# \[4c] PIN bruteforce

The lab kit comes with a pre-written bruteforce and this step of the lab will cover how to run it. If you're more interested in the technical details, check out [\[4c.1\] - PIN bruteforce (in depth)](/lab/4c-pin-bruteforce/4c.1-pin-bruteforce-in-depth.md)

In the frida REPL, simply type bruteforcePIN() and press enter.

![](/files/-M6XEEFnx1vYN6xn4kSX)

Hey, that was pretty easy and fast right? Sadly, they aren’t all this quick. 

In fact, you may have noticed from the static analysis section that the encryptPin function simply computes SHA1 and returns the "hex string" equivalent.

![](/files/-M6XEYMQMRyf3pP69YSc)

This explains why it is so quick for us to bruteforce all 10,000 possibilities.

More secure apps tend to use much more complex and computationally expensive algorithms called Key Derivation Functions (KDF) to ensure that this type of bruteforce script would be much, much slower.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://summit-labs.frida.ninja/lab/4c-pin-bruteforce.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.