[GUIDE][HOW-TO]Crack android pattern lock!

[Helloworld294]

I am running 6.0.1 on my Nexus 5 and did not see the .db files. I saw the gatekeeper files as .key files
You could use your method and delete gatekeeper.pattern.key and gatekeeper.password.key with TWRP file manager or use adb like this

adb devices
adb shell
cd /data/system
rm gatekeeper.pattern.key
rm gatekeeper.password.key

Yeah I meant .key files lol

Also use "sudo cd ~/data/system .

In my opinion that is a pretty huge security flaw right here [emoji1]

 

[Abednego]

Yeah I meant .key files lol

Also use "sudo cd ~/data/system .

In my opinion that is a pretty huge security flaw right here [emoji1]

Actually I don't see a security problem there. If you want your device secure, just don't unlock the bootloader and/or encrypt. Unlocked devices may be attacked (or recovered) via recovery.

If you need to store sensitive data on an unlocked device, you should add an extra layer of security - which probably means encryption.

Did I miss something?

Gesendet von meinem D5803 mit Tapatalk

 

[Helloworld294]

Actually I don't see a security problem there. If you want your device secure, just don't unlock the bootloader and/or encrypt. Unlocked devices may be attacked (or recovered) via recovery.

If you need to store sensitive data on an unlocked device, you should add an extra layer of security - which probably means encryption.

Did I miss something?

Gesendet von meinem D5803 mit Tapatalk

Uhm no... This is a nexus device, so to unlock it all you have to do is go to developer settings and tick "OEM Unlock" thats it.

Hook it up to a computer, boot into bootloader mode and just type these two lines

"fastboot oem unlock"

"fastboot flash recovery recovery.img"

Done, your phone is completely insecure after that and I'll be able to see all that porn you tryna hide in your phone behind an "encryption" [emoji1]

 

[Abednego]

Uhm no... This is a nexus device, so to unlock it all you have to do is go to developer settings and tick "OEM Unlock" thats it.

Hook it up to a computer, boot into bootloader mode and just type these two lines

"fastboot oem unlock"

"fastboot flash recovery recovery.img"

Done, your phone is completely insecure after that and I'll be able to see all that porn you tryna hide in your phone behind an "encryption" [emoji1]

I beg to differ in two aspects:

1. Unless you can trick my Nexus into believing that it's unlocked without actually issuing the "OEM unlock" command, my porn will get wiped during unlock and you won't be able to see it.

2. There is encryption and "hidden files". The latter is for beginners with beginners' problems (parents, spouses,...) and the first is for keeping information safe from more advanced risks. While KeePass and friends should work fine on file level (text-based porn anyone) Android has been offering a decent encryption option for internal and external data partitions. Now the interesting part: If I encrypt my data partition (or porn partition as you suggested), I am asked to enter my screenlock password at boot to unlock the decryption key. The hash of that password must therefore be stored somewhere outside the data/porn partition. Therefore it should accessible to a recovery/adb-based attack. Did anyone already try to copy/delete that hash? I suppose, the porn partition should be inaccessible then for anyone - but what exactly does happen? Bootloop? Another prompt? Free access to the encryption key? I won't try that on my main device (and also not on my wife's phone), but the result would still be interesting.

Off topic: There must be a custom ROM that renames data or storage partitions to "porn"... somebody must have already done it... let's fork android for that - or just add a symlink. [emoji1]

Gesendet von meinem D5803 mit Tapatalk

 

[Helloworld294]

I beg to differ in two aspects:

1. Unless you can trick my Nexus into believing that it's unlocked without actually issuing the "OEM unlock" command, my porn will get wiped during unlock and you won't be able to see it.

