Browse code

Reverted and extended combinations script to calculate pattern count for dot selections. Don't display 0 combination lines in program summary. Add pattern count and patterns to analysis spread sheet.

Puskás Zoltán authored on 06/05/2012 23:39:02
Showing 4 changed files

1 1
Binary files a/doc/analysis.ods and b/doc/analysis.ods differ
... ...
@@ -67,7 +67,7 @@ compensated for by limiting the speed and amount of tries. The phone allows
67 67
 5 tries before suspending the lock screen for 30 seconds (both PIN and pattern). 
68 68
 The limit for pattern tries is set to 20 before it locks the user out completely
69 69
 and asks for the Google account and password. For PIN I don't see any limits or
70
-at least it is set to a high value (after 50 wrong codes I'm still not locked 
70
+at least it is set to a high value (after 60 wrong codes I'm still not locked 
71 71
 out).
72 72
 
73 73
 The table above shows that by using patterns that are at least five dots long
... ...
@@ -78,3 +78,10 @@ combination and a 7 dot long pattern is similar in strength to a 5 digit PIN
78 78
 combination. However a 6 digit PIN is already more secure then all the
79 79
 patterns combined together.
80 80
 
81
+However life is not purely mathematical. Most (all?) of the touchscreens will
82
+retain a smudge from the fingers after usage. Sometimes it is just chaos but
83
+if the unlock pattern is used regularly the patterns path can be seen viewed
84
+from certain angles. This is also the case for the PIN mode. Dots on the screen
85
+can be seen at the locations of the numbers. So lets see how does this help
86
+the attacker.
87
+
81 88
new file mode 100755
... ...
@@ -0,0 +1,44 @@
1
+#!/usr/bin/python
2
+#
3
+# Android unlock pattern combinations script
4
+# Copyright (c) 2012 Zoltan Puskas
5
+# All rights reserved.
6
+#
7
+# This program is free software and redistributred under the 3-clause BSD
8
+# license. For details see attached license file COPYING
9
+#
10
+# Maintainer: Zoltan Puskas <zoltan@sinustrom.info>
11
+# Created on: 2012.02.03.
12
+#
13
+
14
+import re
15
+from subprocess import *
16
+
17
+# conbination generator function
18
+def combination_iter(elements, length):
19
+    for i in xrange(len(elements)):
20
+        if length == 1:
21
+            yield (elements[i],)
22
+        else:
23
+            for next in combination_iter(elements[i+1:len(elements)], length-1):
24
+                yield (elements[i],) + next
25
+
26
+# function get combinations for a set of elements				
27
+def combination(l, k):
28
+    return list(combination_iter(l, k))
29
+
30
+# for all valid ranges of points calculate dot choices
31
+for num in range(4, 10):
32
+	print "If choosing %i dots out of 9 the number of different choices is %i " % (num, len(combination(range(1, 10), num)))
33
+
34
+print "Number of valid patterns for each dot choice"
35
+for num in range(4, 10):
36
+	valid_pat = re.compile(r'Number of patterns for length ([0-9]+): ([0-9]+).*')
37
+	for combo in combination(range(1,10), num):
38
+		dotlist = ''.join(map(str, combo))
39
+		p = Popen(' '.join(["../bin/aupatterns -g", dotlist]), stdout=PIPE, shell=True)
40
+		for line in p.stdout.readlines():
41
+			m = valid_pat.match(line)
42
+			if(valid_pat.match(line) and int(m.group(1)) == num):
43
+				print ' '.join([dotlist, m.group(2)])
44
+
... ...
@@ -1,7 +1,7 @@
1 1
 /*
2 2
  * Andorid unlock pattern calculator.
3 3
  * Copyright (c) 2011  Zoltan Puskas
4
- *  All rights reserved.
4
+ * All rights reserved.
5 5
  *
6 6
  * This program is free software and redistributred under the 3-clause BSD
7 7
  * license as stated below.
... ...
@@ -442,9 +442,11 @@ void print_summary(const struct tree_node * const root_node)
442 442
     count_valid_patterns(root_node, pattern_count, 0);
443 443
 
444 444
     for (i = 0; i < MAX_POINTS; i++) {
445
-        printf("Number of patterns for length %d: %d\t\
446
-                Minutes to brute-force*: %d\n",
447
-                i+1, pattern_count[i], pattern_count[i]/5);
445
+        if(pattern_count[i] > 0) {
446
+            printf("Number of patterns for length %d: %d\t\
447
+                    Minutes to brute-force*: %d\n",
448
+                    i+1, pattern_count[i], pattern_count[i]/5);
449
+        }
448 450
         sum += pattern_count[i];
449 451
         if (i > 2) valid_sum += pattern_count[i];
450 452
     }
... ...
@@ -452,7 +454,7 @@ void print_summary(const struct tree_node * const root_node)
452 454
     printf("Number of all available patterns: %d\n", sum);
453 455
     printf("Number of valid patterns (length >= 4): %d (Brute-force* %d mins)\n",
454 456
             valid_sum, valid_sum/5);
455
-    printf("(* assuming 5 tries in 30 seconds and then a 30 second timeout)\n");
457
+    printf("(* assuming 5 tries in 30 seconds and then a 30 second timeout, no limit on number of tires)\n");
456 458
 
457 459
     return;
458 460
 }