Unlock Android despite forgotten Pattern or Password

The Problem

A family member forgot the pattern setup in its android device.

Now usually all hope is lost and you need to factory reset your device (and lose all data). This however was not an option in my case.

The Situation

The situation for my case can be summarized like this:

Because of this situation none of the methods posted on XDA are usable here and the internet is suggesting a factory reset. However as I was willing to dissassemble the device nothing is lost if I first try to dig deeper and try to get into the phone via software!

After some hours of trying to find a zero day exploit (as the version was already outdated at the time of writing), I came up with a simpler solution. I knew that there are a lot of attack vectors as I still had access to the guest user…

The Solution

So here are the steps to unlock the phone:

I think this is basically a bug/security issue in the android operating system, because guest users should not be able to select ‘Allow untrusted sources’ in the device options. On the other side I think android device manger should allow us to reset the pattern/password… Of course now its simple the backup the data and factory reset the phone (if you don’t trust the installed tools). Note however that factory reset might not delete everything in this case (as the phone was rooted), the safe choice would be to install a new firmware file.