Monkeyrunner can help you recover ColorNote password

This time I engaged myself in some “cracking” activity after a stressed conversation I had with a friend.
*** If you came to this Blogpost because you locked your phone and you are not really IT person please read the comment below from Ashley***
There is a not so quick but not so ‘hackerish’ workaround:
—-
actually i discover a method, that is once u restart u smart phone, u enter the colornote it aint required any password, then u faster screenshots the contents inside, it only persist for around 5 seconds, then will log out , so u keep restart then u cn get bck all the things inside dy simply by screenshots…. this is what i do to take bck my thngs as i frgt my lock pattern as well =)
—-
Thanks Ashley!

This is how it all happened…

I was chatting with a friend when suddenly(quite stressed) she asked me if I know someone ( i quote) “who can crack an Android application”?! Since  I don’t usually support cracking anything I wanted her to explain exactly what she meant with that sentence.  So, she had installed an application – ColorNote on her phone that allows locking files with certain important information with some so-called master password. Then the files are encrypted and there is no way of decrypting them if you don’t know the password. First I tried to calm her down telling her to search the web for some solution. I installed the application, tested it for a while, created some files of my own, locked some of them, did a backup…. All of that went smooth! I must say that the developers have done a really good job with this app. Even if someone gets my files they are still encrypted with the password I put! The problem arises when I forget the master password of the application! If you want to change it all of the files that were encrypted with it are DELETED?!!! After reading many forums/blogs/discussions it became clear to me that there is no solution to the problem other than deleting all the locked files which seemed like the developers missed to solve a quite trivial problem! What if I store my credit card pin in it and I am somewhere away from home and I urgently need it? What if I have stored my bank details and I need them immediately for some transaction? What if I have stored some other really important information? And even though I am sure at the time of creating the master password that I will remember it always, it might happen that I forget it, right? So this really got me angry and I decided to find a way how to prove that even their concept was not the perfect one…

So I came to an idea to write a simple monkeyrunner script that would generate combinations of letters/numbers that came to my mind that I might have put as a password. There is no limit in the number of tries to enter the password so..  I was right.. this really worked!

Here is the script that I used for “cracking” my ColorNote master password.

# Imports the monkeyrunner modules used by this program
from __future__ import generators
from com.android.monkeyrunner import MonkeyRunner, MonkeyDevice

def xcombinations(items, n):
    if n==0: yield []
    else:
        for i in xrange(len(items)):
            for cc in xcombinations(items[:i]+items[i+1:],n-1):
                yield [items[i]]+cc

def xuniqueCombinations(items, n):
    if n==0: yield []
    else:
        for i in xrange(len(items)):
            for cc in xuniqueCombinations(items[i+1:],n-1):
                yield [items[i]]+cc

def xselections(items, n):
    if n==0: yield []
    else:
        for i in xrange(len(items)):
            for ss in xselections(items, n-1):
                yield [items[i]]+ss

def xpermutations(items):
    return xcombinations(items, len(items))

if __name__=="__main__":

# Connects to the current device, returning a MonkeyDevice object
    device = MonkeyRunner.waitForConnection()

# sets a variable with the package's internal name
    package = 'com.socialnmobile.dictapps.notepad.color.note'

# sets a variable with the name of an Activity in the package
    activity = 'com.socialnmobile.colornote.activity.NoteList'

    print device.getProperty('display.width'), device.getProperty('display.height')

# sets the name of the component to start
    runComponent = package + '/' + activity

# Runs the component
    device.startActivity(component=runComponent)

# Presses the Menu button
    device.press('KEYCODE_MENU','DOWN_AND_UP')

    MonkeyRunner.sleep(1)
    device.touch(240, 750, 'DOWN_AND_UP')
#device.drag((230, 750), (240, 760), 2.0, 2) 

    MonkeyRunner.sleep(1)
    device.touch(240, 350, 'DOWN_AND_UP')

    MonkeyRunner.sleep(1)
    device.touch(120, 500, 'DOWN_AND_UP')

#MonkeyRunner.sleep(1)
#device.type('5551234')

#MonkeyRunner.sleep(1)
#device.touch(240, 350, 'DOWN_AND_UP')

#MonkeyRunner.sleep(1)
#device.type('5551234')

    MonkeyRunner.sleep(1)
    #device.type('color')
    #device.touch(240, 350, 'DOWN_AND_UP')
#device.touch(240, 350, 'DOWN_AND_UP')

    #for num in range(2000, 2003):
    #    print num
    #    device.type(str(num))
    #    MonkeyRunner.sleep(1)
    #    device.touch(240, 350, 'DOWN_AND_UP')

    print "Permutations"
    for p in xselections(['3','4','6','5','2'],4):
        print ''.join(p)
        device.type(''.join(p))
        MonkeyRunner.sleep(1)
        device.touch(240, 350, 'DOWN_AND_UP')

Here is a video of the monkeyrunner working on my phone! I put simple password just to make the video short so that you can see the result of the script.

