This time on the show, an online brute force attack against Android successfully defeats 4-digit PIN codes in about 16 hours using the USB Rubber Ducky without wiping user data. Plus, BackBox Linux - is this a pen-testing OS for every day use? All that and more, this time on Hak5.


Download HD | Download MP4


Android Brute Force Attack with USB Rubber Ducky

Brute forcing Android PIN authentication with a USB Rubber Ducky. Thus far it works perfectly on a Galaxy Nexus running the latest Android 4.2.1. I've also tested it with a Galaxy Note 2 running 4.2.1 and it has run as expected.

I'm very surprised that with the stock Android OS and recommended settings of setting a PIN code this was possible. I had expected the phone to reset or format after 100 attempts or something like that.

With a 4 digit PIN and the default of 5 tries followed by a 30 second timeout you're looking at a best case scenario of exhausting the key space in about 16.6 hours. Not bad all things considered. If you're the NSA or the Mafia that's totally reasonable, I'd say. Thankfully the USB Rubber Ducky never gets tired, bored or has to pee.

Rather than post the nearly 600K duckyscript I'll just post the bit of bash I used to create it. You could modify it to do 5 digit, but that would take 166 hours. 10 digit would take 1902.2 years. ;-)

echo DELAY 5000 > android_brute-force_0000-9999.txt; echo {0000..9999} | xargs -n 1 echo STRING | sed '0~5 s/$/nWAIT/g' | sed '0~1 s/$/nDELAY 1000nENTERnENTER/g' | sed 's/WAIT/DELAY 5000nENTERnDELAY 5000nENTERnDELAY 5000nENTERnDELAY 5000nENTER/g' >> android_brute-force_0000-9999.txt


BackBox Linux

Daniel says: Have you heard of Back Box? It's an Ubuntu based OS with a focus on pen testing with an XFCE desktop. But, unlike backtrack it is actually functional as a day to day OS. I've been using it as my main OS for 5 months now and I truthfully believe it doesn't receive enough attention.

Download Back Box Linux

Leave a Reply

Your email address will not be published. Required fields are marked *



  • ThenoobHacker 3 years ago

    Just purchased Rubber Ducky cant wait to get my hands on it ………………..

  • I would like to see the ducky unlock the phones from the carrier.

  • Anders 3 years ago

    Details is broken, no download links. =(

  • hax0r 3 years ago

    Is there a download link please? me and my cat like to watch haK5 on my tablet.

    The show is awesome, maybe Ramsie could join the team?.

  • Hi,
    could you please put the download links, as on other episodes ?
    Thanks !

  • hax0r 3 years ago

    Thanks for the download links, now me and tigg3r can watch hak5 on my tablet.

  • Grant 3 years ago

    I Love BlackBox, It’s my main OS for a few reasons, one it’s Linux, odd as I may be, I’ve never really used Mac or Windows… I’ve only used Linux my whole computing life (yes I used the apple II’s in school when I was very little, and I used MS Word a few times in HS, but I *really* don’t know how to use those systems) also because it’s a solid security/pen-testing system, and I fell in love with xfce after gnome3 severely disappointed me and I never liked the look and feel of KDE… I also use it because I have a lean system (like AMD athlon 64 3500+ 2204 MHz, with 1GB RAM lean… what, I’m probably the poorest person you’ll ever meat, homeless not included… I built it from parts my local thrift store was throwing away, the whole sys cost me $0.19 USD for a jumper) and I have a few friends with way underpowered systems… My 4GB thumb-drive with BlackBox live can penetrate most of there systems, and BackTrack couldn’t touch my system if it wanted to, I know I tried using it, I don’t have sufficient resources to support it, and when trimmed and tweaked it still didn’t wanna play nice with my video… lol this means, using BT to pen my machine with a physical access type attack where one would boot into say a live OS to bypass my sec’ would fail, where BB would prevail at the same task… this is the very same type of attack I used to demonstrate to the admins at my local library how the software for there login routine and session timer, and access permissions limiting, could all be moved from C:\Program Files\PC-Cop etc. to C:\pwned-sec-apps and then I could boot in with tinyPass and I now have no requirement to login and I’m not timed, but I am Admin on that machine and I… well you get the point, and I find it is easier, and faster to do these things with a lighter weight Live USB than a heaver one… and I likely could have pwned the network while in BB and with a well placed Trojan, and ducky attack on win side of the library sys, I could have done all sorts of damage, and them since I simply moved there sec’wares to a folder an didn’t delete them, I could restore the system to look as though it had never been touched, they wouldn’t find out until I had control for a long while…

  • Eirik Trenchard 3 years ago

    Download link does not work

  • how do i get/use bash?
    i have never heard of it before seeing this,
    and i have had problems getting it

  • Sadukar 1 year ago

    Would this work on a phone with a busted digitizer? I’m trying to back up my old phone, and I can’t access it since I turned USB debugging off for security purposes.

  • If you would like to get much from this post then you have
    to apply these strategies to your won blog.

  • My brother suggested I would possibly like this blog.
    He was once totally right. This submit actually made my day.
    You can not imagine just how so much time I had spent for this info!

