Samsung S7 Edge Android 7.0
G935FXXS2DRC3
Handset requires PIN on Boot
Any suggestions much appreciated.
Ive tried
1 to 6 Digit pin
4,5,6 and 7 digit pins
Was partially through 8 digits
Very time consuming
Thoughts / ideas much appreciated
Cellebrite CAS can support this case.
HD-Box could brute force that for you
What did you use to brute force ?!
7+ PINs are rare, since they are hard to type - while driving for example )
Are you sure it is not asking for password instead of PIN ?!
CAIS has been used.
I was wondering if anyone had heard of anything else.
Re the PIN
I totally agree, 7+ digits seems a little to long as studies show 11 digits is roughly the max the human mind is capable of.
Its certainly a PIN as the keyboard is only set to allow Digits , I can not input an Alpha Numeric / Symbol password.
I totally agree, 7+ digits seems a little to long as studies show 11 digits is roughly the max the human mind is capable of.
I'm not sure what studies you're referring to, but I would expect them to say '11 *random* digits' as well as specify clearly what sample population the observations are valid for. Most are valid only for students at a particular university…
In a file with cracked passwords that I have collected (thus very probably PINs that someone has remembered), I find the majority of PIN entries (i.e. digits only) to be 11 or less, as you state, but I have more than 6000 16-digits PINS, and around 100 24-digit pins. The longest are 255 digit PINs, but as some are all the same digit ('00000…', '1111…' and '5555…') – I suspect an effect of a max-length of 255 characters in PIN together with auto-repeat keyboard press key until it beeps (or for x seconds, leading to string truncation), or something like that, but no exceptional memory.
Very many long PINs have an initial sequence of '0000…', followed by a 7-digit (or longer) more random sequence. ('1111…' are also present, but less common.)
So throwing all remaining long PINs found in any of the 'standard' password leaks (such as the rockyou leak files, for example) might be an idea.
Or … start with 'numbers' from personal relation social security numbers, say, or phone numbers or dates … or just possibly credit card numbers. (I would do all 8-digit dates before I did any more random 8-digit sequences, for example, and I might start by looking at 'nearby' years first). And possibly extend with '0000…' .
Well, you should look for a signed eng. boot which disables the PIN for your device and flash it.
If CAS failed opening it, that is the next thing I'd do )
No, this will never work on a Secure Startup phone (given it was properly identified as one).
Secure Startup means it is actually encrypted with the user passcode, therefore there is no way around discovering the passcode, and engboot will give you root but a fully encrypted user data partition.
If you have a valid brute force method, that’s the only way in.
Dont trust cellebrite advanced support because i want to send them a telephone and they sait we can do everything but when my customer said them we will go to telaviv and we can gave you money whatever you want they didnt answer us.