NOTE: In order to make it work on your phone you’d have to check the screen size and tune the clicks.

NOTE1: This script lasts up to couple of hours but if the right letters/numbers are put it might solve your problem! Also this is something that I’d suggest to people who really are in need of their encrypted data! (and till the developers don’t think of a solution!)

And a final NOTE to the developers: Think of a way in the next update (using IMEI, PIN, mail, other…) how to solve this problem and I’d put this app in my all time Android favs!

Advertisements

33 Responses to Monkeyrunner can help you recover ColorNote password

  1. Daniel says:

    I’m not a developer and I therefore don’t have access to this tool. I have lost access to important files in Colornote. Can you advise me what I might do? I also can’t see on this page where to view other comments on this post. If someone could email me the answer or how to see the comments, I’d be really grateful – NOMAIL@yahoo.com.

  2. karevask says:

    Check ur inbox!

  3. Guo Yong says:

    Hi,

    Can advise how do I run the script on my mobile?

    Thanks!!!

  4. karevask says:

    Hey,
    I am sorry for answering a bit late (holiday time 😀 ) but Diego Torres’ blog post comments helped me to set it on Windows. Check it out at http://dtmilano.blogspot.com/2011/03/using-android-monkeyrunner-from-eclipse.html and see how to update the monkeyrunner.bat file.
    This post is useful if you have Ubuntu or other Linux/Unix based OS.
    U start the script on the PC and you have to have your mobile connected and it will work.
    The monkey runner is by default with the Android OS (or at least I didn’t have to set anything more) Hope this helps!

    Happy hacking!

  5. makkianews says:

    Hi,
    thank u so much for the guide, i really tried to follow your instruction but i can’t, i miss many many required skins…
    there is a easier way or may i send you my colornote backup file?
    It would be great!!!

    thank you

    my mail showsoft [at] hotmail.com

    • karevask says:

      Hi,

      I am a bit busy at the moment but I will try to run the program and see if I manage to unlock your files.
      Send them on my mail: ikareva [at] yahoo.co.uk.
      Also a combination of letters and the length of the password would be helpful to make the brute force algorithm run faster 😀

      Regards,

  6. Katie says:

    Hello,

    I was looking everywhere on how to reset the master password, and didn’t think it was possible, til i found this. I am not the most technologically advanced and was just wondering if it were possible to really break down the steps on how to do this. Any help would be much appreciated!

    Thank you!

    • karevask says:

      Hello,
      Can’t you find some IT friend to help you set up Android environment and run the monkey runner?
      You can send the file to me (ikareva at yahoo dot co dot uk) and I will run this code overnight and hopefully remove the password.
      Regards,
      Ilina

  7. Amyn says:

    Hey, I’ve tried using this, and I’m not the most technologically advanced and it didn’t work for me. So I got some of my friends, who know their stuff, to help me. It still wasn’t working and they told me it was a problem with my phone and they all had iPhones so they couldn’t do it for me. Is it possible for you to help me or me to send you my colornote backup file?
    Thanks

    • karevask says:

      Hi,
      I am a bit busy these days but send it to me on ikareva at yahoo dot co dot uk and I will see what I can do.
      Also send me information about the length and the symbols you think you have used so that I make it last shorter.
      I can’t promise nothing but I will try.
      Cheers,
      Ilina

      • Amyn says:

        Hey,
        Thanks a lot. But I just got all my notes back 2 days ago after messing with the app for quite a while. Got a new master password(still don’t remember my old one) and I didn’t have to lose any of my important locked notes.
        Thanks again,

  8. Jane says:

    Hello, I was wondering if you could also help me unlock my colornotes files. I’ve been trying for a few days to remember my password with no avail and I’ve had other people try and help me as well. Could you also help me or could I send you my colornotes backup files? Thank you so much!

  9. Alex says:

    Hi, dude, I’m sorry unfortunately I forget my password of my backup file, that would be a disaster to me, I just transferred from other memo app and delete original database. I know you’re pretty nice guy, could you also help me out? thanks a lot in advance.

  10. Is the genius of this page still on? Coz I really need some help.

    • karevask says:

      Hi there,
      I sometimes get lost in the WordPress management part like approving comments and replying to comments but generally I am aware of them 🙂
      So, tell me how can I help you?
      Cheers,

  11. Mélody says:

    Hello there! I sent you an email a few days ago but you didn’t answer. Can I have any help, please?

