{"id":392,"date":"2010-02-08T22:38:20","date_gmt":"2010-02-08T21:38:20","guid":{"rendered":"http:\/\/signal.eu.org\/blog\/?p=392"},"modified":"2010-02-09T19:06:18","modified_gmt":"2010-02-09T18:06:18","slug":"android-pattern-locking-an-horror-story","status":"publish","type":"post","link":"https:\/\/signal.eu.org\/blog\/2010\/02\/08\/android-pattern-locking-an-horror-story\/","title":{"rendered":"Android pattern locking: a horror story"},"content":{"rendered":"\n
Tweet<\/a><\/div>\n

45 seconds of play, ~5 hours of desperate hacking.<\/p>\n

A few days ago, my 4 year old daughter was playing with my mobile phone running Android 1.6. To let her play with the screen while avoiding any mishap, I locked the phone. It was obviously not enough, she instantly found the MENU key to unlock it.<\/p>\n

So I had the brilliant idea to put on a locking pattern<\/a>, the pretty method used on Android to really lock the screen.<\/p>\n

After 5 unsuccessful tries, which my daughter reached in about 15 seconds, the pattern unlocking incurs a 30-second guard delay. I decided that the game was too risky (I found out later there’s also a 20-try hard limit, but we didn’t reach it) and took my phone back.<\/p>\n

There, I had another brilliantly fatal idea: I clicked on the “forgot the unlock pattern” button which just appeared, just out of curiosity to see what would happen next. The phone asked for my Gmail account and password. I filled the requested information, but it didn’t unlock the phone; apparently this is a known Android bug<\/a> that I didn’t know about. And, contrary to what I naively assumed, there was no way to get back to the unlock pattern screen. I rebooted the phone. No change, no escape.<\/p>\n

Then it dawned on me that I was 600 kilometers away from home, for almost a full week, without all my computer tools. And I was locked out of my own phone.<\/p>\n

On the plus side, I had another almost usable (EDGE) mobile connection, and quickly found out a hack to clear the lock pattern<\/a> using the Android SDK tools. I needed a Windows or Linux PC, but I had one at hand.<\/p>\n

So I happily began downloading the 23 MB Android SDK<\/a> zip file. It stuck at 5 MB. I tried again. It stuck again at the same size. Something crappy, either (most probably) in my mobile provider’s network or Google servers.<\/p>\n

Long story short: I ssh<\/a>‘d at home to get the SDK through wget<\/a>. scp’<\/a>d it. Got stuck at 5 MB again. sftp<\/a>‘d it in 5 MB chunks instead. Finally got it where I needed it. Installed it, started it. Discovered that I needed to fetch the USB driver for Android… which is a 6 MB download. I’m sure you can guess what happened next; no ssh<\/a> fallback this time since this download is integrated within the Android SDK tools \ud83d\ude41<\/p>\n

(apparently there were standalone USB drivers <\/a>available, but I didn’t find these until it was too late)<\/p>\n

That’s when I fortunately remembered I had installed the JFv1.43 custom recovery code<\/a> on my phone, which you can activate by pressing the HOME key while powering up the phone.<\/p>\n

So I did, I started a single-user mode root shell directly on the phone, mounted the \/data and \/system partitions, and as described in the fix I referenced above, ran “update system set value=0 where name=’lock_pattern_autolock’;”.<\/p>\n

Reboot. No way. I was still stuck on the Gmail login form.<\/p>\n

After a bit more wrestling with SQL, looking at the system table, I finally found out the cure to my problem:<\/p>\n

update system set value=0 where name=’lockscreen.lockedoutpermanently’;<\/p><\/blockquote>\n

Reboot. I got access to my phone, at last, after 5 hours of cursing. I love Android. What other phone would let me do this?<\/p>\n

Lessons learned:<\/p>\n