Monkeyrunner can help you recover ColorNote password

This time I engaged myself in some “cracking” activity after a stressed conversation I had with a friend.
*** If you came to this Blogpost because you locked your phone and you are not really IT person please read the comment below from Ashley***
There is a not so quick but not so ‘hackerish’ workaround:
—-
actually i discover a method, that is once u restart u smart phone, u enter the colornote it aint required any password, then u faster screenshots the contents inside, it only persist for around 5 seconds, then will log out , so u keep restart then u cn get bck all the things inside dy simply by screenshots…. this is what i do to take bck my thngs as i frgt my lock pattern as well =)
—-
Thanks Ashley!

This is how it all happened…

I was chatting with a friend when suddenly(quite stressed) she asked me if I know someone ( i quote) “who can crack an Android application”?! Since  I don’t usually support cracking anything I wanted her to explain exactly what she meant with that sentence.  So, she had installed an application – ColorNote on her phone that allows locking files with certain important information with some so-called master password. Then the files are encrypted and there is no way of decrypting them if you don’t know the password. First I tried to calm her down telling her to search the web for some solution. I installed the application, tested it for a while, created some files of my own, locked some of them, did a backup…. All of that went smooth! I must say that the developers have done a really good job with this app. Even if someone gets my files they are still encrypted with the password I put! The problem arises when I forget the master password of the application! If you want to change it all of the files that were encrypted with it are DELETED?!!! After reading many forums/blogs/discussions it became clear to me that there is no solution to the problem other than deleting all the locked files which seemed like the developers missed to solve a quite trivial problem! What if I store my credit card pin in it and I am somewhere away from home and I urgently need it? What if I have stored my bank details and I need them immediately for some transaction? What if I have stored some other really important information? And even though I am sure at the time of creating the master password that I will remember it always, it might happen that I forget it, right? So this really got me angry and I decided to find a way how to prove that even their concept was not the perfect one…

So I came to an idea to write a simple monkeyrunner script that would generate combinations of letters/numbers that came to my mind that I might have put as a password. There is no limit in the number of tries to enter the password so..  I was right.. this really worked!

Here is the script that I used for “cracking” my ColorNote master password.

# Imports the monkeyrunner modules used by this program
from __future__ import generators
from com.android.monkeyrunner import MonkeyRunner, MonkeyDevice

def xcombinations(items, n):
    if n==0: yield []
    else:
        for i in xrange(len(items)):
            for cc in xcombinations(items[:i]+items[i+1:],n-1):
                yield [items[i]]+cc

def xuniqueCombinations(items, n):
    if n==0: yield []
    else:
        for i in xrange(len(items)):
            for cc in xuniqueCombinations(items[i+1:],n-1):
                yield [items[i]]+cc

def xselections(items, n):
    if n==0: yield []
    else:
        for i in xrange(len(items)):
            for ss in xselections(items, n-1):
                yield [items[i]]+ss

def xpermutations(items):
    return xcombinations(items, len(items))

if __name__=="__main__":

# Connects to the current device, returning a MonkeyDevice object
    device = MonkeyRunner.waitForConnection()

# sets a variable with the package's internal name
    package = 'com.socialnmobile.dictapps.notepad.color.note'

# sets a variable with the name of an Activity in the package
    activity = 'com.socialnmobile.colornote.activity.NoteList'

    print device.getProperty('display.width'), device.getProperty('display.height')

# sets the name of the component to start
    runComponent = package + '/' + activity

# Runs the component
    device.startActivity(component=runComponent)

# Presses the Menu button
    device.press('KEYCODE_MENU','DOWN_AND_UP')

    MonkeyRunner.sleep(1)
    device.touch(240, 750, 'DOWN_AND_UP')
#device.drag((230, 750), (240, 760), 2.0, 2) 

    MonkeyRunner.sleep(1)
    device.touch(240, 350, 'DOWN_AND_UP')

    MonkeyRunner.sleep(1)
    device.touch(120, 500, 'DOWN_AND_UP')

#MonkeyRunner.sleep(1)
#device.type('5551234')

#MonkeyRunner.sleep(1)
#device.touch(240, 350, 'DOWN_AND_UP')

#MonkeyRunner.sleep(1)
#device.type('5551234')

    MonkeyRunner.sleep(1)
    #device.type('color')
    #device.touch(240, 350, 'DOWN_AND_UP')
#device.touch(240, 350, 'DOWN_AND_UP')

    #for num in range(2000, 2003):
    #    print num
    #    device.type(str(num))
    #    MonkeyRunner.sleep(1)
    #    device.touch(240, 350, 'DOWN_AND_UP')

    print "Permutations"
    for p in xselections(['3','4','6','5','2'],4):
        print ''.join(p)
        device.type(''.join(p))
        MonkeyRunner.sleep(1)
        device.touch(240, 350, 'DOWN_AND_UP')

Here is a video of the monkeyrunner working on my phone! I put simple password just to make the video short so that you can see the result of the script.

NOTE: In order to make it work on your phone you’d have to check the screen size and tune the clicks.

NOTE1: This script lasts up to couple of hours but if the right letters/numbers are put it might solve your problem! Also this is something that I’d suggest to people who really are in need of their encrypted data! (and till the developers don’t think of a solution!)

And a final NOTE to the developers: Think of a way in the next update (using IMEI, PIN, mail, other…) how to solve this problem and I’d put this app in my all time Android favs!