KeyPad Bruteforcer

Author: Dave
Date: 07.19.13 - 12:08pm

Played around doing some research this week to see if I could brute force a physical keypad based login using a netduino.

Download: Sample project files

After a lot of playing around, i finally got it working and stable. I did however have to introduce a 50ms delay in the keypad scanning loop to give the spoofer enough time to detect which row was being scanned next so it could decided whether or not to send its keypad signal. I first tried using interrupts, but settled on using direct reads within a while loop which seemed more reliable.

When running the full sequence, with the mandatory delays for the LED blink cycles and key send timeouts, it took 6 minutes to reach the password of 123 (which was also the 123rd try out of a total possible 1000 combinations for a 3 digit numeric code)

For take 2, I hooked up a relay bank to emulate the keypad. This setup worked on keypad readers that did a constant scan as well as interrupt based ones. Lot more wiring, but it was stable, no false keypresses and did not have to modify the keypad scanner program to introduce any delay.

I do have to say that the netduino is a very slick piece of hardware! Breakpoints and mouse over variable values at run time in Visual Studio. Full intellisense and syntax code highlighting. One click deployment and live debug output. Micro controllers dont get any better than this. The last thing i played with was a Motorolla HC11a which took a TON of labor to write, deploy and debug software on.

After the first attempt, I also did a little post experiment googling and found the relay approach: Brute force finds the lost password for an electronic safe

Comments: (0)

Leave Comment:
Email: (not shown)
Message: (Required)
Math Question: 56 + 99 = ? followed by the letter: D 

About Me
More Blogs
Main Site
Electronic dividing head
Thoughts on next RC blower
Crawl Space Forklift
Remote Control Snowblower
Servo control for linear actuator
Arduino RC motor control
Keyboard Emulation
Arduino w/ win2k
Arduino Snowblower chute control
Attic Fan Remote Control
Robotic Arm
ATTiny Watchdog
IoT Humidor v2
Arduino Bugs
Arduino INI library
Arduino Yun
long watchdog
Arduino runtime config
CNC Rotary table
AutoWater humidifier
Humidor AutoWater
KeyPad Bruteforcer