[How to][GUIDE] Bypass and Disable Password on lockscreen

Search This thread

blackoakx22

Senior Member
Sep 10, 2010
225
15
Hello, as the title states I have found a way to bypass the password with the pin, pattern, and password option on the lockscreen without doing a factory data reset. I have not tried face unlock, I will try it soon. I would first like to thank Kosborn for his p2p-adb which bothe helped and gave me the idea. His p2p-adb can be located here.​

I will also be adding this feature to Kosborn's p2p-adb soon as well.

Now to get down to it.

What you will need:
  • Phone with eithier 'USB Debugging" enabled or a Custom Recovery
  • ADB
  • A file editor (I use Notepad++)
  • Basic adb skills

*If you already have "USB Debugging enabled please skip to Step 5*

Step 1)
  • If the phone does not have USB Debugging enabled you need to flash a custom recovery to the phone. I will not post a step to step guide to on how to flash a custom recovery, just google it.
Step 2)

  • When you have the custom recovery flashed to the phone boot into recovery mode and mount /system. In CWM it can be found under "Mounts and Storage"

Step 3)
  • When /system is mounted pull build.prop and open it with the file editor I mentioned above.

    Code:
    adb pull /system/build.prop
  • You will have to add one line into the build.prop file for adb to be enabled when you reboot the phone
  • Add the line below to the build.prop file.

    Code:
    persist.service.adb.enable=1
  • Save build.prop file.
  • Now we have to push the file back to the phone so

    Code:
    adb push build.prop /system/build.prop
    adb shell chmod 0644 /system/build.prop

Step 4)
  • Reboot phone
  • Run command below and you should see you device attached, If not make sure you have the correct drivers installed.
    Code:
    adb devices

Step 5)

  • Using adb type the following commands
Code:
adb shell mv /data/system/gesture.key /data/system/gesture.key.bak
adb shell mv /data/system/password.key /data/system/password.key.bak


Step 6)
  • Reboot phone

You should now be able to unlock your phone without having any password. And more importantly with having all of your data on the phone still.

If you found this helpful please hit the thanks button.
 

jcpowell

Senior Member
Jul 23, 2012
610
179
So this will work on any device correct?

---------- Post added at 10:55 PM ---------- Previous post was at 10:55 PM ----------

With either pin lock or pattern?
 

eduds

Senior Member
Mar 8, 2013
1,176
1,645
When I had to use I typed "adb shell rm /data/system/gesture.key", not "adb shell mv /data/system/gesture.key" and that worked well.
 

blackoakx22

Senior Member
Sep 10, 2010
225
15
When I had to use I typed "adb shell rm /data/system/gesture.key", not "adb shell mv /data/system/gesture.key" and that worked well.

That will work as well the reason why I used adb shell mv /data/system/gesture.key is to keep the file there when i was testing just incase but it could be removed as well.
 

jkok

Senior Member
Jan 26, 2013
262
169
not trying to be too much of a smart-butt, but heres the full version to do it, what u did is the basic commands, but leaves an empty pin/pattern for ANY input will be correct, heres each command (new line=new command):

adb shell
cd /data/data/com.android.providers.settings/databases
sqlite3 settings.db
update system set value=0 where name='lock_pattern_autolock';
update secure set value=0 where name='lock_pattern_autolock';
update system set value=0 where name='lockscreen.lockedoutpermanently';
update secure set value=0 where name='lockscreen.lockedoutpermanently';
.quit
busybox rm /data/system/gesture.key
busybox rm /data/system/cm-gesture.key
busybox rm /data/system/password.key
busybox rm /data/system/cm-password.key
busybox rm /data/system/locksettings.db
busybox rm /data/system/locksettings.db-wal
busybox rm /data/system/locksettings.db-shm
reboot

some kernels+file-systems(or user actions) convert databases to "wal", or "shm" so they will have different names, as for some newer CM-based rom builds, the pattern, gesture unlock (if implemented), and sometimes pin get put into a different file "cm-***.key" but pin+password goes into "cm-password.key";
u need to only do first two commands(adb shell, and the cd), then skip to after the .quit if u ARE NOT locked out, if u are u need to do ALL these commands, and if it says "file/directory not found" or simmalier errors when doing the "gesture.key","cm-gesture.key","cm-password.key", the "locksettings.db-wal" +"locksettings.db-wal"; just ignore those errors as u dont have the configurations stored in there like some other custom roms do =)

