[Android][Guide]Hacking And Bypassing Android Password/Pattern/Face/PI

Does this thread helped you well?


  • Total voters
    47
  • Poll closed .

yasan0va

New member
May 1, 2018
1
0
0
Temporary via ADB?

What does temporary mean after deleting the password file via ADB? Does that mean the original password/pin/pattern/fingerprint will be back after second reboot?

Thanks
 

MajorPlayz

Senior Member
Dec 8, 2016
100
11
0
alistair.cloud
(90% sure this is for any Oreo devices) Right, I realize this thread is old, however this method was *not* mentioned in the OP, so, this is how I did it.

Firstly, I sideloaded Aroma File Explorer ~(it's now my new favourite thing tysm haha)~
Secondly, I changed the setting of the mount behavior on boot to everything.
Then, I exited AFE and re-sideloaded it.
From there, I could simply navigate to /data/system and delete the
Code:
locksettings.db
file.
Lastly, I simply rebooted to system aaaanndddd bam, no lockscreen! It was defaulted to swipe, so it was changeable in settings.

Side note, why are you reading this thread? Did you really forget your password ;):silly:
 

priyadarshi76

New member
Jun 16, 2018
2
0
0
Forgot Pattern Lock

I'm also facing the similar problem. Recently I changed my pattern-lock and forgot it. I really don't want to lose my data, is there any way I can either retrieve my data or unlock my pattern-lock without losing default android stock recovery. Below are my phone details and methods attempted.
1. Moto E4 Plus (XT1770)
2. MediaTek MTK6737
2. Stock Android 7.1.1 Nougat
3. Non-Removable battery
4. Pattern-Locked
5. USB Debugging Disabled
6. Not Rooted
7. Device Location OFF as it was not added in drop down menu list
8. Single gmail account configured and working
9. Data Connection ON
10. Wi-Fi- Enabled & Connected
11. TWRP installed after device got locked from desktop via logging into Google Play but not configured so cannot boot into custom recovery
12. Device driver properly installed on desktop
13. Dr. Fone & iSkysoft Toolbox don’t support my phone and EaseUS needs to be USB enabled
- Non-Working options that I’ve already tried
1. Nougat don't give "forgot password" option like earlier versions
2. Google “find my device” cannot work as now it don't replace pattern-lock with password or PIN but adds another google lock
3. Installed 64GB Micro SD Card is configured as "shared internal memory"
4. Installing anything such as Pattern-Password-disable.zip, SMSBypass.apk, By-pass security Hacks.7z, aromafilemanager.zip or applying update from Recovery Mode results to "Installation aborted"
5. adb devices & adb shell command shows "ZH33L2GRFG Unauthorized"
6. Desktop detects port and device only when device boots in “Meta Mode” and not in “Recovery Mode”. “Factory Mode” shows menu in Chinese language
7. Creating new user gave only access to chrome, YouTube and view settings. Being a limited/restricted user it don’t have any permission to change anything
In my case none of the methods mentioned on the first page worked, developers please help.
 

michael5029

New member
Jul 29, 2018
1
0
0
I have a Galaxy Tab 4, vers. 5.1.1. Pattern is long forgotten and pin as well. Don't want to delete all my data. It is unrooted and no custom recovery. What options can I take to deal with getting past the pattern? Please help, I'm literally trying this for the first time, I almost never "hack" my phones.
 

app04

New member
Sep 24, 2018
1
0
0
Wants solution

I have lenovo k8 plus and I forgot its password. Neither I have usb debugging enabled nor I have adb installed. Will any of the method work for me tounlock my phone??
 

eqroiueq

Member
Aug 27, 2017
14
2
0
(90% sure this is for any Oreo devices) Right, I realize this thread is old, however this method was *not* mentioned in the OP, so, this is how I did it.

