Showing posts from July, 2015

Windows Phone PIN cracking

Windows Phone  8 and greater allows the user to lock/unlock the phone by using a numeric PIN code: it's even possible to use a complex  alphanumeric password. This post addresses how to obtain the simple  numeric PIN code by cracking the authenticator  kept in the SOFTWARE hive. an useless quest? Actually if you have a physical  access to a Windows Phone you don't need the user pincode to examine the user data: with the proper hardware you can usually get a whole dump of the un-encrypted device memory. To my current knowledge the pincode is not used anywhere if not for device locking, so it's almost useless to know it. If the device is under a properly configured MDM, you could face a fully encrypted phone with TPM: in this case you'll have no chance to crack the pincode, even if more testing should be done. This is exactly what I thought when my colleague Mattia Epifani tried to lure me with the Windows Phone PIN issue: he knows the curious monkey inside me.