i found and compiled this list from my app i made, if u heard about it "SMS Tasks", and this is acually the exact code (in adb shell form, not in java command line with added characters, voids, etc...) to unlock the phone remotely =), idk why people tell me not to share this code, as its good for users to have so they dont lose their data incase of forgotten passwords on devices stored in their dressers/storages for ages and got out for whatever reason (maybee a new rom-tree was born for it and u want to see it in action, idk =S) but use this if u want, if not u can ignore this post, just wanted to share this with u incase u want to add some to the OP as the commands u do some roms might not fully unlock (it will erase pass/pin, but some roms keep the config that its still set, but any pass (even one characters+a single_space, or one-three dot patterns), so if anyone got those errors, or want more understanding on what files are used, this is my most resent list of things to delete by what i see used on rom developer's github's anyways =S

but hope this helps any of u in any ways =)
 
  • Like
Reactions: aIecxs

TheFixItMan

Senior Member
  • Jul 8, 2012
    7,759
    3,966
    London
    much simpler way

    download aroma file manager from
    http://forum.xda-developers.com/showthread.php?t=1646108


    flash aroma file manager in cwm with system mounted
    browse to data/system
    delete gestures.key
    delete password.key
    restart

    of course you will need aroma file manager on the root of your sd card so download it and put it there now for safe keeping
    you can always put it there via a card reader or pop your sd card into another phone if your phone is already locked
     
    • Like
    Reactions: StaticBlaze

    aIecxs

    Senior Member
  • Feb 17, 2016
    1,064
    329
    There is a way to do this without USB Debugging enabled nor Custom Recovery installed, as long as stock Android system recovery <3e> "backup user data" option is working:
    - create a backup
    - modify the backup file
    - root the phone
    - restore backup

    root is not required for backup, but for restore. i prefer restore from custom recovery. but i have done this without flashing, too.
    please see this link
    Android system recovery <3e> alternative restoring program
     
    Last edited:

    Youdoofus

    Forum Moderator
    Staff member
    Feb 21, 2011
    3,514
    1,010
    Sioux Falls, SD
    Samsung Galaxy S9
    i know this is an old thread, but im trying to bypass the screen where it says that youve tried your pattern too many times on a zte z932l (also known as the rapido) for a friends sister. She really just wants the pictures that are stored on the internal memory is all because they are of her kids. Any ideas on how to get this done? I would up on this thread because i was hoping that usb debugging had been enabled, but it hasnt
     

    aIecxs

    Senior Member
  • Feb 17, 2016
    1,064
    329
    no "backup user data" option in Android system recovery <3e> i guess? if you can't create a backup then my friend, this is the hardest case for unlocking... if playstore is working and wifi enabled, you can unlock using Android Device Manager first. if this not help, check if fastboot is working. you can boot custom recovery with "fastboot boot recovery.img" if no fastboot mode available, find any way to make a backup of usrdata partition (maybe in download mode?) once you have a backup, its easy to modify and restore (as long as FRP lock is disabled)
     
    Last edited:

    aIecxs

    Senior Member
  • Feb 17, 2016
    1,064
    329
    with usb debugging enabler you can modify a rom and flash it via odin (without losing data???), and with Android Multi Tools you can unlock the screen. if this is possible for samsung devices, then there should be a way for other phones, too. another way is to enable adb via sideload, if someone will create such app.
    and of course, if fastboot mode is available, the easiest way is booting a custom recovery without flashing it. then just delete /data/system/locksettings.db* files from adb or with aroma file manager (try calung version 1.80)
     
    Last edited:

    Top Liked Posts

    • There are no posts matching your filters.
    • 9
      Hello, as the title states I have found a way to bypass the password with the pin, pattern, and password option on the lockscreen without doing a factory data reset. I have not tried face unlock, I will try it soon. I would first like to thank Kosborn for his p2p-adb which bothe helped and gave me the idea. His p2p-adb can be located here.​

      I will also be adding this feature to Kosborn's p2p-adb soon as well.

      Now to get down to it.

      What you will need:
      • Phone with eithier 'USB Debugging" enabled or a Custom Recovery
      • ADB
      • A file editor (I use Notepad++)
      • Basic adb skills

      *If you already have "USB Debugging enabled please skip to Step 5*

      Step 1)
      • If the phone does not have USB Debugging enabled you need to flash a custom recovery to the phone. I will not post a step to step guide to on how to flash a custom recovery, just google it.
      Step 2)

      • When you have the custom recovery flashed to the phone boot into recovery mode and mount /system. In CWM it can be found under "Mounts and Storage"

      Step 3)
      • When /system is mounted pull build.prop and open it with the file editor I mentioned above.

        Code:
        adb pull /system/build.prop
      • You will have to add one line into the build.prop file for adb to be enabled when you reboot the phone
      • Add the line below to the build.prop file.

        Code:
        persist.service.adb.enable=1
      • Save build.prop file.
      • Now we have to push the file back to the phone so

        Code:
        adb push build.prop /system/build.prop
        adb shell chmod 0644 /system/build.prop

      Step 4)
      • Reboot phone
      • Run command below and you should see you device attached, If not make sure you have the correct drivers installed.
        Code:
        adb devices

      Step 5)

      • Using adb type the following commands
      Code:
      adb shell mv /data/system/gesture.key /data/system/gesture.key.bak
      adb shell mv /data/system/password.key /data/system/password.key.bak


      Step 6)
      • Reboot phone

      You should now be able to unlock your phone without having any password. And more importantly with having all of your data on the phone still.

      If you found this helpful please hit the thanks button.
      1
      So this will work on any device correct?

      ---------- Post added at 10:55 PM ---------- Previous post was at 10:55 PM ----------

      With either pin lock or pattern?



      In theory yes. I can't be for sure. It won't hurt it
      1
      not trying to be too much of a smart-butt, but heres the full version to do it, what u did is the basic commands, but leaves an empty pin/pattern for ANY input will be correct, heres each command (new line=new command):

      adb shell
      cd /data/data/com.android.providers.settings/databases
      sqlite3 settings.db
      update system set value=0 where name='lock_pattern_autolock';
      update secure set value=0 where name='lock_pattern_autolock';
      update system set value=0 where name='lockscreen.lockedoutpermanently';
      update secure set value=0 where name='lockscreen.lockedoutpermanently';
      .quit
      busybox rm /data/system/gesture.key
      busybox rm /data/system/cm-gesture.key
      busybox rm /data/system/password.key
      busybox rm /data/system/cm-password.key
      busybox rm /data/system/locksettings.db
      busybox rm /data/system/locksettings.db-wal
      busybox rm /data/system/locksettings.db-shm
      reboot

      some kernels+file-systems(or user actions) convert databases to "wal", or "shm" so they will have different names, as for some newer CM-based rom builds, the pattern, gesture unlock (if implemented), and sometimes pin get put into a different file "cm-***.key" but pin+password goes into "cm-password.key";
      u need to only do first two commands(adb shell, and the cd), then skip to after the .quit if u ARE NOT locked out, if u are u need to do ALL these commands, and if it says "file/directory not found" or simmalier errors when doing the "gesture.key","cm-gesture.key","cm-password.key", the "locksettings.db-wal" +"locksettings.db-wal"; just ignore those errors as u dont have the configurations stored in there like some other custom roms do =)

      i found and compiled this list from my app i made, if u heard about it "SMS Tasks", and this is acually the exact code (in adb shell form, not in java command line with added characters, voids, etc...) to unlock the phone remotely =), idk why people tell me not to share this code, as its good for users to have so they dont lose their data incase of forgotten passwords on devices stored in their dressers/storages for ages and got out for whatever reason (maybee a new rom-tree was born for it and u want to see it in action, idk =S) but use this if u want, if not u can ignore this post, just wanted to share this with u incase u want to add some to the OP as the commands u do some roms might not fully unlock (it will erase pass/pin, but some roms keep the config that its still set, but any pass (even one characters+a single_space, or one-three dot patterns), so if anyone got those errors, or want more understanding on what files are used, this is my most resent list of things to delete by what i see used on rom developer's github's anyways =S

      but hope this helps any of u in any ways =)
      1
      much simpler way

      download aroma file manager from
      http://forum.xda-developers.com/showthread.php?t=1646108


      flash aroma file manager in cwm with system mounted
      browse to data/system
      delete gestures.key
      delete password.key
      restart

      of course you will need aroma file manager on the root of your sd card so download it and put it there now for safe keeping
      you can always put it there via a card reader or pop your sd card into another phone if your phone is already locked
    Our Apps
    Get our official app!
    The best way to access XDA on your phone
    Nav Gestures
    Add swipe gestures to any Android
    One Handed Mode
    Eases uses one hand with your phone