Firstly, I sideloaded Aroma File Explorer ~(it's now my new favourite thing tysm haha)~
Secondly, I changed the setting of the mount behavior on boot to everything.
Then, I exited AFE and re-sideloaded it.
From there, I could simply navigate to /data/system and delete the
Code:
locksettings.db
file.
Lastly, I simply rebooted to system aaaanndddd bam, no lockscreen! It was defaulted to swipe, so it was changeable in settings.

Side note, why are you reading this thread? Did you really forget your password ;):silly:
Foolishly, I changed my PIN a week before I left my secondary phone behind for a couple months... .
Since the file gesture.key apparently no longer exists in Android 7, I finally renamed gatekeeper*.key to get rid of the lock screen and locksettings.db* to get Settings to stop asking me for my PIN to set a new one. (both in /data/System/)
For those who already have TWRP, you don't need Aroma File Explorer: just click the Advanced button and use TWRP's file manager.
 
Last edited:

htchd2sucks

Senior Member
May 23, 2010
894
363
83
Hi,
I read your information, so far these are not working in my case:
method 2,3,4, 5,6.
I'm not sure this method 1 is good on my device, I tried to unzip the file Pattern-Password-disable.zip and checked what's inside...
As for method 7, im not sure aroma will work in TWRP, but I could try shortly.

Here's the situation: I have encrypted device, and I'm trying to install "PixelExperience" rom. After booting, it's asking for a pattern to unlock the phone, but I never set one.
I have a pin (and I know it), but it immediately asks me for a pattern, which I don't have/want.

So I'm trying to workaround that.

Anyone has another help?
PS: my topic information is here: https://forum.xda-developers.com/showpost.php?p=77922294&postcount=2887

---------- Post added at 08:58 PM ---------- Previous post was at 08:55 PM ----------

Foolishly, I changed my PIN a week before I left my secondary phone behind for a couple months... .
Since the file gesture.key apparently no longer exists in Android 7, I finally renamed gatekeeper*.key to get rid of the lock screen and locksettings.db* to get Settings to stop asking me for my PIN to set a new one. (both in /data/System/)
For those who already have TWRP, you don't need Aroma File Explorer: just click the Advanced button and use TWRP's file manager.
Could you elaborate?
I have a PIE in a xiaomi device (whyred).
I can't find any /data/system/gesture.key.
I also don't find any gatekeeper.key.

I did use TWRP advanced and even mounted /system. No such files...
 

eqroiueq

Member
Aug 27, 2017
14
2
0
Could you elaborate?
I have a PIE in a xiaomi device (whyred).
I can't find any /data/system/gesture.key.
I also don't find any gatekeeper.key.

I did use TWRP advanced and even mounted /system. No such files...
I have a Samsung Galaxy S4 m919 running LineageOS 14.1 microG (Android 7). Maybe /data/System/gatekeeper*.key and /data/System/locksettings.db* are Samsung things? Or maybe they changed names or moved directory in Oreo or Pie?
Other than that, I don't know what to tell you; I mounted in TWRP whatever partitions it offered and from TWRP's file manager deleted the files I listed.
 
  • Like
Reactions: htchd2sucks

htchd2sucks

Senior Member
May 23, 2010
894
363
83
I have a Samsung Galaxy S4 m919 running LineageOS 14.1 microG (Android 7). Maybe /data/System/gatekeeper*.key and /data/System/locksettings.db* are Samsung things? Or maybe they changed names or moved directory in Oreo or Pie?
Other than that, I don't know what to tell you; I mounted in TWRP whatever partitions it offered and from TWRP's file manager deleted the files I listed.
It might have changed name again or something else is happening on Android 9 (pie) using PixelExperience on "whyred" device.

In TWRP, I also had to mount the /system before the advanced file manager. In fact it's different than /data/system but there's no system folder in /data...

:eek:

---------- Post added at 09:45 AM ---------- Previous post was at 09:05 AM ----------

Hi,
I read your information, so far these are not working in my case:
method 2,3,4, 5,6.
I'm not sure this method 1 is good on my device, I tried to unzip the file Pattern-Password-disable.zip and checked what's inside...
As for method 7, im not sure aroma will work in TWRP, but I could try shortly.

