Automated Phone Cracker/App Tester Steps it Up a Notch

delta bot cracks your passwords

Delta robots like this automated phone tester are awesome: high speed, accuracy, and mesmerizing to watch. [Justin Engler], a security researcher from ISEC Partners (also speaks at DEFCON on occasion) needed a robot to help with repetitive testing. He contacted the folks over at Marginally Clever to see if they could help him out, and they came up with this slick delta robot.

Normally they build these robots out of plywood, but [Justin] requested a bit more of a modern look, and although it looks blue, it’s actually clear acrylic: they haven’t removed the protective film yet.  The robot is quite functional, but [Justin] plans on upgrading it in the future to increase the top speed. It currently has a built-in camera, using OpenCV to watch the log-in screen as it tries every combination as quickly as possible.

Stick around to see it in action!

[Justin] and his robot will be at SXSW on Saturday, March 8 if you want to see it in person. Plus maybe you’ll see us there!

20 thoughts on “Automated Phone Cracker/App Tester Steps it Up a Notch

    1. I can be easier and potentially faster, but this system certainly allows for a bit more flexibility for different sizes and models of phones, different software configurations, and so on.

    1. Looks like he is using a ‘protect my files’ iOS app to test it, which has no lock out feature when too many wrong passwords are entered.

    2. Only works on older android phones. anything modern (Android 4.4) has systems in place to slow down brute force dramatically.

        1. Thinking about it a bit more, using only a fault delay maybe worthless 57 days for a 6 digit pin or 14 hours for a 4 digit pin – assuming pin is entered instantly and the only delay is the fail delay..

          1. Maybe have it try to securely “phone home” after a few wrong tries (to either allow it to continue after a long delay or to automatically erase everything) and simply stay locked if communication is blocked.

        2. If I remember correctly he kills to power to the phone and reboots it when the lockout timer kicks in. And no, they don’t remember it between restarts :)

  1. If you could make this machine silent and keep the phone powered then time then even a delay isn’t that big of a deal. It may take 60 days but as Ron Popeil says, “just set it and forget it”. It’s not like you can do much with the phone while it’s locked anyways.

  2. Maybe they need to make a phone like a reverse geocache. After say ten wrong attempts it will only unlock at the users home address. If the phone wasn’t stollen but simply locked by mistake from say water dammage pressing “buttons”. (or small children) Then there’s no real problem.

    1. This method isn’t meant for a home owner. If I have some info on my phone that they want that badly, I assume they will have my home address and could walk up to my door or even just the sidewalk for GPS to think I was at home.

    2. Problems occur when your friends want to have some fun and try too many wrong passwords after a night out….in Vegas or some other destination where going home to unlock your phone would not be possible. Also people with children.

  3. If it’s the “Woman’s” phone from Sherlock, it will just explode after 3 wrong attempts…bye-bye delta-bot!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s