Aug 4, 2013

R2B2 - 3d printed robot for cracking mobile phone PINs

Robotic Reconfigurable Button Basher (R2B2) is a robot designed to manually brute force PINs or other passwords via manual entry. R2B2 can operate on touch screens or physical buttons. R2B2 can also handle more esoteric lockscreen types such as pattern tracing. R2B2 can crack a stock Android 4 digit PIN exhaustively in 20 hours. Times for other devices vary depending on lockout policies and related defenses.
Built for under $200, using three $10 servomotors, a plastic stylus, an Arduino microcontroller, 3D-printed plastic parts created from a Makerbot 3D printer, and a five dollar webcam that tracks if the bot has successfully guessed the code.

The device can be controlled via USB, connecting to a Mac or Windows PC that runs a simple code-cracking program. The researchers plan to release parts lists, detailed build instructions, and STL files for 3D printed parts at the time of their Def Con talk.

Not all phones are as susceptible to the R2B2's cracking. Apple's iOS, for example, increases the time between PIN attempts after each incorrect guess. But there is only 30 seconds delay after every five wrong guesses in Android phone. At that rate, the robot can still guess five PINs every 35 seconds, or all 10,000 possibilities in 19 hours and 24 minutes, according to Forbes.

It is based on Delta Robot: