Automated Phone Cracker/App Tester Steps It Up A Notch

delta bot cracks your passwords

Delta robots like this automated phone tester are awesome: high speed, accuracy, and mesmerizing to watch. [Justin Engler], a security researcher from ISEC Partners (also speaks at DEFCON on occasion) needed a robot to help with repetitive testing. He contacted the folks over at Marginally Clever to see if they could help him out, and they came up with this slick delta robot.

Normally they build these robots out of plywood, but [Justin] requested a bit more of a modern look, and although it looks blue, it’s actually clear acrylic: they haven’t removed the protective film yet.  The robot is quite functional, but [Justin] plans on upgrading it in the future to increase the top speed. It currently has a built-in camera, using OpenCV to watch the log-in screen as it tries every combination as quickly as possible.

Stick around to see it in action!

[Justin] and his robot will be at SXSW on Saturday, March 8 if you want to see it in person. Plus maybe you’ll see us there!

20 thoughts on “Automated Phone Cracker/App Tester Steps It Up A Notch

    1. I can be easier and potentially faster, but this system certainly allows for a bit more flexibility for different sizes and models of phones, different software configurations, and so on.

        1. Thinking about it a bit more, using only a fault delay maybe worthless 57 days for a 6 digit pin or 14 hours for a 4 digit pin – assuming pin is entered instantly and the only delay is the fail delay..

          1. Maybe have it try to securely “phone home” after a few wrong tries (to either allow it to continue after a long delay or to automatically erase everything) and simply stay locked if communication is blocked.

  1. If you could make this machine silent and keep the phone powered then time then even a delay isn’t that big of a deal. It may take 60 days but as Ron Popeil says, “just set it and forget it”. It’s not like you can do much with the phone while it’s locked anyways.

  2. Maybe they need to make a phone like a reverse geocache. After say ten wrong attempts it will only unlock at the users home address. If the phone wasn’t stollen but simply locked by mistake from say water dammage pressing “buttons”. (or small children) Then there’s no real problem.

    1. This method isn’t meant for a home owner. If I have some info on my phone that they want that badly, I assume they will have my home address and could walk up to my door or even just the sidewalk for GPS to think I was at home.

    2. Problems occur when your friends want to have some fun and try too many wrong passwords after a night out….in Vegas or some other destination where going home to unlock your phone would not be possible. Also people with children.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.