  12. ashley says:

    actually i discover a method, that is once u restart u smart phone, u enter the colornote it aint required any password, then u faster screenshots the contents inside, it only persist for around 5 seconds, then will log out , so u keep restart then u cn get bck all the things inside dy simply by screenshots…. this is what i do to take bck my thngs as i frgt my lock pattern as well =)

  13. Mike says:

    Does this require ADB and a rooted phone?
    The script is hanging at waitforconnection

  14. Roldwinks says:

    Hey… I’m really new to developing.. n I happen to forget my Master password… I’ve downloaded the ADT bundle and am running on Windows XP. Point is, where do i paste this script? can you please give me a step by step description to do it?! I really need the notes I’ve saved… Thanks a lot!! 🙂 Regards..

  15. Jenny says:

    Hi there,

    I lost my color note master password recently and I don’t know how to find out my password..

    I read out your post but it is really hard to under stand..

    I really need to find my password..

    Please Please help me..

    I dont know how to sent my color note file to u via email..

    Please let me know through my email thank you thank you so much..

    I will lookforward your reply

  16. Steve Wilson says:

    Hi Ilina,

    Like many others on this page I have also forgotten my master password and have since reset my phone leaving me with an encrypted backup file. I read your walk through but it is way beyond my skill level so I was wondering if you would, please, be able to help me in recovering my backup?

    Thanks for your time!

    • karevask says:

      Hi Steve,

      my method is a bit advanced and would help if you know the used characters but not the combination and you should let it run until it checks all the combinations. Please read the comment that I added from Ashley which might be helpful: after restarting the phone you have some seconds to recover the data with printscreens.
      Best regards,
      Ilina

    • karevask says:

      Hi Steve,

      it has been a looon time since your comment and I am not really active on my blog lately.
      I hope that in meantime you found solution to your problem.

      Cheers,
      Ilina

  17. Tracie says:

    Apparently, I am one of many with this issue. I backed up to SD, switched the card into the new phone and now it asks for the “old” master password. I have tried all of the suggestions above, but to no avail. I am willing to give the monkey runner option a go, but as a limited knowledge user, I am afraid it may be above my head. If you can send directions on how to utilize monkey runner on my Samsung Galaxy S4 it would be appreciated. You can also send it to my email at eternitysbound@gmail.com, I would be beyond grateful. Alternately, I read the comment from Ashley you reposted, but I am uncertain how to go about capturing via print screen on this phone. Any ideas?

  18. srija says:

    Hey. I don’t know how to use that script but I’m badly in need with the content I locked. Please help me

  19. Rui says:

    Good afternoon Dear .

    My name is Rui , do not know any English , I’m from Brazil .

    Well I have a problem in my ColorNote about password . I did not put password on my notes , and put not remember the password, but the problem is I have backup even leaving the password , change the password and uninstall and install the application this backup does not recover the password , since deleted folders , I switched folders , I did everything , I downloaded and such but nothing of this backup decryption. Could help me somehow am not programmed not know anything monkeyrunner nor phyton

    • karevask says:

      Hi Rui, please try with Ashley’s suggestion since my method might take a bit too long and I really don’t know if it will work after so many years.
      ——
      ashley says:
      June 10, 2013 at 4:00 am (Edit)
      actually i discover a method, that is once u restart u smart phone, u enter the colornote it aint required any password, then u faster screenshots the contents inside, it only persist for around 5 seconds, then will log out , so u keep restart then u cn get bck all the things inside dy simply by screenshots…. this is what i do to take bck my thngs as i frgt my lock pattern as well =)
      —–

      Cheers!

  20. Rocky says:

    Hello, I have been using Color Note app for nearly an year now. I have some locked notes where I keep my bank data/ office data. I have a master password to open lock notes. I open locked with master password almost every day. There is no way on earth I can forget my own master password. I recent updated version on this App. Ufff. From then, am unable to access my locked notes. It says incorrect password. How can I forget my own password am using for last one year everyday. Please provide a solution to my problem. I have important data in there. Here is my email id- c.urakesh@gmail.com

    • karevask says:

      Hi Rocky, please try with Ashley’s suggestion since my method might take a bit too long and I really don’t know if it will work after so many years.
      ——
      ashley says:
      June 10, 2013 at 4:00 am (Edit)
      actually i discover a method, that is once u restart u smart phone, u enter the colornote it aint required any password, then u faster screenshots the contents inside, it only persist for around 5 seconds, then will log out , so u keep restart then u cn get bck all the things inside dy simply by screenshots…. this is what i do to take bck my thngs as i frgt my lock pattern as well =)
      —–

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: