hack by peter turner.pdf

April 24, 2017 | Author: Ahmed Elkhawaga | Category: N/A
Share Embed Donate


Short Description

Download hack by peter turner.pdf...

Description

Untangle

Contents Introduction............................................................................................................................................ 3 Untangle ................................................................................................................................................ 4 Effect: ..................................................................................................................................................... 4 Method 1 - Pattern Peek (Works best in good light) ....................................................................... 4 Prepping the phone.......................................................................................................................... 5 Getting the actual peek ................................................................................................................... 5 Additional Notes: .............................................................................................................................. 6 Method 2 - Algorithmic Approach ...................................................................................................... 7 Key things you need to know ......................................................................................................... 7 Method ............................................................................................................................................... 9 Method 3 – Algorithmic method with known starting point........................................................... 10 A reason to pick up the phone ..................................................................................................... 10 Practising your algorithm: ............................................................................................................. 11 Extra random notes:....................................................................................................................... 11 Remember!...................................................................................................................................... 11 Method 4 – Progressive testing ....................................................................................................... 12 Android pattern restrictions ........................................................................................................... 12 Effect ................................................................................................................................................ 12 Method: ............................................................................................................................................ 13 Testing ......................................................................................................................................... 13 Progressively drawing the pattern ........................................................................................... 13 Some thoughts!................................................................................................................................... 14 Thank You ........................................................................................................................................... 14

Introduction There are 389,112 different patterns that can be used to lock an android phone. Compared to 10,000 combinations for a 4 digit pin, a pattern unlock is significantly more secure…..until now! The methods you will learn will make it very easy to unlock any android phone or tablet that has been secured using a pattern. This isn’t just mentalism, it’s the real deal, you are actually unlocking someone’s phone. For entertainment purposes only.

Untangle

Effect: In a nutshell…you unlock the spectator’s phone… The performer asks for the spectator’s phone. He discusses how long they have had it, why they chose this particular model etc. The performer then asks if it would be okay if he tried to guess the unlock pattern. The performer explains that there are around 390,000 combinations of patterns on android compared to 10,000 combinations with a 4 digit pin on iPhones. The spectator says that the performer can try if he likes. The performer opens the phone with the correct pattern on the first try

Method 1 - Pattern Peek (Works best in good light) First off I have to give credit here to Michael Murray of Mind FX fame. While I came up with the following idea independently Michael came up with this idea long before me, in fact a variant of the following method is in his excellent book ‘A piece of my mind’ and he uses it to unlock iPhones, there is a lot to his method so if you want to use this to unlock an iPhone you should really pick up his book, it is full of fantastic nuances which make it possible. His book also mentions in passing that this can be used to unlock android patterns. His book is pretty amazing and I totally recommend it. I also want to give some credit to the research done by the following folk: Adam J. Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, and Jonathan M. Smith Department of Computer and Information Science – University of Pennsylvania I found their research paper after coming up with and trialling my methods. However these guys have already done some great work on systematically proving the real dangers of what they call smudge attacks. I have included some of their findings in the ‘notes’ and ‘key points’ sections later in this book.

Prepping the phone Hold the spectators phone and using your thumbs or just a finger almost like a windscreen wiper, slowly move them at an angle across the screen. This leaves an even smudge on the screen and will make the peek easier to see. The spectator must not see you doing this. Michael Murray suggests transferring some oil from the bridge of your nose or forehead onto your fingers and thumb. This oil can now be used when ‘wiping’ the screen and makes the peek even easier to spot. Thanks Michael for letting me include that excellent tip! It is important to note that the aim here is to get the phone screen as uniform as possible. If you were using a variant of this method whereby you use your own phone, you would prepare your phone in advance by wiping it on your sleeve or jumper or something. Also, I try to make the smudges at about a 30 degree angle. If you make the smudges at a 90 degree or a 180 degree there is the potential that the smudges will mask the initial part of the pattern unlock.

