taken + seconds

I could have added the seconds section into the code directly, but adding as a def allowed me to edit it if I needed to, now that we have done the basics, we need to start guessing, there are 10,000 possible combinations, thats combinations such as 0001, this is problematic as leading zeros will not be carried over into integers in python, we can fix this using .zfill(4), which will add the leading zeros back into the guess, allowing us to compare it with the actual combination. This also means that we can convert the guess back into an integer in order to see if we have exceeded our limit. We also need to add a second for a combination guess.

def addsec(seconds):
     global seconds_taken
     seconds_taken = seconds_taken + seconds

while int(guess) <= 9999:
     addsec(1)
     if guess.zfill(4) == combination:
          print (" [Alert] Combination guessed, combination is " + combination)
          break
     else:
          guess = str(int(guess) + 1)
          print (" [Info] Guess is now '" + str(guess).zfill(4) + "'")

Finally, we need to convert our result into a time, we can do this by dividing our seconds_taken (which is coincidentally the number of guesses if you add one for ‘0000’) by 5 (because it takes 5 guesses before a penalty), and then tuning that into an integer, rounding down and then multiplying by 300, to simulate 5 minutes lockout. then we combine penalties_incurred and seconds_taken, to get the time it takes to guess the combination (in seconds), then use that to convert into an hh:mm:ss format, using datetime.

penalties_incurred = int(seconds_taken / 5) * 300
time_taken = (str(datetime.timedelta(seconds=(penalties_incurred + seconds_taken))))
print (" [Finished] The combination would have taken '" + time_taken + "' to brute force. (h:m:s)")
print (" [Finished] You would have had to wait for " + str(int(penalties_incurred / 300)) + " lockout session(s)" )

What have we learnt?

  • There are 10,000 possible combinations.
  • For my combination, it would take 6 days, 30 minutes to guess.

On an Android Device,

  • It would take over 2,000 lockouts to guess every combination.
  • It would take 7 days, 1 hour, 26 minutes and 40 seconds to guess every combination.
  • It would take 8 hours, 28 minutes and 20 seconds to guess 500 combinations.
  • It would take 50 minutes and 50 seconds to guess 50 combinations, with 10 lockouts.

On an Apple Device*,

  • It would take 1666 lockouts to guess every combination.
  • It would take 5 days, 21 hours, 36 minutes and 40 seconds to guess every combination.
  • It would take 7 hours, 3 mintes and 20 seconds to guess 500 combinations.
  • It would take 40 minutes and 50 seconds to guess 50 combinations, with 8 lockouts.

*However, apple wipes their devices after 11 bad combinations, to avoid this, the combinations would have to be entered correctly after the sixth try in order for the apple device estimates to be correct, which defeats the purpose of brute forcing, for that reason apple devices are much more secure, however there is potential for data to be deleted accidentally.

This simulation is flawed because,

  • It does not take into account combinations greater than 4 digits
  • It does not take into account cumulative waiting times
  • It does not take into account device combinations that don’t involve numbers
  • You could increase the number of digits allowed in order to calculate your combination, for example if it was 67890, replacing the 13th line with 99999 would allow you to calculate it.

Here is the full code extract,

How to setup MMS on O2 pay & Go Go Go

I recently had a problem with O2’s pay and go go go sim, where I was unable to send MMS or group text people, after a couple conversations with O2 chat and some form help, I was able to finally get it working, perviously when I tried to send an MMS or Photo, I would get the message ‘MMS blocked by Carrier’. But this solution should fix it for you, as it did for me.

