[GUIDE][HOW-TO]Crack android pattern lock!

Search This thread

m.sabra

Senior Member
Sep 3, 2011
131
547
Beirut
Dislcaimer: this is for educational purposes only,you shall not use this on other people phones without permission under any circumstances,and am not responsable to any misuse of this hack

ok so not long ago i had a problem with a locked android device with a pattern and i managed to unlock it using adb,so here's how in case you were stuck one day with a locked device.

the device needs to have usb debugging enabled in case usb debugging isn't enabled and you have cwm you can run the same instructions from cwm,root is not required (though it will be so better if the device was rooted)

this was tested on:gingerbread,ice cream sandwich and jelly bean.

both method are through adb.

method 1:
Code:
adb shell
cd /data/data/com.android.providers.settings/databases
sqlite3 settings.db
update system set value=0 where name='lock_pattern_autolock';
update system set value=0 where name='lockscreen.lockedoutpermanently';
.quit

-AND/OR-

method 2:
Code:
adb shell rm /data/system/gesture.key

and that's a video showing how method 2 is done (thanks to melvinchng) : http://www.youtube.com/watch?v=tVJ7T2oC_Zs&feature=player_embedded

you can try both of them,here is how i managed to remove the lock:
1- run the first method.
2-reboot
3-run the second method
4-reboot

NOTES:
-in the first method each line is a seperate command so click enter after typing each line.
-in the second method type all the command and then press enter.
-after running both methods and rebooting you may see the pattern lock,that doesn't necessarily mean it doesn't work,just try any random pattern and it may unlock then remove the pattern from settings.
-this may and may not work,it may work on some devices and don't on others,so all you can do is trying it but i can't assure it will work.
a small donation would be much appreciated thank :) (check my signature)
 
Last edited:

zmore

Senior Member
Apr 25, 2011
1,684
932
NYC
FWIW, on CM10 neither method works as non-root. Yay CyanogenMod.

Method #1 FAIL:
1|[email protected]:/data/data/com.android.providers.settings/databases $ ll
opendir failed, Permission denied
255|[email protected]:/data/data/com.android.providers.settings/databases $ sqlite3 settings.db
Error: unable to open database "settings.db": unable to open database file

Method #2 FAIL:
[email protected]:/data $ ll /data/system/gesture.key
-rw------- system system 20 2012-08-11 04:51 gesture.key
[email protected]:/data $ rm /data/system/gesture.key
rm failed for /data/system/gesture.key, Permission denied

(I use faceunlock + pattern (mostly to keep my kid outta my phone), but if I actually cared more about security I'd encrypt my phone and use a passphrase instead)
 

daniel_loft

Senior Member
Jan 22, 2011
542
96
Stuttgart
So I guess if Debugging wasn't previously enabled, you have no chance to unlock it...

I've noticed a locked Archos tablet in a shop (probably some stupid shopper locked it) and when I saw this thread announced on the first page I was thinking of helping the shop owner. But I guess I cannot.

Have a nice day!
 

CKKnot

Senior Member
Oct 20, 2011
646
518
Kuching
I don't know whether this method can use on neither:
Rooted
Installed Busybox
Rom Version Older or Newer than CM7


This method require ADB Debugging On & A PC & A tool Provided
I found this trick a long time ago
I come for sharing ;)

Download the By-pass security Hack.7z
Primary Step for all method:
  1. Extract it to anywhere using 7-zip.
  2. Open SQLite Database Browser 2.0.exe in SQLite Database Browser.
  3. Run pull settings.db.cmd inside By-pass security Hacks folder to pull out the setting file out of your phone.
  4. Drag settings.db and drop to SQLite Database Browser 2.0.exe program.
  5. Navigate to Browse data tab, At table there, click to list down the selection & selete secure
Instruction To Remove Pattern Lock:
  1. Now, find lock_pattern_autolock, Delete Record
  2. Close & save database
  3. Run push settings.db.cmd and reboot your phone :)
Instruction To Remove PIN Lock:
  1. Now, Find Or Create lockscreen.password_type, double-click & change it's value to 65536, Apply changes!
  2. Now, find lock_pattern_autolock, Delete Record, If doesn't exist, Ignore
  3. Close & save database
  4. Run push settings.db.cmd and reboot your phone :)
Instruction To Remove Password Lock:
  1. Now, find lockscreen.password_salt, Delete Record
  2. Now, find lockscreen.password_type, Delete Record
  3. Close & save database
  4. Run push settings.db.cmd and reboot your phone :)
 

daniel_loft

Senior Member
Jan 22, 2011
542
96
Stuttgart
I advise you guys to also post your Android version. My opinion is that the security hole that permits this hack has been removed in JellyBean, maybe even in an earlier version.
I will try it too a little later, just for the fun's sake.
 

