ZKTeco Backdoor

๐Ÿ•“ Feb 19, 2020 ยท โ˜•2 min read

Unlock ZKTeco security devices in less than 20 seconds without admin password.

What is a backdoor?

It’s self-explanatory, Imagine a house where the front door has a lock but with back door not having a lock or a lock that can be easily broken without anyone knowing.

Computer backdoors work in a similar way. Normally you have a user account with a password set and only that user having access to that account. But some manufacturers hardcode hidden user accounts that they don’t expect the customer to know. The purpose of this account is to reset forgotten admin password. This is main issue! a backdoor can be used by anyone to access admin shell and do anything: Reset admin password, add themselves as admin, change device config.

ZKTeco Backdoor

ZKTeco is popular brand in Maldives, It’s used in many private and government offices for employee attendance and access control to office rooms.

Attendance Access Control

These machines have a backdoor, a security system..with a backdoor, yes…

Anyone could login to the device as admin and do anything they want:

  • Open a door (so much for security amrite)
  • Manipulate their own or others attendance (AYY, OT ๐Ÿ˜…)
  • Add themselves as admin
  • Inject with a malware..idk bot net?

This backdoor user password is dynamic, It changes every minute and it can be accessed by doing some calculations and entering as password.

How to login from the backdoor

I made an Android app do to the calculations and display the password. Download APK

How to use

  1. Enter the time display in machine in the app
  2. Enter username as “8888” on the machine
  3. Enter password generated by the app on the machine
  4. That’s it.

It’s that simple.

Demo video

Download App

Github Release

Source code


Shiham Abdul Rahman
Shiham Abdul Rahman