The first issue I had was that my apn settings were wrong, here is how to fix it, your settings may vary, but essentially you need to get to your ‘APN’ settings menu in your phone, usually it is
Settings > General > Mobile Data > Mobile Data Network > APN
and for Iphones it is
Settings > Mobile > Mobile Data Network > APN
and for me it was ‘Quick settings’, then tap and hold ‘Mobile Data’ and select ‘Access Point Names’, see below.(I have a HTC Desire 610, but this may apply to most HTC’s)

Screenshot_2014-10-05-19-07-04
Tap and Hold ‘Mobile Data’
Screenshot_2014-10-05-19-31-07
Select ‘Access Point Names’
Screenshot_2014-10-05-19-08-34
Do as necessary

 

Now you have located the menu, you should probably reset your ‘APN’ settings to default, you can do this by pressing the menu button and pressing ‘reset to default’, this stap is technically optional and may straight out fix your problem, so it may be a good idea to check it out. Once you have done that, you should have the following APN; (these may vary from phone to phone)

Name – ‘O2 Pay & Go’
APN – ‘payandgo.o2.co.uk’
Proxy – Not Set
Port – Not Set
Username – ‘payandgo’
Password – ‘password’
Server – Not Set
MMSC – ‘http://mmsc.mms.o2.co.uk:8002’
MMS Proxy – ‘82.132.254.1’
MMS Port – ‘8080’
MMS Protocol – ‘WAP 2.0’ (2.0)
MCC – ‘234’
MNC – ’10’
Authentication type – Not Set
APN type – ‘default,hipri,dun,supl,mms’
Bearer – Unspecified

Now save.

(Settings may vary from phone to phone, so make educated decisions if you are stuck, or Google your specific phone settings for O2 (Or your Carrier).)

You now need to add a new APN for MMS, note that you should have 2 APN’s one for Calls, texts and Internet, and one for MMS. Give it the following settings;

Name – ‘O2 MMS’
APN – ‘wap.o2.co.uk’
Proxy – ‘http://wap.o2.co.uk’
Port – ‘9201’
Username – ‘o2wap’
Password – ‘password’
Server – ‘http://mmsc.mms.o2.co.uk:8002’
MMSC – ‘http://mmsc.mms.o2.co.uk:8002’
MMS Proxy – ‘193.113.200.195’
MMS Port – ‘8080’
MMS Protocol – ‘WAP 2.0’ (2.0)
MCC – ‘234’
MNC – ’10’
Authentication type – Not Set
APN type – ‘mms’
Bearer – Unspecified

Now save.

(Settings may vary from phone to phone, so make educated decisions if you are stuck, or Google your specific phone settings for O2 (Or your Carrier).)

You should now have two APN’s and should now be able to use calls,texts,internet and mms (as well as group messaging and photo sending) on O2 Pay and Go Go Go.

Using Hashlib to Securely store user passwords and credentials.

What is hashing?

Hashing a password means that users cannot have their passwords compromised when a database engineer is reading cleartext in user databases (to a degree, the passwords could be decoded, but hashing them makes them illegible to someone who is not doing anything extensive). And also prevents hackers from reading passwords in plain text and can be compromised by collision attacks.

Additionally when hashing a password a salt may be added to the password, this prevents a database from being attacked by dictionary attacks.

Why Hash Passwords?

Storing User credentials in Plain Text is generally as bad practice as it allows anyone who reads the file (or computer) to see the password, username or any other credential without any sort of protection, In some cases it is against the law, such as PCI SSC Data Security Standards which handles debit and other card types. The solution to this is to Obfuscation in the form of hashing. Hashing a password makes a standard password seem completely random.

How hashing works

When a user signs up for a website or any other form that requires secure credentials, such as a password, username, email address or address, that user will fill in a form that will ask these credentials, then the web server will both hash and store the hash, the server will ‘throw away’ the original password and keep the hash. In a more secure environment the user may also be given a salt, this may be unique to the user or unique to the application (The user will not know the salt, the salt is owned by the server and will be kept secret.). When hashing both the password and salt will be combined and hashed.

How to hash a string in Python

This tutorial uses Hashlib as its hashing encoder which uses the ever bug free OpenSSL…

First we need to import hashlib and encode the input, then finally we need to check for a match.