The USB HID Gadget driver provides emulation of USB Human Interface Devices (HID). This enables an Android Nethunter device to emulate keyboard input to the locked phone. It’s just like plugging a keyboard into the locked phone and pressing keys.
This takes a bit over 16.6 hours to try all possible 4 digit PINs, but with the optimised PIN list it should take you much less time.
You will need
A locked Android phone
A Nethunter phone (or any rooted Android with HID kernel support)
USB OTG (On The Go) cable/adapter (USB male Micro-B to female USB A), and a standard charging cable (USB male Micro-B to male A).
Turn your NetHunter phone into an Android PIN cracking machine
Unlike other methods, you do not need ADB or USB debugging enabled on the locked phone
You don’t need to buy special hardware, e.g. Rubber Ducky, Teensy, Cellebrite, XPIN Clip, etc.
You can easily modify the backoff time to crack other types of devices
Optimised PIN list
Bypasses phone pop-ups including the Low Power warning
Detects when the phone is unplugged or powered off, and waits while retrying every 5 seconds
Configurable delays of N seconds after every X PIN attempts
Android-PIN-Bruteforce is used to unlock an Android phone (or device) by bruteforcing the lockscreen PIN.
Find more information at: https://github.com/urbanadventurer/Android-PIN-Bruteforce
crack Begin cracking PINs
resume Resume from a chosen PIN
rewind Crack PINs in reverse from a chosen PIN
diag Display diagnostic information
-f, --from PIN Resume from this PIN
-m, --mask REGEX Use a mask for known digits in the PIN
-t, --type TYPE Select PIN or PATTERN cracking
-l, --length NUM Crack PINs of NUM length
-d, --dry-run Dry run for testing. Doesn't send any keys.
-v, --verbose Output verbose logs.
android-pin-bruteforce <command> [options]
Supported Android Phones/Devices
It has been tested with these devices:
Samsung S5 with Android 6.0.1
Optimised PIN list
pinlist.txt is an optimised list of all possible 4 digit PINs, sorted by order of likelihood. pinlist.txt is from here