Here's the situation: I have encrypted device, and I'm trying to install "PixelExperience" rom. After booting, it's asking for a pattern to unlock the phone, but I never set one.
I have a pin (and I know it), but it immediately asks me for a pattern, which I don't have/want.

So I'm trying to workaround that.

Anyone has another help?
PS: my topic information is here: https://forum.xda-developers.com/showpost.php?p=77922294&postcount=2887

---------- Post added at 08:58 PM ---------- Previous post was at 08:55 PM ----------



Could you elaborate?
I have a PIE in a xiaomi device (whyred).
I can't find any /data/system/gesture.key.
I also don't find any gatekeeper.key.

I did use TWRP advanced and even mounted /system. No such files...
Edit:
Method 1, 2,3,4, 5,6 did not work.
I also tried flashing lockscreen-removed-signed.zip, no luck, it still asks for PATTERN when rebooting.
 

htchd2sucks

Senior Member
May 23, 2010
894
363
83
@piraterex


Edit:
I though I found a workaround, but no... In fact I only succeeded in removing "encryption" so my device is no longer encrypted (thats why it works).
Shame...

Reboot into fastboot (turn off, hold volume down+ power)
Connect phone to computer and launch an adb device to verify it's connected

Then type: fastboot format userdata
mke2fs 1.43.3 (04-Sep-2016)
Creating filesystem with 13465591 4k blocks and 3366912 inodes
Filesystem UUID: 11e52f8c-d4fc-11e8-9dce-cf1d31b522b3
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424

Allocating group tables: done
Writing inode tables: done
Creating journal (65536 blocks): done
Writing superblocks and filesystem accounting information: done

Sending 'userdata' (4493 KB) OKAY [ 0.165s]
Writing 'userdata' OKAY [ -0.000s]
Finished. Total time: 0.414s



Then:
fastboot reboot
Rebooting
Finished. Total time: 0.000s


Now it took longer to load after the G logo, and it's now asking me for the SIM PIN. I entered it and it start to setup google!

Hurray! It's no longer asking me for a pattern than I never set...
Note: it's also not asking me for a PIN, eventhough it was encrypted and should ask me for a pin...


Now the important question is where is stored "userdata"?
How come it's not wiped using TWRP?
And what did I just delete (what contains userdata) ?
 
Last edited:

htchd2sucks

Senior Member
May 23, 2010
894
363
83
The only workaround I found so far, to decrypt /data in TWRP when it asks for a PATTERN instead of a PIN:
Connect the phone to usb and boot into recovery (TWRP)
adb shell
twrp decrypt ' 12345' (where 12345 is your pin; note: it needs the single quote).

That way it will decrypt /data in TWRP (recovery).
 

MajorPlayz

Senior Member
Dec 8, 2016
100
11
0
alistair.cloud
Foolishly, I changed my PIN a week before I left my secondary phone behind for a couple months... .
Since the file gesture.key apparently no longer exists in Android 7, I finally renamed gatekeeper*.key to get rid of the lock screen and locksettings.db* to get Settings to stop asking me for my PIN to set a new one. (both in /data/System/)
For those who already have TWRP, you don't need Aroma File Explorer: just click the Advanced button and use TWRP's file manager.
A good point indeed, however Aroma does provide a more natural and for people who are newer to rooting, a similar environment to a regular file manager you would download from the Play Store. I feel that this is the better step for new-comers, however TWRP's inbuilt one will do just the job, too.
 

slem182

Member
Oct 26, 2011
39
1
0
Bandung
I never place passwords on my phone, but now after I install new custom rom it ask for passowrds while start up.
I can't find any gesture.key, password.db, locksetting.db etc on my aroma.
What shloud I do? I'm on 8.0 now and using Moto Z.

Thank you before