[How to][GUIDE] Bypass and Disable Password on lockscreen

Search This thread

blackoakx22

Senior Member
Sep 10, 2010
225
15
Hello, as the title states I have found a way to bypass the password with the pin, pattern, and password option on the lockscreen without doing a factory data reset. I have not tried face unlock, I will try it soon. I would first like to thank Kosborn for his p2p-adb which bothe helped and gave me the idea. His p2p-adb can be located here.​

I will also be adding this feature to Kosborn's p2p-adb soon as well.

Now to get down to it.

What you will need:
  • Phone with eithier 'USB Debugging" enabled or a Custom Recovery
  • ADB
  • A file editor (I use Notepad++)
  • Basic adb skills

*If you already have "USB Debugging enabled please skip to Step 5*

Step 1)
  • If the phone does not have USB Debugging enabled you need to flash a custom recovery to the phone. I will not post a step to step guide to on how to flash a custom recovery, just google it.
Step 2)

  • When you have the custom recovery flashed to the phone boot into recovery mode and mount /system. In CWM it can be found under "Mounts and Storage"

Step 3)
  • When /system is mounted pull build.prop and open it with the file editor I mentioned above.

    Code:
    adb pull /system/build.prop
  • You will have to add one line into the build.prop file for adb to be enabled when you reboot the phone
  • Add the line below to the build.prop file.

    Code:
    persist.service.adb.enable=1
  • Save build.prop file.
  • Now we have to push the file back to the phone so

    Code:
    adb push build.prop /system/build.prop
    adb shell chmod 0644 /system/build.prop

Step 4)
  • Reboot phone
  • Run command below and you should see you device attached, If not make sure you have the correct drivers installed.
    Code:
    adb devices

Step 5)

  • Using adb type the following commands
Code:
adb shell mv /data/system/gesture.key /data/system/gesture.key.bak
adb shell mv /data/system/password.key /data/system/password.key.bak


Step 6)
  • Reboot phone

You should now be able to unlock your phone without having any password. And more importantly with having all of your data on the phone still.

If you found this helpful please hit the thanks button.
 

jcpowell

Senior Member
Jul 23, 2012
610
179
Google Pixel 6 Pro
So this will work on any device correct?

---------- Post added at 10:55 PM ---------- Previous post was at 10:55 PM ----------

With either pin lock or pattern?
 

eduds

Senior Member
Mar 8, 2013
1,170
1,631
When I had to use I typed "adb shell rm /data/system/gesture.key", not "adb shell mv /data/system/gesture.key" and that worked well.
 

blackoakx22

Senior Member
Sep 10, 2010
225
15
When I had to use I typed "adb shell rm /data/system/gesture.key", not "adb shell mv /data/system/gesture.key" and that worked well.

That will work as well the reason why I used adb shell mv /data/system/gesture.key is to keep the file there when i was testing just incase but it could be removed as well.
 

jkok

Senior Member
Jan 26, 2013
262
169
not trying to be too much of a smart-butt, but heres the full version to do it, what u did is the basic commands, but leaves an empty pin/pattern for ANY input will be correct, heres each command (new line=new command):

adb shell
cd /data/data/com.android.providers.settings/databases
sqlite3 settings.db
update system set value=0 where name='lock_pattern_autolock';
update secure set value=0 where name='lock_pattern_autolock';
update system set value=0 where name='lockscreen.lockedoutpermanently';
update secure set value=0 where name='lockscreen.lockedoutpermanently';
.quit
busybox rm /data/system/gesture.key
busybox rm /data/system/cm-gesture.key
busybox rm /data/system/password.key
busybox rm /data/system/cm-password.key
busybox rm /data/system/locksettings.db
busybox rm /data/system/locksettings.db-wal
busybox rm /data/system/locksettings.db-shm
reboot

some kernels+file-systems(or user actions) convert databases to "wal", or "shm" so they will have different names, as for some newer CM-based rom builds, the pattern, gesture unlock (if implemented), and sometimes pin get put into a different file "cm-***.key" but pin+password goes into "cm-password.key";
u need to only do first two commands(adb shell, and the cd), then skip to after the .quit if u ARE NOT locked out, if u are u need to do ALL these commands, and if it says "file/directory not found" or simmalier errors when doing the "gesture.key","cm-gesture.key","cm-password.key", the "locksettings.db-wal" +"locksettings.db-wal"; just ignore those errors as u dont have the configurations stored in there like some other custom roms do =)

i found and compiled this list from my app i made, if u heard about it "SMS Tasks", and this is acually the exact code (in adb shell form, not in java command line with added characters, voids, etc...) to unlock the phone remotely =), idk why people tell me not to share this code, as its good for users to have so they dont lose their data incase of forgotten passwords on devices stored in their dressers/storages for ages and got out for whatever reason (maybee a new rom-tree was born for it and u want to see it in action, idk =S) but use this if u want, if not u can ignore this post, just wanted to share this with u incase u want to add some to the OP as the commands u do some roms might not fully unlock (it will erase pass/pin, but some roms keep the config that its still set, but any pass (even one characters+a single_space, or one-three dot patterns), so if anyone got those errors, or want more understanding on what files are used, this is my most resent list of things to delete by what i see used on rom developer's github's anyways =S

but hope this helps any of u in any ways =)
 
  • Like
Reactions: aIecxs

TheFixItMan

Senior Member
Jul 8, 2012
7,851
4,040
London
much simpler way

download aroma file manager from
http://forum.xda-developers.com/showthread.php?t=1646108


flash aroma file manager in cwm with system mounted
browse to data/system
delete gestures.key
delete password.key
restart

of course you will need aroma file manager on the root of your sd card so download it and put it there now for safe keeping
you can always put it there via a card reader or pop your sd card into another phone if your phone is already locked
 
  • Like
Reactions: StaticBlaze

aIecxs

Senior Member
Feb 17, 2016
1,841
522
gitlab.com
There is a way to do this without USB Debugging enabled nor Custom Recovery installed, as long as stock Android system recovery <3e> "backup user data" option is working:
- create a backup
- modify the backup file
- root the phone
- restore backup

root is not required for backup, but for restore. i prefer restore from custom recovery. but i have done this without flashing, too.
please see this link
Android system recovery <3e> alternative restoring program
 
Last edited:

Youdoofus

Forum Moderator
Staff member
Feb 21, 2011
3,507
1,021
Sioux Falls, SD
Samsung Galaxy S9
i know this is an old thread, but im trying to bypass the screen where it says that youve tried your pattern too many times on a zte z932l (also known as the rapido) for a friends sister. She really just wants the pictures that are stored on the internal memory is all because they are of her kids. Any ideas on how to get this done? I would up on this thread because i was hoping that usb debugging had been enabled, but it hasnt
 

aIecxs

Senior Member
Feb 17, 2016
1,841
522
gitlab.com
no "backup user data" option in Android system recovery <3e> i guess? if you can't create a backup then my friend, this is the hardest case for unlocking... if playstore is working and wifi enabled, you can unlock using Android Device Manager first. if this not help, check if fastboot is working. you can boot custom recovery with "fastboot boot recovery.img" if no fastboot mode available, find any way to make a backup of usrdata partition (maybe in download mode?) once you have a backup, its easy to modify and restore (as long as FRP lock is disabled)
 
Last edited:

aIecxs

Senior Member
Feb 17, 2016
1,841
522
gitlab.com
with usb debugging enabler you can modify a rom and flash it via odin (without losing data???), and with Android Multi Tools you can unlock the screen. if this is possible for samsung devices, then there should be a way for other phones, too. another way is to enable adb via sideload, if someone will create such app.
and of course, if fastboot mode is available, the easiest way is booting a custom recovery without flashing it. then just delete /data/system/locksettings.db* files from adb or with aroma file manager (try calung version 1.80)
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 9
    Hello, as the title states I have found a way to bypass the password with the pin, pattern, and password option on the lockscreen without doing a factory data reset. I have not tried face unlock, I will try it soon. I would first like to thank Kosborn for his p2p-adb which bothe helped and gave me the idea. His p2p-adb can be located here.​

    I will also be adding this feature to Kosborn's p2p-adb soon as well.

    Now to get down to it.

    What you will need:
    • Phone with eithier 'USB Debugging" enabled or a Custom Recovery
    • ADB
    • A file editor (I use Notepad++)
    • Basic adb skills

    *If you already have "USB Debugging enabled please skip to Step 5*

    Step 1)
    • If the phone does not have USB Debugging enabled you need to flash a custom recovery to the phone. I will not post a step to step guide to on how to flash a custom recovery, just google it.
    Step 2)

    • When you have the custom recovery flashed to the phone boot into recovery mode and mount /system. In CWM it can be found under "Mounts and Storage"

    Step 3)
    • When /system is mounted pull build.prop and open it with the file editor I mentioned above.

      Code:
      adb pull /system/build.prop
    • You will have to add one line into the build.prop file for adb to be enabled when you reboot the phone
    • Add the line below to the build.prop file.

      Code:
      persist.service.adb.enable=1
    • Save build.prop file.
    • Now we have to push the file back to the phone so

      Code:
      adb push build.prop /system/build.prop
      adb shell chmod 0644 /system/build.prop

    Step 4)
    • Reboot phone
    • Run command below and you should see you device attached, If not make sure you have the correct drivers installed.
      Code:
      adb devices

    Step 5)

    • Using adb type the following commands
    Code:
    adb shell mv /data/system/gesture.key /data/system/gesture.key.bak
    adb shell mv /data/system/password.key /data/system/password.key.bak


    Step 6)
    • Reboot phone

    You should now be able to unlock your phone without having any password. And more importantly with having all of your data on the phone still.

    If you found this helpful please hit the thanks button.
    1
    So this will work on any device correct?

    ---------- Post added at 10:55 PM ---------- Previous post was at 10:55 PM ----------

    With either pin lock or pattern?



    In theory yes. I can't be for sure. It won't hurt it
    1
    not trying to be too much of a smart-butt, but heres the full version to do it, what u did is the basic commands, but leaves an empty pin/pattern for ANY input will be correct, heres each command (new line=new command):

    adb shell
    cd /data/data/com.android.providers.settings/databases
    sqlite3 settings.db
    update system set value=0 where name='lock_pattern_autolock';
    update secure set value=0 where name='lock_pattern_autolock';
    update system set value=0 where name='lockscreen.lockedoutpermanently';
    update secure set value=0 where name='lockscreen.lockedoutpermanently';
    .quit
    busybox rm /data/system/gesture.key
    busybox rm /data/system/cm-gesture.key
    busybox rm /data/system/password.key
    busybox rm /data/system/cm-password.key
    busybox rm /data/system/locksettings.db
    busybox rm /data/system/locksettings.db-wal
    busybox rm /data/system/locksettings.db-shm
    reboot

    some kernels+file-systems(or user actions) convert databases to "wal", or "shm" so they will have different names, as for some newer CM-based rom builds, the pattern, gesture unlock (if implemented), and sometimes pin get put into a different file "cm-***.key" but pin+password goes into "cm-password.key";
    u need to only do first two commands(adb shell, and the cd), then skip to after the .quit if u ARE NOT locked out, if u are u need to do ALL these commands, and if it says "file/directory not found" or simmalier errors when doing the "gesture.key","cm-gesture.key","cm-password.key", the "locksettings.db-wal" +"locksettings.db-wal"; just ignore those errors as u dont have the configurations stored in there like some other custom roms do =)

    i found and compiled this list from my app i made, if u heard about it "SMS Tasks", and this is acually the exact code (in adb shell form, not in java command line with added characters, voids, etc...) to unlock the phone remotely =), idk why people tell me not to share this code, as its good for users to have so they dont lose their data incase of forgotten passwords on devices stored in their dressers/storages for ages and got out for whatever reason (maybee a new rom-tree was born for it and u want to see it in action, idk =S) but use this if u want, if not u can ignore this post, just wanted to share this with u incase u want to add some to the OP as the commands u do some roms might not fully unlock (it will erase pass/pin, but some roms keep the config that its still set, but any pass (even one characters+a single_space, or one-three dot patterns), so if anyone got those errors, or want more understanding on what files are used, this is my most resent list of things to delete by what i see used on rom developer's github's anyways =S

    but hope this helps any of u in any ways =)
    1
    much simpler way

    download aroma file manager from
    http://forum.xda-developers.com/showthread.php?t=1646108


    flash aroma file manager in cwm with system mounted
    browse to data/system
    delete gestures.key
    delete password.key
    restart

    of course you will need aroma file manager on the root of your sd card so download it and put it there now for safe keeping
    you can always put it there via a card reader or pop your sd card into another phone if your phone is already locked