Recover PIN codes from observed finger motion.
A mobile-first tool for penetration testers. Observe someone entering a PIN, replay the finger motion on a blank grid, and get ranked guesses powered by spatial analysis and real-world frequency data.
Tap 4 positions --> Normalize to keypad --> Score candidates --> Ranked PINs
- Tap — Mimic the observed motion on a blank grid (no keypad shown)
- Normalize — Points are centered and scaled to a standard 3×4 keypad
- Score — Each candidate PIN is scored via Gaussian proximity and real-world frequency
- Rank — Three output lists: heatmap-only, frequency-filtered, and weighted composite
npm install
npm run devOpen localhost:5173 and tap four positions on the grid.
| Command | Description |
|---|---|
npm run dev |
Start dev server |
npm run build |
Production build |
npm test |
Run all tests |
npm run lint |
Lint with ESLint |
npm run typecheck |
Type-check with tsc |
npm run deploy |
Deploy to GitHub Pages |
src/
lib/ Pure scoring functions (normalize, heatmap, composite, candidates)
components/ React UI (TapGrid, ResultsPanel, WeightSlider, etc.)
hooks/ useTapCapture, useAnalysis
data/ Static CSV loader for PIN frequencies
types/ Shared TypeScript interfaces
All scoring logic lives in src/lib/ as pure functions with zero side effects. Touch handling and rendering happen exclusively in components and hooks.
PIN frequency data covers all 10,000 possible 4-digit PINs, sourced from DataGenetics and SecLists. The dataset is bundled statically — the app works fully offline with no network requests.
This tool is for authorized penetration testing and security awareness training only. It demonstrates why physical PIN shielding matters. It does not interact with any real payment terminals or authentication systems.