Password and PIN systems are often encountered on mobile devices. A software approach to cracking these systems is often the simplest, but in some cases there may be no better option than to start pushing buttons. This talk will cover automated PIN cracking techniques using two new tools and discuss the practicality of these attacks against various PIN-secured systems.
Robotic Reconfigurable Button Basher (R2B2) is a ~$200 robot designed to manually brute force PINs or other passwords via manual entry. R2B2 can operate on touch screens or physical buttons. R2B2 can also handle more esoteric lockscreen types such as pattern tracing.
Capacitive Cartesian Coordinate Bruteforceing Overlay (C3BO) is a combination of electronics designed to electrically simulate touches on a capacitive touch screen device. C3BO has no moving parts and can work faster than R2B2 in some circumstances.
Both tools are built with open source software. Parts lists, detailed build instructions, and STL files for 3d printed parts will be available for download.
A lucky volunteer will get to have their PIN cracked live on stage!.
Justin Engler (@justinengler) is a Senior Security Engineer for iSEC Partners. Justin specializes in mobile and application security. Justin has previously spoken at DEF CON and BlackHat. Justin is not a roboticist, but will play one on DEF CON TV.
Paul Vines is a student at University of Washington and an iSEC Security Engineering Intern.