Getting the actual peek Hold the phone so that the screen is facing away from you and ask the spectator to unlock it. The screen goes bright and no smudges are visible to the spectator due to the strong backlighting and the straight angle you are holding the phone at. Face the phone towards you and state how it is interesting how a person’s home screen tells an awful lot about them. You have plenty of time to get your peek now. Tilt the phone slightly and you will see the pattern traced on the screen in grease and smudge! (Lovely) It is much easier to see it if you hit the power button and turn the screen black. Just make sure you wipe away any trace of the evidence before handing the phone back Give the spectator a short personality reading based on their home screen. If you don’t have their pattern by now you can close the effect as a simple personality reading and leave it at that. However, if you peek the pattern (which you should definitely do) you can just hit the power button and test the peeked pattern in both directions to determine which one it is. Then you can ask them if it is ok for you to unlock their screen. The rest is presentation If you manage to wipe the phone clean during the home screen reading you can hand the phone back and ask them if you could try to unlock their phone. At this point you can start mentioning that there are almost 390,000 combinations which is much more secure than the 10,000 combinations with a 4 digit pin. Place your finger at the starting position of the smudge pattern, switch on the power button and give a tiny swipe up to access the unlock screen. Now follow that smudge trail which is either still visible on the phone or in your short term memory to unlock the phone! Use some presentation here and depending on your premise you should be glancing at the spectator or possibly touching

their forehead. You could even make this effect more visual by putting the phone down and asking them to stand up. Take their hand in the air and do a kind of pseudo contact mind reading effect, moving their hand in the air to ‘divine’ their unlock code….then unlock their phone. Make sure you wipe the phone of any remnants of the smudge trail you just created when you unlocked their phone before handing it back.

Additional Notes: Please experiment with this a little before performing it. I have found that it is not suitable for dark environments as you need some light to reflect off the screen to make the smudge trail visible. Just before I get the peek I orient the phone so that the light source is reflected in the top portion of the screen, this gives the best view for you of the smudged pattern. For preshow purposes you can obtain the pattern by taking a photo of the spectators camera screen. For best results take the photo holding your camera at an angle of about 60 degrees. Adjust the contrast on the photo to identify the smudge. It was found in research that virtually any directional lighting source that is not positioned exactly at a complementary angle to the camera will render a recoverable image of the smudge. So when looking at the phone to identify the smudges with the naked eye, simply tilt the phone so that the light source is not directly behind you and hitting the phone at the same angle as you are viewing it. Reference academic paper: Smudge Attacks on Smartphone Touch Screens Adam J. Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, and Jonathan M. Smith Department of Computer and Information Science – University of Pennsylvania

Method 2 - Algorithmic Approach The performer asks for the spectator’s phone. When he picks it up he (secretly) immediately presses the power button, and swipes up and starts trying certain patterns in a methodical fashion. While doing this: he discusses how long they have had it, why they chose this particular model etc. While trying various patterns, as long as contact is maintained on the screen you can pause in your inputting of the pattern. So you can draw half of the pattern, turn the phone around to look at the back (keeping your finger on the screen) and then complete the pattern as you look at another part of the phone. Also, you do not have to look at the screen straight on as you input different lock codes. Practice inputting patterns while the phone screen is only partially visible to you. Between each attempt at a different pattern, you can hit the power button to turn off the screen and flash it at the spectator as you examine the outer shell of the phone, this will subconsciously tell them that you are just looking at the physical form and not actually trying to interface with the software. Some of the things you can pretend that interest you could be scuff marks, the casing characteristics (magnetic clasps, bumps, etc), any dirt in any sockets or ports, dirt on the camera, scratches on the screen. If you can’t get the right pattern all this work is not for nothing as you can lead into method 1 saying that you would be interested in seeing their home screen to get a full picture of the type of person they are. Once you have the correct pattern you can ask if it would be okay if you tried to guess the unlock pattern. You explain that here are around 390,000 combinations of patterns on android compared to 10,000 combinations with a 4 digit pin on I phones. The spectator gives you permission to try if you like. You open the phone with the correct pattern on the ‘first’ try!

Key things you need to know So here are some key things you need to know about unlocking an android phone: 

You have 5 attempts and then you are locked out for a 30 second cool down period and then you can try another 5 times



Certain patterns are more popular than others



There are many variables to pattern selection including ease of input. Creating a pattern input with a 30 degree angle is quite difficult so no-one really uses it, this immediately

reduces the potential number of patterns by 50% to 158,410 patterns (still 15 times as secure as a 4 digit pin) 

The pattern more than likely starts in a corner and according to data collected, there is no correlation between left/right handedness and which side the pattern starts on

Method For this method you need to learn a set of the most common patterns that you can try without having to think about them.

