Mobile Forensics: Commonly Used Passcodes

on

 



"Password is Taco" - Taco (The League)

Updated: April 15, 2021

People are creatures of habit.  They're lazy and lack originality... and apparently the same can be said about their passcodes.  Through the course of our duties, we have had devices that are not supported by brute forcing open the devices, and the information they provide are critical to making or breaking a case.  We have come across passcodes that seem to be common amongst multiple users.  

4-digit passcodes contain a complexity of 10,000 possible solutions.  6-digit passcodes contain a complexity of 1,000,000 solutions.  Pattern locks contain a complexity of 389,112 solutions.  Lastly, I have a better shot of winning 10 consecutive Power Balls than getting into anything with an alphanumeric passcode... with a few exceptions.

Ideally, we would like for our extraction tools to obtain the passcode, but sometimes, that's not reality.  We keep a log of all devices that come through our lab for metrics and so that we can determine trends that become evident.  

While passcodes are created to keep our data safe, we use our mobile devices constantly throughout the day.  I average 100+ pickups per day, and with COVID-19 making facial recognition next to impossible, I'm constantly typing in my passcode to avoid pulling down my mask and getting "Karen-ed" for not playing by the rules.  I'm an exception to the rule, my passcode is unique and does not contain any sequential numbers or repeats.  Not everyone thinks like me.  Security doesn't always equal user-friendly on a device you pick up constantly.  So oftentimes, what should be a secure passcode is often one that requires little input or thought during it's creation.

Which brings us to this list.  There are many lists that already exist out there, however, this is a list of all of the passcodes that we have seen used on multiple occasions from multiple users.  This list is ever-evolving and what is common today, may change tomorrow.  Think of this as a living cheat-sheet of data to assist you in your investigations.

4-Digit Passcodes

  • 1111
  • 0000
  • 6969
  • 1919
  • 2580

6-Digit Passcodes

  • 111111
  • 000000

Common Trends for Passcodes

  • Birthdays (DD/MM or DD/MM/YY) 
  • Birth Years (YYYY)
  • Look for commonly used number combinations in user accounts (i.e. email, Instagram, etc.)

Pattern Locks  

  • Pattern: 2589
  • Pattern: 14753 
  • Pattern: 14789 
  • Pattern: 1235789
  • Pattern: 1478963

Common Trends for Pattern Locks

  • Pattern locks use a minimum of four nodes.
  • Most pattern locks start in the upper-left corner.
  • Most patter locks mimic shapes and/or letters (i.e. 1235789 = Z)

Alphanumeric Passwords

  • password
  • password1
Additionally, we have found that BFU extractions are proving fruitful in discovering user patterns.  For instance, a user's email address was johndoe4422@gmail.com, and "4422" successfully unlocked their mobile device.  Had we not taken this approach, we would have never uncovered the evidence needed for prosecution, and the charges would have been dropped.  This isn't always the case, but those measly BFU extractions have proven useful.

If you would like to share your personal passcode, please email RareBreed4N6@gmail.com.  I would happily add it to our growing list for comparison purposes.  This will remain completely anonymous.

Later Gators,

RB4N6

Comments

Post a Comment