2. There is encryption and "hidden files". The latter is for beginners with beginners' problems (parents, spouses,...) and the first is for keeping information safe from more advanced risks. While KeePass and friends should work fine on file level (text-based porn anyone) Android has been offering a decent encryption option for internal and external data partitions. Now the interesting part: If I encrypt my data partition (or porn partition as you suggested), I am asked to enter my screenlock password at boot to unlock the decryption key. The hash of that password must therefore be stored somewhere outside the data/porn partition. Therefore it should accessible to a recovery/adb-based attack. Did anyone already try to copy/delete that hash? I suppose, the porn partition should be inaccessible then for anyone - but what exactly does happen? Bootloop? Another prompt? Free access to the encryption key? I won't try that on my main device (and also not on my wife's phone), but the result would still be interesting.

Off topic: There must be a custom ROM that renames data or storage partitions to "porn"... somebody must have already done it... let's fork android for that - or just add a symlink. [emoji1]

Gesendet von meinem D5803 mit Tapatalk

Ok my friend, relax.

 

[optimusodd]

method 1:

adb shell
cd /data/data/com.android.providers.settings/databases
sqlite3 settings.db
update system set value=0 where name='lock_pattern_autolock';
update system set value=0 where name='lockscreen.lockedoutpermanently';
.quit

-AND/OR-

method 2:

adb shell rm /data/system/gesture.key

and that's a video showing how method 2 is done (thanks to melvinchng) : http://www.youtube.com/watch?v=tVJ7T2oC_Zs&feature=player_embedded

you can try both of them,here is how i managed to remove the lock:
1- run the first method.
2-reboot
3-run the second method
4-reboot

I have got Root access and USB debugging is Enabled but executing the commands given in first method giving me

/system/bin/sh: sqlite3: not found

And by executing the command given in second method,I am getting this :

override rw------- system:system for 'gesture.key'?

Is there any workaround ?
Any help would be highly appreciated.
Thanks

---------- Post added at 02:35 AM ---------- Previous post was at 02:20 AM ----------

adb shell
su
rm /data/system/locksettings.db
rm /data/system/locksettings.db-wal
rm /data/system/locksettings.db-shm
reboot

It's giving me

override rw-rw---- system:system for '/data/system/locksettings.db' ?

Any clue ?

 

[hanaheeno]

I have got Root access and USB debugging is Enabled but executing the commands given in first method giving me

/system/bin/sh: sqlite3: not found

And by executing the command given in second method,I am getting this :

override rw------- system:system for 'gesture.key'?

Is there any workaround ?
Any help would be highly appreciated.
Thanks

---------- Post added at 02:35 AM ---------- Previous post was at 02:20 AM ----------



It's giving me

override rw-rw---- system:system for '/data/system/locksettings.db' ?

Any clue ?

Is your device rooted?

 

[optimusodd]

Is your device rooted?

Of course it's rooted and USB debugging is enabled.I had already mentioned that on the comment above.

Anyway,it might sound silly/funny but I managed to UNLOCK my device by Trial and Error method lol

When all the methods failed I resorted to trial and error method (I couldn't afford to lose my data ) as I slightly remembered the starting and the end points of the pattern.So what I did was,I drawed the different patterns on a piece of paper one by one and tried the same on the my device.I did that to make sure I don't repeat the same pattern again and again.Finally on 25th attempt I managed to crack it
So if somebody slightly remember the pattern and there is no way around to resolve the issue,they can try Trial and Error technique :fingers-crossed:

I would still want to know why those commands didn't work for me.Does Bootloader (Being Locked / Unlocked ) play a part here ?

 

[jason370]

Of course it's rooted and USB debugging is enabled.I had already mentioned that on the comment above.

Anyway,it might sound silly/funny but I managed to UNLOCK my device by Trial and Error method lol

When all the methods failed I resorted to trial and error method (I couldn't afford to lose my data ) as I slightly remembered the starting and the end points of the pattern.So what I did was,I drawed the different patterns on a piece of paper one by one and tried the same on the my device.I did that to make sure I don't repeat the same pattern again and again.Finally on 25th attempt I managed to crack it
So if somebody slightly remember the pattern and there is no way around to resolve the issue,they can try Trial and Error technique :fingers-crossed:

I would still want to know why those commands didn't work for me.Does Bootloader (Being Locked / Unlocked ) play a part here ?

I did a restore and forgot to take teh pattern lock off. I want into twrp and deleted the pattern key, totally worked

 

[optimusodd]

I did a restore and forgot to take teh pattern lock off. I want into twrp and deleted the pattern key, totally worked

Good for you but my device has got stock recovery

 

[holocen]

Method 2 works on ZTE Blade3.

 

[KingRaheel]

Both methods are working on moto g2

 

[Lunduh28]

Help with kyocera phone dot pattern to unlock the phone .
I cannot get past the pattern screen and do not know what to do .PLEASE HELP ME ... THANKS LINDA LEE

 

[Microzift]

If your phone wasn't unlocked and debugging wasn't enabled, then I'm afraid there's no method in my knowledge that can help you.
If your phone's debugging was on, we could've done things.

Hi,
how can i know if my phone debugging is enabled or not?, since its locked because i forgot the pattern.

 

[Anand N v]

good

 

[SomebodySysop]

Android Device Manager Lock Screen

I have sort of an unusual situation. I have a rooted Android 6.0 head unit. The lock options have been removed from settings in rom. Foolishly, I used Google Android Device Manager to attempt to lock the screen.

What happens now is that when the system boots, it goes to Android menu. When wifi connects, it apparently gets signal from ADM, and a locked screen comes up. Problem is, I can't enter a password or anything on this screen. However, by pressing any key on the device, or the displayed back button, I get right back to the Android menu -- and don't have this problem again until I reboot or awake from sleep. The locked screen stays in the status bar.

As I have root access, I have tried many of the solutions here, deleting .key and .db files, sqlite, etc... None seem to get rid of the lock screen because the rom actually isn't configured to support one (or else I would simply be able to enter the password to remove it).

I've tried removing ADM from settings, disabling lock in Google settings, but the lock screen still keeps coming up on boot.

My question is: Does anyone know how to programmatically respond on the local device to Google Android Device Manger's lock screen command? Some file I can edit or remove or something?

 

[SomebodySysop]

I have sort of an unusual situation. I have a rooted Android 6.0 head unit. The lock options have been removed from settings in rom. Foolishly, I used Google Android Device Manager to attempt to lock the screen.

What happens now is that when the system boots, it goes to Android menu. When wifi connects, it apparently gets signal from ADM, and a locked screen comes up. Problem is, I can't enter a password or anything on this screen. However, by pressing any key on the device, or the displayed back button, I get right back to the Android menu -- and don't have this problem again until I reboot or awake from sleep. The locked screen stays in the status bar.

As I have root access, I have tried many of the solutions here, deleting .key and .db files, sqlite, etc... None seem to get rid of the lock screen because the rom actually isn't configured to support one (or else I would simply be able to enter the password to remove it).

I've tried removing ADM from settings, disabling lock in Google settings, but the lock screen still keeps coming up on boot.

My question is: Does anyone know how to programmatically respond on the local device to Google Android Device Manger's lock screen command? Some file I can edit or remove or something?

OK, made some progress. Using dumpsys:

dumpsys window | grep LockscreenActivity

      Window #2: WindowStateAnimator{6e49ea1 com.google.android.gms/com.google.android.gms.mdm.LockscreenActivity}
    {taskId=115 appTokens=[AppWindowToken{69b4c4e token=Token{f9a1202 ActivityRecord{23a974d u0 com.google.android.gms/.mdm.LockscreenActivity t115}}}] mdr=false}
    Activity #0 AppWindowToken{69b4c4e token=Token{f9a1202 ActivityRecord{23a974d u0 com.google.android.gms/.mdm.LockscreenActivity t115}}}:
      windows=[Window{8acedbd u0 com.google.android.gms/com.google.android.gms.mdm.LockscreenActivity}]
      allAppWindows=[Window{8acedbd u0 com.google.android.gms/com.google.android.gms.mdm.LockscreenActivity}]
      task={taskId=115 appTokens=[AppWindowToken{69b4c4e token=Token{f9a1202 ActivityRecord{23a974d u0 com.google.android.gms/.mdm.LockscreenActivity t115}}}] mdr=false}
  AppWindowToken{69b4c4e token=Token{f9a1202 ActivityRecord{23a974d u0 com.google.android.gms/.mdm.LockscreenActivity t115}}}