Here is the first set I use if I do not know the starting point of the pattern: o o o o

Z N S L

o

Rotated e

I use the mnemonic ZeNSLE to remember the list and I start in the top right hand corner COOMG is the next set of 5 I use The Os start in the top right corner and there are two of them because you can try one clockwise and one anti-clockwise

Method 3 – Algorithmic method with known starting point If you know the starting point of the pattern it is much, much easier to unlock the phone. So how do you find out the starting point? Here are a few methods: 1. Ask your spectator to unlock their phone but stop them just before they use the unlock pattern, if you time it right you will pick up from the motion of their hand where the starting point is. 2. Ask their friends to have a go opening it, now ask the spectator to show their friends the unlock pattern, just so they know I am not using any trickery While they show their friends try to catch the starting point, how long it takes, some motion etc. Don’t try to peek the entire pattern this way as it is too obvious. I would turn away once I have the first bit of information. Ask the person to show their unlock pattern to their friends. Get one of their friends to try it out just to confirm that it works (by getting a friend to do it they will move slower leaving more of a smudge, so now you can try it both ways) 3. Just ask them where the pattern starts. There are 389,000 combinations and knowing the starting point brings the amount of combinations down to 33,000 which is still 3 times as secure as a 4 digit PIN. I have found that it is perfectly fine to ask the spectator where the pattern starts. I actually tell them that it starts here (pointing to the top left corner) and say ‘right’, if they say yes it’s a hit, if they say no, just say, oh, which corner does it start in. Another way of saying it is using this script ‘Which corner does the pattern start in, here? (pointing to the top left corner)’

A reason to pick up the phone You may feel you need a reason to pick up the phone in the first place. 

  

You could do this as part of a name reveal. Ask if you could see their phone and then take a look at it to get a feel for what type of person they are. If you can’t unlock the phone you can use the phone to help you guess the name they would have chosen (after they peeked the name that is) You could ask them to unlock their home screen, openly view this and link it back to the word, name reveal somehow You could do some cold reading based on their phone. You could take a good look at it before moving into another effect, the checking out of the phone will just make them wonder if it was somehow linked to your deductive/influence/mindreading ability

Practising your algorithm: So using your own android phone or tablet, you can practise cycling through the top 5 common patterns really quickly and unnoticeably. You should have 2 sets of 5 patterns that you can do easily. Also, I have a set of patterns I use if I know the starting point These are S or Z O O L G G

Extra random notes: Select a spectator that does not look like the kind of person that is into computers or phones, they will be more likely to use one of the first five unlock patterns (ZeNSLE).

Otherwise they could have a pattern like this one:

Also, apparently many people use their first initial as a pattern unlock So letters such as O, L, M,N,Z,W,b,d,p,G,e,C,R,S,U,V

Remember! ZeNSLE COOMG S/ZOOLGG

Method 4 – Progressive testing I really struggled with writing this method so hopefully I have explained it ok for you. It is a bit like a progressive anagram but without letters!!

Android pattern restrictions There are some restrictions when generating your lock pattern on an android phone.   

A pattern must consist of at least 4 dots No dot can be used more than once You cannot leapfrog a dot

The above restrictions are great for us because nobody really thinks about them. Because the pattern must be at least 4 dots that means we know that there WILL be a direction change in their pattern. We also know that their pattern will consist of at least two lines.

Effect I want you to think of a simple unlock pattern. Focus on the first part, yes the straight line; it starts in a corner doesn’t it? Is it this corner, no, this one maybe. So focus again on the first part, it’s a straight line going all the way, down isn’t it? Now focus on the next part, not the straight line, your finger changes direction at this point yeah? A big turn, like 90 degrees or something, now focus on the next bit of the pattern, it is another straight line isn’t it, it goes all the way to the other side/corner. Wait there’s more isn’t there, another change in direction, a bit like life really, full of twists and turns, my you are a complex person. Focus on the next bit, yes, a straight line all the way to the end, There is more though, one more, here we change direction and we move it like so and….Bingo