HQRaja

Retired News Writer
Jan 27, 2008
491
433
Islamabad
hqraja.com
don't leave usb debugging checked on then.
If you have forgotten to leave USB debugging enabled, reboot your phone into recovery and do the same. No USB debugging required.
You may however need to mount the partition being accessed by this method, and you can do that only if you have a custom recovery installed (which you more-than-likely have, since you're here on XDA). Just go to 'Mounts and Storage' and mount /data. Then use the method just the normal way. Cheers!
 
  • Like
Reactions: fRzzzy and Hoerst

Top Liked Posts

  • There are no posts matching your filters.
  • 203
    Dislcaimer: this is for educational purposes only,you shall not use this on other people phones without permission under any circumstances,and am not responsable to any misuse of this hack

    ok so not long ago i had a problem with a locked android device with a pattern and i managed to unlock it using adb,so here's how in case you were stuck one day with a locked device.

    the device needs to have usb debugging enabled in case usb debugging isn't enabled and you have cwm you can run the same instructions from cwm,root is not required (though it will be so better if the device was rooted)

    this was tested on:gingerbread,ice cream sandwich and jelly bean.

    both method are through adb.

    method 1:
    Code:
    adb shell
    cd /data/data/com.android.providers.settings/databases
    sqlite3 settings.db
    update system set value=0 where name='lock_pattern_autolock';
    update system set value=0 where name='lockscreen.lockedoutpermanently';
    .quit

    -AND/OR-

    method 2:
    Code:
    adb shell rm /data/system/gesture.key

    and that's a video showing how method 2 is done (thanks to melvinchng) : http://www.youtube.com/watch?v=tVJ7T2oC_Zs&feature=player_embedded

    you can try both of them,here is how i managed to remove the lock:
    1- run the first method.
    2-reboot
    3-run the second method
    4-reboot

    NOTES:
    -in the first method each line is a seperate command so click enter after typing each line.
    -in the second method type all the command and then press enter.
    -after running both methods and rebooting you may see the pattern lock,that doesn't necessarily mean it doesn't work,just try any random pattern and it may unlock then remove the pattern from settings.
    -this may and may not work,it may work on some devices and don't on others,so all you can do is trying it but i can't assure it will work.
    a small donation would be much appreciated thank :) (check my signature)
    22
    i have better method than bot the above ones


    look for smudges on the phone ;)
    16
    I don't know whether this method can use on neither:
    Rooted
    Installed Busybox
    Rom Version Older or Newer than CM7


    This method require ADB Debugging On & A PC & A tool Provided
    I found this trick a long time ago
    I come for sharing ;)

    Download the By-pass security Hack.7z
    Primary Step for all method:
    1. Extract it to anywhere using 7-zip.
    2. Open SQLite Database Browser 2.0.exe in SQLite Database Browser.
    3. Run pull settings.db.cmd inside By-pass security Hacks folder to pull out the setting file out of your phone.
    4. Drag settings.db and drop to SQLite Database Browser 2.0.exe program.
    5. Navigate to Browse data tab, At table there, click to list down the selection & selete secure
    Instruction To Remove Pattern Lock:
    1. Now, find lock_pattern_autolock, Delete Record
    2. Close & save database
    3. Run push settings.db.cmd and reboot your phone :)
    Instruction To Remove PIN Lock:
    1. Now, Find Or Create lockscreen.password_type, double-click & change it's value to 65536, Apply changes!
    2. Now, find lock_pattern_autolock, Delete Record, If doesn't exist, Ignore
    3. Close & save database
    4. Run push settings.db.cmd and reboot your phone :)
    Instruction To Remove Password Lock:
    1. Now, find lockscreen.password_salt, Delete Record
    2. Now, find lockscreen.password_type, Delete Record
    3. Close & save database
    4. Run push settings.db.cmd and reboot your phone :)
    11
    Easier way to force unlock

    I found more simple method to do so on my Galaxy Nexus 4.1.1 ParanoidAndroid 1.99 ROM.

    Code:
    adb shell
    su
    rm /data/system/locksettings.db
    rm /data/system/locksettings.db-wal
    rm /data/system/locksettings.db-shm
    reboot

    And you're done :)
    4
    The exploit/workaround has nothing to do with root. The issue is some OEMs grant the adb shell root access instead of restricting it to a lower permission user. When the adb shell is granted root access someone is then able to access the /data permission which is normally blocked off from any user besides root.

    So you could encounter this exploit by using a phone with USB debugging enabled where the OEM grants the adb shell root access. Or, on a custom ROM where the kernel is granting the adb shell root access. Having your phone rooted just makes it easier where, even if adb was protected with a lower permission user, you could still "su" to root once in a shell and wreck havoc.

    Summary:
    1. Without a rooted phone if your phone grants the adb shell root access (this is something an OEM mistakenly would have done) then you can access this exploit
    2. With a rooted phone you can type "su" after getting a shell via "adb shell" and then execute the exploit
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone