Automated Phone Cracker/App Tester Steps it Up a Notch

delta bot cracks your passwords

Delta robots like this automated phone tester are awesome: high speed, accuracy, and mesmerizing to watch. [Justin Engler], a security researcher from ISEC Partners (also speaks at DEFCON on occasion) needed a robot to help with repetitive testing. He contacted the folks over at Marginally Clever to see if they could help him out, and they came up with this slick delta robot.

Normally they build these robots out of plywood, but [Justin] requested a bit more of a modern look, and although it looks blue, it’s actually clear acrylic: they haven’t removed the protective film yet.  The robot is quite functional, but [Justin] plans on upgrading it in the future to increase the top speed. It currently has a built-in camera, using OpenCV to watch the log-in screen as it tries every combination as quickly as possible.

Stick around to see it in action!

[Justin] and his robot will be at SXSW on Saturday, March 8 if you want to see it in person. Plus maybe you’ll see us there!


  1. RP says:

    I would think using this technique would be much easier…

  2. Marko says:

    How does this work? AFAIK iPhone gets locked after few tries.

    • ge0metric says:

      Looks like he is using a ‘protect my files’ iOS app to test it, which has no lock out feature when too many wrong passwords are entered.

    • fartface says:

      Only works on older android phones. anything modern (Android 4.4) has systems in place to slow down brute force dramatically.

      • Truth says:

        Exactly what I was thinking 5 second delay after a wrong pin would make this kind of attack worthless.

        • Truth says:

          Thinking about it a bit more, using only a fault delay maybe worthless 57 days for a 6 digit pin or 14 hours for a 4 digit pin – assuming pin is entered instantly and the only delay is the fail delay..

          • Truth says:

            Maybe add a 24 hour delay after 10 wrong pins :)

          • Mike Lu says:

            Maybe have it try to securely “phone home” after a few wrong tries (to either allow it to continue after a long delay or to automatically erase everything) and simply stay locked if communication is blocked.

        • sf says:

          If I remember correctly he kills to power to the phone and reboots it when the lockout timer kicks in. And no, they don’t remember it between restarts :)

  3. If you could make this machine silent and keep the phone powered then time then even a delay isn’t that big of a deal. It may take 60 days but as Ron Popeil says, “just set it and forget it”. It’s not like you can do much with the phone while it’s locked anyways.

  4. StinkySteve says:

    Is this the same guys that made that other one on hackaday before? cant find the HAD link but it was

  5. CRJEEA says:

    Maybe they need to make a phone like a reverse geocache. After say ten wrong attempts it will only unlock at the users home address. If the phone wasn’t stollen but simply locked by mistake from say water dammage pressing “buttons”. (or small children) Then there’s no real problem.

    • bwmetz says:

      This method isn’t meant for a home owner. If I have some info on my phone that they want that badly, I assume they will have my home address and could walk up to my door or even just the sidewalk for GPS to think I was at home.

    • Paul says:

      Problems occur when your friends want to have some fun and try too many wrong passwords after a night out….in Vegas or some other destination where going home to unlock your phone would not be possible. Also people with children.

  6. bwmetz says:

    Nevermind me. I misunderstood you at first.

  7. Jon S. says:

    If it’s the “Woman’s” phone from Sherlock, it will just explode after 3 wrong attempts…bye-bye delta-bot!

  8. dan says:

    Here it is with the blue peeled off:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

Join 96,322 other followers