Bypassing the unlock PIN code on Android

securityIf you have an Android phone that has a screen lock code set, you can bypass the PIN, password, or gesture, and unlock the phone by following these simple steps.

Bypassing the unlock code

Phone has USB debugging enabled

  1. Install the Android SDK on your Windows, Mac OS X, or Linux computer.
  2. Plug your phone into the USB port
  3. Locate the adb binary in your SDK
  4. adb shell cat /dev/null > /data/system/password.key
  5. adb shell cat /dev/null > /data/system/gesture.key

Phone has USB debugging disabled (default)

  1. Get the software from your phone manufacturer for flashing (Heimdall/Odin on Samsung phones)
  2. Put phone into download mode
  3. Install a custom recovery console like ClockworkMod (CWM)
  4. Use the recovery console to overwrite the files from steps 4 & 5 in the above procedure

Device data security tips

  1. Don’t leave USB debugging on
  2. Don’t install a recovery console that isn’t password protected
  3. Use a strong screen lock password
  4. Encrypt the contents of your SD card (and phone if possible)
  5. Don’t install any apps you don’t trust
  6. Set a credential storage password if credentials are stored
  7. Install a device recovery app
  8. Don’t let me near your device

This isn’t meant to be an exhaustive article. I was challenged last week by my girlfriend to bypass the unlock code on her phone. It would have been easy if she had USB debugging enabled. It was only slightly more difficult that she didn’t have it enabled, because she had a custom recovery console that was not password protected that allowed me to update files. If your phone has not been rooted and doesn’t have a custom recovery console, this will be more difficult.

This was tested on Android 2.2.1 where an empty password or gesture file results in a successful auth check.

Leave a Reply

Your email address will not be published. Required fields are marked *