2025-05-29 06:39:42 +03:00 · 2021-06-22 22:49:18 +03:00 · 2021-06-22 22:49:18 +03:00 · 831d082e4f
commit 831d082e4f
1 changed files with 98 additions and 0 deletions
--- a/app_shield_bruteforce.py
+++ b/app_shield_bruteforce.py
@ -0,0 +1,98 @@
 import subprocess
 from time import sleep
 # from time import time
 """
 This script bruteforce applock (aka Privacy Protection) feature in MIUI.
 !NO ROOT NEEDED!
 It can be useful if you forgot password
 If you wanna just get access to locked app then execute in adb shell:
 settings put secure access_control_lock_enabled 0
 But it doesn't give you access to applock settings.
 If you want to get access to that settings then you have to use this script
 -1. Some names may be inaccurate because I used Russian interface
 0. It works only with 4 numbers pin code
 0.1 It has been tested only with Redmi Note 8 pro, for others phone
 you may have to get screen coordinates of numbers in screen keyboard
 1. Open screen of app lock settings with pin code requirements (Settings -> App -> Apps protection)
 2. Run this script
 3. Wait
 Common algorithm of the script:
 1. Choose next pin to test (from range 0000 -> 9999)
 2. Enter it by using "input" command
 3. By using command "settings get secure applock_countDownTimer_deadline" find out if pin was correct. If was then exit from script
 4. Press back key by using "input" command
 5. Reset KD timer by "settings put secure applock_countDownTimer_deadline 0" command (that's why it all works)
 6. Enter into applock pin requirements screen
 7. Back to point 1
 Special thanks to 
 https://www.webcazine.com/19186/miui-what-to-do-if-youve-forgotten-your-privacy-protection-password/
 """
 """
 key x   y
 1   230 1525
 2   537 1534
 3   853 1502
 4   256 1723
 5   528 1737
 6   850 1761
 7   208 1870
 8   510 1917
 9   841 1904
 0   532 2100
 """
 app_guard = [815, 1110]  # coords for app guard button
 def number2coords(number: int):
    return {
        1: [230, 1525],
        2: [537, 1534],
        3: [853, 1502],
        4: [256, 1723],
        5: [528, 1737],
        6: [850, 1761],
        7: [208, 1870],
        8: [510, 1917],
        9: [841, 1904],
        0: [532, 2100]}.get(number)
 def exec_adb_shell(command: str):
    print(f"$ {command}")
    command = command.split()
    process = subprocess.run(['adb ', 'shell', *command], capture_output=True)
    if process.returncode != 0:
        print(f"returncode {command.returncode}")
        print(f"command: {command}")
        exit()
    return process.stdout
 for i in range(0, 10000):
    # time1 = time()
    i = '{:d}'.format(i).zfill(4)  # convert 0 -> 0000
    print(f'Trying {i}')
    for number in str(i):
        coords = number2coords(int(number))
        command = f'input tap {coords[0]} {coords[1]}'
        exec_adb_shell(command)
    if exec_adb_shell('settings get secure applock_countDownTimer_deadline') == b'0\r\n':
        print(f"I found code: {i}")
        break
    exec_adb_shell('input keyevent 4')  # back key
    sleep(0.1)
    exec_adb_shell('settings put secure applock_countDownTimer_deadline 0')  # reset kd timer
    exec_adb_shell(f'input tap {app_guard[0]} {app_guard[1]}')  # open app guard back
    sleep(0.1)
    # print(f"Iteration took {time()-time1}s")
    # print("End of loop")