Permalink
Find file
c80c13f Feb 28, 2014
186 lines (145 sloc) 5.31 KB

Hack android pattern lock

How to bypass pattern lock on Android if you have made `too many attempts`

Note: This is tested on Aakash(AllWinner A13) but you may find the scripts and reference useful

Situation: The attempt to unlock pattern was exceeded, so with no Internet connection and no adb access how to delete the database entries

Short method:

Remove .key files via adb

  • Sometimes deleting password.key and gesture.key files alone can help to unlock pattern lock. But this method require to have ‘Debugging mode’ enabled
  • Attach the Android device to your system and make sure you have ‘adb’ install. adb comes bundled with Android SDK.
  • Now open the terminal and type below commands:
    adb shell rm -r /data/system/password.key
    adb shell rm -r /data/system/gesture.key
        

Long method:

Download and burn an image on SD-card

  • Buy one 8 GB SD-card and download GNU/Linux image for Aakash from here.
  • Extract that image using the command
    tar -xvjf 12.10-lxde-bootLogo-0secUboot-expeyes-scilab-on-cloud-sleep1.img.bz2
        
  • You need to burn that extracted image to SD-card. Insert the SD-card in to the SD-card slot slot of your laptop/PC and run this command.
    sudo dd if=12.10-lxde_with_scilab_on_cloud_cleaned.img of=/dev/sdb bs=1024
        

    assuming your SD-card was detected as /dev/sdb

  • Or you can use a simplified GUI ddMaker tool for burning an image.

Boot with GNU/Linux image

  • Insert the SD-card in to the SD-card slot of the tablet and hold the power button until you see Aakash’s boot-splash screen.

Install required dependencies

  • You need to edit the settings.db file. This is sqlite’s database file. You may need to install sqlite3 on the tablet(GNU/Linux side). You can install it using apt-get. On the terminal type
    sudo apt-get install sqlite3
        

    give the password as 123

Mount the NAND partition

  • login as root
    sudo -s
        

    give the password as 123

  • Now you need to mount /dev/nande partition in which settings.db file resides.
  • Make a temporary directory for mounting NAND partition
    mkdir -p /root/nande
        

    and mount the nande partition using the command

    mount /dev/nande /root/nande
        

Update sqlite database

  • Now change the directory in which settings.db file resides
    cd nande/data/com.android.providers.settings/databases
        

    Make copy of ‘settings.db’ in case you mess up with the content of a file

    cp -v settings.db settings.db-original
        

    and use the database file

    sqlite3 settings.db
        

    You will get an sqlite3 prompt saying

    sqlite
        
  • Now update the database
    update secure set value=0 where name='lock_pattern_autolock';
        
    update secure set value=0 where name='lockscreen.lockedoutpermanently';
        

    quit sqlite3 interface

    .quit
        
  • Also remove the gesture key file
    rm /data/system/gesture.key
        
  • Unmount the NAND partition
    cd /root
    umount /dev/nande
        
  • poweroff the tablet
    poweroff
        
  • Remove the SDcard and boot into Android

Using automated scripts

  • If you decide to use the automated scripts from github, you may also need to install python-pysqlite2. This is python interface library for sqlite3. The command to install is
    sudo apt-get install python-pysqlite2
        
  • Copy both the scripts to /root directory of the tablet(GNU/Linux side) and execute the shell script pattern_unlock.sh
    cd unlock_android_pattern
    bash ./pattern_unlock.sh
        
  • Shutdown the tablet, remove the SD-card and restart it again. Your pattern lock mush have disappeared by now.

Additional commands(sqlite3)

  • View description of table
    pragma table_info([table_name])
        

    for example

    pragma table_info([secure])
        
  • list all the tables in the database
    .tables
        

FOR EDUCATIONAL PURPOSE ONLY!. We do not hold any responsibility if you brick your phone/tablet.