Many of us use a 4 digit pin code to lock our phones. [David Randolph] over at Hak5 has come up a simple way to use a 3D printer to brute force these passwords. Just about every 3D printer out there speaks the same language, G-code. The same language used in CAD and CNC machines for decades.
[David] placed a numeric keypad on the bed of his printer. He then mapped out the height and positions of each key. Once he knew the absolute positions of the keys, it was easy to tell the printer to move to a key, then press and release. He even created a G-code file which would press every one of the 10,000 4 key pin combinations.
A file this large was a bit unwieldy though, so [David] also created a python script which will do the same thing — outputting the G-code and coordinates to brute force any 4 pin keypad. While a printer is quite a bit slower than Hak5’s own USB Rubber Ducky device (which acts as an automated keyboard), it will successfully brute force a password. Although most phones these days do limit the number of password attempts a user gets.
[David] admits this is probably useless in a clandestine/hacking application, but the video is still a great introduction to G-code and using 3D printers for non-printing functions.
Interested in pushing 3D printers to print more than just plastic? You can always print chocolate.
Semi related.
https://learn.sparkfun.com/tutorials/building-a-safe-cracking-robot
These are quite common they are called autodialers.
At first I thought he was going to use the nozzle of the printer to actually tap on the screen, and I thought that was a rather bold move.
Punching keys on a pad is a much safer approach.
If you REALY trusted your 3D printer and the quality of you G code why not!
Attach spring loaded stylus and all would be good.
I wonder if anyone has used their 3D printer as a pick n place machine.
Substitute the extruder with a vacuum nozzle. Pick up component from tray and place at location on pcb.
http://www.openpnp.org
Thanks for that :-)
4 digit PIN? If you can remember 4 digits, you can just as easily remember a few more. While not entirely secure, I’ve used my high school locker combination for years. I doubt you could find a list of locker assignments from nearly 20 years ago but who knows?
In many other countries, 6 digits PINs are becoming the norm for credit & debit cards. Good luck getting a 3D printer to run through a million combinations.
A million combinations sounds very reasonable for an automated machine. Fire and forget, and wait for a result.
something similar was featured before here, but with a CNC and a Garmin GPS
http://hackaday.com/2013/01/05/brute-forcing-a-gps-pin/
Funny, I did something similar to unlock a Garmin GPS we found in an E-waste bin. I used a nerf dart as a finger:
http://dumbpic.link/manu/2013-09_GPS_hack.jpg
Awesome. Love the nerf dart. And it’s cooled in case it starts going too fast!!
Wait, what? If you can just attach a keyboard to the phone, why not just eliminate the mechanical component and build a Teensy HID program?
That’s where the USB rubber ducky would come in (essentially the same result as using a Teensy). This isn’t the best (or even the most practical) way to brute force a password – but it does work, and it’s interesting – good enough for a feature here.
Waste of resources. Spring for a T85 with V-USB. Why do with 3 movable axes what can be done with 8 static pins?
This is one of the cases an Arduino or any microcontroller of your choice with USB capabilities could’ve done the job easily. Using the 3d printer is .. i guess good if you want to showcase gcode :P
You do know that G-code includes loops and subroutines? I think it even has some math capability. So the Python code generator is quite redundant.
I don’t think the G-code interpreter of a 3d printer has those features I know mach3 did not a few years ago..