    Thank you!

  • Just wish to say your article is as astonishing. The
    clearness in your post is just excellent and i can assume you are an expert on this subject.
    Fine with your permission let me to grab your RSS feed to keep up to date with forthcoming post.

    Thanks a million and please continue the rewarding work.

  • Its like you read my mind! You appear to know a lot about
    this, like you wrote the book in it or something. I think that you can do with a
    few pics to drive the message home a little bit, but instead
    of that, this is great blog. A great read. I’ll certainly be back.

  • Injecting in numerous spots and inserting a warm compress over the world before you do the injection are methods to help reduce these unwanted
    side effects.

  • It’s great that you are getting ideas from this article as well as from our dialogue made at this time.

  • Peculiar article, totally what I was looking for.

  • I could not refrain from commenting. Well written!

  • Thanks for sharing your thoughts about Episodes.

  • To do this you should subtract your remaining payment in the average market price for your home at the present time Piesse
    no teletrack payday cash advances offer many benefits, if as an average american you would spend a major a part of salary
    only within the first week from the month.

  • Hello, I think your website might be having browser compatibility
    issues. When I look at your blog in Safari, it looks fine but
    when opening in Internet Explorer, it has some
    overlapping. I just wanted to give you a quick heads up! Other then that, fantastic blog!

  • Although AMD Athlon processors are manufactured to have lower heat production,
    cooling fans will help cool the processors more effectively especially if you plan to over-clock your CPU.
    The CPU (Central Processor Unit) handles all the math aand processes
    to run programs and mostly keep “alive” your computer, and the GPU (Graphicss Procesor Unit) does its shzre with the image you see on your monitor.

    Dell Inspiron M501R Laptop Technical Specification:.
    This year exhibition is currently scheduled to last from Thursday,
    January 6 to Sunday, January 9. If AMD doesn’t speak to
    you in that way, intrepid tech investors have othr options.

  • When it comes to sports, Arizona features the dumbest politicians in the country when it comes to sports spending.
    Dexterity and control: to increase control of the ball, the players have improved balance during tough
    actions. By 1871, the Football Association had fifty member clubs and the FA cup began.

  • Howdy! Would you mind if I share your blog with my zynga group?

    There’s a lot of folks that I think would really appreciate your content.
    Please let me know. Thanks

  • Howdy would you mind sharing which blog platform you’re working with?
    I’m planning to start my own blog soon but I’m having a hard time making
    a decision between BlogEngine/Wordpress/B2evolution and
    Drupal. The reason I ask is because your design and style seems different then most blogs and
    I’m looking for something unique. P.S Apologies for being
    off-topic but I had to ask!

  • From the World Food Conference for the World Bank, most
    of the people agree the central emphasis have to be on integrated rural development useful
    site Phoenix CRIMINAL lawyer when apple items are shipped out
    of china on the market around the world, these inflate china’s
    exports and balance of trade.

  • Nonetheless, subprime and high-risk auto loan lenders can be described as a way out of bankruptcy for individuals who will be coping with
    financial difficulty Dennis Byrd Jersey once you
    complete the easy application, it can be accessible to have
    an burning approval and electronically assurance your
    abstracts in a majority of account together with your claimed computer and internet access.

  • I do not even know how I ended up here, but I thought this post was
    good. I don’t know who you are but certainly you are going to a famous blogger if you are not already 😉

  • Hi, i read your blog occasionally and i own a similar one and
    i was just curious if you get a lot of spam remarks?
    If so how do you protect against it, any plugin or anything you can suggest?

    I get so much lately it’s driving me mad so any assistance is very much appreciated.

  • Thanks for another wonderful article. The place else may just anyone get that type of info in such a perfect approach of writing?
    I have a presentation next week, and I am at the search
    for such information.

  • Making the time and effort to call an car loans modification specialist could make every one of
    the difference inside world for all those hoping to help keep their RV, boat,
    auto Glendora Tonschock before you receive home equity loan, you need to research
    about the available options.

  • And once you are struggling financially, especially once you are struggling
    to pay your monthly home loan commitment payments, this option could possibly be highly appealing
    to you karrie Askwith the funny thing is most of the people stress out within the
    guidelines without actually reading them.

  • When someone writes an paragraph he/she retains the idea of
    a user in his/her mind that how a user can understand it.
    Therefore that’s why this paragraph is outstdanding. Thanks!

  • Hi there, I discovered your web site by way of Google while
    looking for a related topic, your site got here up, it appears great.
    I’ve bookmarked it in my google bookmarks.
    Hi there, just became alert to your weblog through Google, and found that it’s really
    informative. I’m going to watch out for brussels. I will appreciate in case you proceed
    this in future. Numerous other folks will probably be benefited from your
    writing. Cheers!

  • Hmm it looks like your website ate my first comment (it was super long)
    so I guess I’ll just sum it up what I submitted and say,
    I’m thoroughly enjoying your blog. I as well am an aspiring blog writer but I’m still new
    to the whole thing. Do you have any tips for inexperienced
    blog writers? I’d genuinely appreciate it.