Method: In real life this would be a lot more fluid. There are two things going on,  

testing for the end of the pattern Progressively drawing the pattern

Testing I will explain the testing bit first. Basically, as you ‘get’ a confirmation for a straight line you draw the line and lift your finger, if it is the end of the pattern you now have it unlocked. If it is not the end of the pattern you can quickly redraw what has been confirmed so far. If you do this without the spectator seeing you can get a hit each time, saying ‘I am feeling like there is more to this pattern’…or something similar. So basically, the main reason for testing is to see if you are at the end of the pattern. You can test 5 times before you will have to stall the spectator for 30 seconds to get another 5 attempts But remember, once you get the starting point for the pattern, you are one ahead as you know that there must be at least two lines which will include 1 directional change (so maybe you are 2 ahead) Progressively drawing the pattern So this is a bit trickier, there are in fact around 390,000 potential patterns but once you get the first confirmation of a straight line, this number decreases exponentially (otherwise this process would take a long time!!). It should be obvious to you that when testing to determine if you are at the end of a spectators unlock pattern you can simply ‘overtest’ using your algorithm from method 2 (your knowledge of patterns that are used). So if it is a downward line at the start I would test the downward line plus the directional change and the next line (an L shape) to make sure that the pattern is not finished at that point. Let’s say it started in the top left hand corner I would test for an L, an inverse N, an O, a U and the rotated G and the rotated S, This should pretty much get it. Just remember that you are testing to make sure their pattern doesn’t just stop short (remember, not all dots have to be used) You can test while milking the fact that the previous test failed. You know the pattern contains more directional changes and lines so you tell the person that (say something along the lines of ‘now I can tell you are a complex person so I KNOW that you pattern would not simply stop here, you are also quite logical so I think you would make a 90 degree directional change’) throw in some compliments and cold reading to support your ‘knowing’ and you can give yourself plenty of time to test The method here is to systematically and progressively test the pattern and use the feedback from the spectator to build the next piece of the pattern. Effectively, the spectator is bit by bit telling you the pattern, only they think that you are telling them.

Some thoughts! I think it is important to have a full appreciation of the above methods. I primarily favour the pattern peek, but knowing the various algorithms makes you faster at peeking and also allows you to work with partial peeks (where only part of the smudge is clear). When I first started performing this I ran into a little problem. Not everyone has a pattern unlock on their phone. Younger people tend to use them more but just be aware that not everyone uses the pattern unlock. This can be a problem as it totally diminishes the effect if you have to ask somone if they use a pattern lock or not. If you ask them you are also losing the element of surprise…and we don’t like that, do we?! The way I work around this is that I use it as a lead into another effect. I recently discovered Tequila Hustler on the mindFX site and I must say it is a perfect effect to mask your checking of their phone (you can use any name revelation effect etc if that suits you better). I ask for their phone, and examine it slightly. I wipe the screen and then take a look at their home screen. If there is no lock or a different system than the pattern unlock I simply examine the home screen (musing to myself) and then launch into the next effect. If there is a pattern unlock I follow the same process as above, the only difference being I throw in the pattern unlock along the way. If I use the smudge method I keep the unlock till the end of the tequila hustler effect. Is unlocking a phone impressive?...of course it is! The only situation where this can be less impressive is if you do this for people you know. The problem here is that people will jump to the conclusion that you saw them enter the pattern at an early stage and that you memorised it. When you think about it, it really is an amazing feat to guess someone’s unlock pattern, but with some people, they don’t actually realise just how good it is. This is where you need to leverage off what you just did to help them realise that you know them better than they can imagine. By just looking at you, examining your phone and by talking briefly to you I can unlock your phone. I’d like you to ask yourself, if he can unlock my phone what else does this guy know?....don’t worry, I’m pretty good at keeping secrets…..

Thank You I would like to thank you, the reader for your interest in my methods and I hope you have lots of fun blowing minds! If you have any questions or feedback feel free to contact me at [email protected] If you liked my material you may want to check out some of my other releases: Take note – Drawing duplication and peek systems with post it note Riven – Forcing, peeking and switching system using a small pad of post its

7th sense – my take on pencil reading Dice code – divine a 4 digit number generated by the spectator using a dice

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF