Brute Forcing Passwords with a 3D Printer

Many of us use a 4 digit pin code to lock our phones. [David Randolph] over at Hak5 has come up a simple way to use a 3D printer to brute force these passwords. Just about every 3D printer out there speaks the same language, G-code. The same language used in CAD and CNC machines for decades.

[David] placed a numeric keypad on the bed of his printer. He then mapped out the height and positions of each key. Once he knew the absolute positions of the keys, it was easy to tell the printer to move to a key, then press and release. He even created a G-code file which would press every one of the 10,000 4 key pin combinations.

A file this large was a bit unwieldy though, so [David] also created a python script which will do the same thing — outputting the G-code and coordinates to brute force any 4 pin keypad. While a printer is quite a bit slower than Hak5’s own USB Rubber Ducky device (which acts as an automated keyboard), it will successfully brute force a password. Although most phones these days do limit the number of password attempts a user gets.

[David] admits this is probably useless in a clandestine/hacking application, but the video is still a great introduction to G-code and using 3D printers for non-printing functions.

Interested in pushing 3D printers to print more than just plastic? You can always print chocolate.

17 thoughts on “Brute Forcing Passwords with a 3D Printer

  1. At first I thought he was going to use the nozzle of the printer to actually tap on the screen, and I thought that was a rather bold move.

    Punching keys on a pad is a much safer approach.

  2. If you REALY trusted your 3D printer and the quality of you G code why not!

    Attach spring loaded stylus and all would be good.

    I wonder if anyone has used their 3D printer as a pick n place machine.
    Substitute the extruder with a vacuum nozzle. Pick up component from tray and place at location on pcb.

  3. 4 digit PIN? If you can remember 4 digits, you can just as easily remember a few more. While not entirely secure, I’ve used my high school locker combination for years. I doubt you could find a list of locker assignments from nearly 20 years ago but who knows?

    In many other countries, 6 digits PINs are becoming the norm for credit & debit cards. Good luck getting a 3D printer to run through a million combinations.

    1. That’s where the USB rubber ducky would come in (essentially the same result as using a Teensy). This isn’t the best (or even the most practical) way to brute force a password – but it does work, and it’s interesting – good enough for a feature here.

  4. This is one of the cases an Arduino or any microcontroller of your choice with USB capabilities could’ve done the job easily. Using the 3d printer is .. i guess good if you want to showcase gcode :P

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s