Need help brute forcing a password...

Matthew_Robbins · April 21, 2018, 5:46pm

Hey.

I bought a garmin gps off goodwill.

It’s locked with 4 digit pin that seems pretty impossible to backdoor with resets. It requires literally sending it to the factory—they can’t do it over the phone or computer.

I found this:

http://www.datagenetics.com/blog/september32012/index.html

Have you ever seen a list like that that is the complete list? He only shows the top and bottom 20, plus a few more.

The graph is encouraging. It says you can brute force the top 426 and get a 50% chance of success.

I’ve already tried 0000-0027, the top 20, the bottom 20, all four-digits the same (0000-9999), 1960-2020, x000.

Interestingly, I tried 1234 first, because I must have seen this article. The article says it works 11% of the time.

The top-20 is quite good, and I’ve extended that some, but I’m hoping someone has an actual list.

I’m trying to think of numbers in pop culture, but I can only think of geekie ones:

0300, 3141, 3142, 1492, 2600

A bunch of people seem to have built CNC devices to do this:

https://www.youtube.com/watch?v=sHp4px45uQY

I’ve got to think this is bad design. It’s secure, but people give away the unit to Goodwill rather than trying to crack it. Theft prevention, maybe, but annoying to actual owners.

It will unlock if you take it to a location that you set up initially.

Matthew

Nancy_Graven · April 22, 2018, 2:01am

4242, 6969, try anything that could be a birthday? Or a year of birth - maybe 1960- 2017?

Nancyg

Brent_Hill · April 25, 2018, 3:15am

From the article you should try all the 19XX numbers as well as the MMDD format numbers for dates. The heat map the author showed is pretty cool.

Matthew_Robbins · April 25, 2018, 3:19am

Thanks! I’ve done 1930-2020, and MMDD formats for Jan-Feb-Mar-Sep-Oct-Nov-Dec. I was thinking the initial 0 for Jan-Sep might not be high probability. But I’ll be trying April to August soon. I go DDs from 00-31.

I asked a friend who buys and sells old Garmins, and he said to keep a log. He’s brute forced two that way.

Matthew

Brent_Hill · April 25, 2018, 3:23am

There are only 366 dates and plenty of people use their birthdays so it seems like a good place to start. Also people might use one of their parents birth years so 1900-1930 is a good range to try.

Matthew_Robbins · April 26, 2018, 4:56am

0510!!!

Was doing MMDD with DD from 00 to 31.

Did through March. Felt the leading Zero was just unlikely. Did December, November, October, and September. Nothing.

Decided from the article that MMDD was the best option. Did 1900-1930 and then April yesterday after Brent’s email reinforced the MMDD format.

Tonight. Watching TV. Looked over at the Garmin. Decided to do May. Lots of typos. 0510. Boom.

I think my charge cable puts the gps into a USB computer link mode. Had to unplug cable to get to the user interface. Turned off the PIN!

w00t!

Matthew

Nancy_Graven · April 26, 2018, 12:26pm

Yaayyyyy!

Brent_Hill · April 26, 2018, 11:02pm

I’ve been working through them on a 4 digit laptop lock I found at work.