Sunday, August 27, 2017

Android Oreo Adds Commands to Programmatically Change the Lockscreen Pin, Password, or Pattern

Android Oreo holds many secret improvements by the looks of things. Theme support, notifications disabled on Android TV, reduced unlock latency and more. All of these have been within the commit history for Oreo, ie. not found in an official changelog, but there's even more we've uncovered. One such discovery is a command to programmatically change the lockscreen pin, password, or pattern. This might not seem useful at first glance, but there are some interesting applications for this command which we'll outline below after showing you how to use it.

Warning: messing with these commands can potentially lock yourself out of your device if you are not careful. You have been warned. This is simply to show the new commands Google has added and also to show you in theory what you can do with it. Do not mess with this if you can't afford to lose your data, or if you aren't rooted. If you accidentally lock yourself out of your device and have root, delete the following files in /data/system: gatekeeper.pattern.key, gatekeeper.password.key, and any other gatekeeper files.


Changing the Lockscreen Pin, Password, or Pattern Programmatically

With Android Oreo, there have been a few new debugging commands added to change the various lockscreen methods. Following this commit the commands would appear to be as follows. Note you need to use adb shell first, as these need to be executed via the device's shell. These commands are used for setting the pattern, pin, or password of the lockscreen but as you can see can also clear these too if you need to.

  locksettings set-pattern   locksettings set-pin  locksettings set-password  locksettings clear  

It's fairly obvious what these commands do. A pattern is a little different, but simple enough to understand. As an example, for a pattern as seen on the right, the command you use is the following.


locksettings set-pattern 159

Patterns are set via each cell being given a number, so the top left is "1", the middle is "5" and the bottom right is "9". This is how we reach 159 – you just map the position of each pattern dot into a number like it's a T9 dialer.

As an important note, any pin, password, or pattern that you set using these methods also updates the encryption password just as it would if you set it from Settings. There is a way to set a different encryption password from your lockscreen one, but it's not recommended unless you know what you're doing.

The Return of TimePIN?

A potentially interesting use case on rooted devices running Android Oreo would be to recreate an application like TimePIN. What TimePIN did was it dynamically changed the PIN number of the lockscreen to be the current time, though you could mix it up by inverting the number, offsetting it, etc. to make it even more secure. For example, at the time 11:56, the pin would be 1156. If there is an offset of -1003, the the actual pin would be 0153.

With the release of Android Marshmallow, this ability was broken when device administrator applications could no longer change passwords on the device. But thanks to these new commands, it should be possible to replicate this functionality on a rooted device.

We have created a proof of concept Tasker profile based on this concept! We highly recommend not using this, since it was thrown together quite quickly and does not guarantee it will work flawlessly. Do not use this if you seriously want TimePIN-like functionality. If you're a developer who is reading this post and think you might be able to make an app out of this, be our guest!

You can download the Tasker project from here. Import it by first disabling Beginner Mode in Tasker's preferences, then in the main screen long-press on the home icon in the bottom left to bring up the import option. Find and import the .prj.xml file. To set it up, you'll need to do two steps:

  1. Go to the var tab in Tasker and set your current pin to %OldPIN
  2. Open up the Task for the "Device Shutdown" Profile. In the Run Shell action, add the backup pin you want at the end of the command. Also make sure there's a space between %OldPIN and your backup pin. Your command should look like this: locksettings set pin –old %OldPIN 3523

Now enable both profiles.

Remember, currently changing the pin will also update the encryption pin, so if you aren't careful with it, you may accidentally be unable to decrypt the data in your phone. We want to reiterate that the above is a proof of concept we're putting out in the hopes that a more competent developersmay look into this properly.


Wrap-up

Overall this is an interesting development that may be useful to others who want to create dynamic PINs on their phone, or maybe even those who need to save their phone if debugging is left on and allowed on a computer. The Tasker profile above simply invokes the adb commands through the Android shell, and thus can change the PIN like the adb commands can.



from xda-developers http://ift.tt/2xnZ26L
via IFTTT

No comments:

Post a Comment