Can someone please tell me how I can kill this specific task/activity without stopping the service (GooglePlay) itself? None of these work so far:

• am force-stop com.google.android.gms.mdm.LockscreenActivity
• am force-stop com.google.android.gms/com.google.android.gms.mdm.LockscreenActivity
• am kill com.google.android.gms.mdm.LockscreenActivity
• am stopservice com.google.android.gms.mdm.LockscreenActivity
• am kill com.google.android.gms/com.google.android.gms.mdm.LockscreenActivity
• am stopservice com.google.android.gms/com.google.android.gms.mdm.LockscreenActivity

 

[Hassaan Masroor]

there is a much easier way now.

1) get latest TWRP recovery
2)boot into recovery
3) go to "Advanced" -> "File Manager"
4)Browse to data/system
5) there are two database ".db" that contain every type of lock from fingerprint to pattern. the two files are called gatekeeper.db
6) delete them
7)No more lockscreen

Tested on latest Android 6.0.1 on my Nexus 6p device.

Ok so I deleted both the gatekeeper files from TWRP on my LG G5 on Nougat base running Fulmics 3.3 (on Android 7.0) which did the job of removing the knock code. But now I can't enter any new lock screen or finger print. The phone detects already added fingerprints but theres no lock screen as if it were selected 'swipe' lock screen in settings.
Accessing lock screen settings gives FC.
Any ideas how to restore? I tried dirty flashing the ROM but to no use (as I had already explored its zip for gatekeeper files which I couldn't find.) The only current solution I can think of is a kdz flash. But that'll erase my whole internal. Kindly look into it.
Thanks.

 

[Helloworld294]

Ok so I deleted both the gatekeeper files from TWRP on my LG G5 on Nougat base running Fulmics 3.3 (on Android 7.0) which did the job of removing the knock code. But now I can't enter any new lock screen or finger print. The phone detects already added fingerprints but theres no lock screen as if it were selected 'swipe' lock screen in settings.
Accessing lock screen settings gives FC.
Any ideas how to restore? I tried dirty flashing the ROM but to no use (as I had already explored its zip for gatekeeper files which I couldn't find.) The only current solution I can think of is a kdz flash. But that'll erase my whole internal. Kindly look into it.
Thanks.

Yes, the thing is deleting gatekeeper file on older android versions would have regenerated a new fresh gatekeeper file on boot. But newer android (6.0+) does not allow for that to protect the phone. That said, instead of deleting the file, it's recommended to just change extension to .bak or change file permissions.


To fix YOUR issue, all you need to do is dirty flash your ROM (Fulmics).

Sent from my Samsung Galaxy S7 Edge using XDA Labs

 

[Hassaan Masroor]

Yes, the thing is deleting gatekeeper file on older android versions would have regenerated a new fresh gatekeeper file on boot. But newer android (6.0+) does not allow for that to protect the phone. That said, instead of deleting the file, it's recommended to just change extension to .bak or change file permissions.


To fix YOUR issue, all you need to do is dirty flash your ROM (Fulmics).

Sent from my Samsung Galaxy S7 Edge using XDA Labs

I dirty flashed, as well as clean flashed Fulmics but the issue is still there.
The only solution seemz to be flashing the kdz. I've been trying that all night long. LGUP is giving me some error that it couldn't load my phone model in my laptop's C drive.
LG Flash Tool 2014 can't establish connection to the server even though the internet is working perfectly fine.
The odds are totally against me today.