FORUMS
[APP][2.2+][ROOT][WiFi] Reaver-GUI for Android
153 posts
Thanks: 320
By SOEDI, Senior Member on 24th September 2013, 05:27 PM
Announcement from SOEDI: An Android-GUI for the famous WiFi penetration tool called Reaver-WPS.
Reaver for Android v1.30
Reaver-WPS GUI for rooted devices with bcm4329/4330 wifi chipset or working external wifi card.
INFO:
Reaver for Android, short RfA, is a simple-to-use Reaver-GUI for Android devices with monitor-mode support.
It has some very cool features:
- Detects automatically WPS-enabled routers.
- All Reaver-Settings are accessible from a simple-to-use GUI.
- Activates and deactivates Monitor-Mode automatically when needed.
- Provides a simple way to connect when Reaver finds the WPA-Key.
- External script support
Project status: PRE-FINAL
What does this mean?
There are some features which are not implemented yet.
Developement will continue very soon.
Installation
- Download/install bcmon.apk from HERE and RfA.apk from the bottom of this post. RfA may also download bcmon automatically.
- Run bcmon, if it crashes try a second time.
- If all runs fine, start RfA. If not, your device may be not bcmon compatible. Please see second post.
- After selecting an WPS-enabled router, click on "Test Monitor-Mode".
- Now you can use RfA:), don't uninstall bcmon.
FAQ:
What is this awesome app actually usefull for?
Well, RfA is able to unveil the actual WPA(2)-Key of many routers within 2 - 10 hours.
WHAT?! I though WPA(2) is safe?
It used to be, but then many router models got WiFi Protected Setup, short WPS, implemeted, which is pretty vulnerable. (Details)
Basically it's a Brute-Force attack with Reaver against a 8 digit pin with 10^4 + 10^3 possibilities.
What is Reaver?
Reaver-WPS is a pentesting tool developed by Tactical Network Solutions.
It attacks WPS-enabled routers and after the WPS-Pin is cracked, it retrieves the actual WPA-key.
Reaver provides only a terminal interface, which is ok for notebooks etc., however it's a pain on Android devices.
Because of this I developed RfA.
Doesn't Reaver requires monitor-mode and so can't work on Android?
Yes, Reaver needs monitor-mode, but thanks to bcmon (or external wifi cards) some Android devices are now monitor-mode capable.
bcmon compatibility
Developed and tested on: Nexus 7 2012 (Stock 4.3)Credits & used tools:
RfA *should* work on all devices with bcmon support (Broadcom bcm4329/bcm4330 chipsets)
Simply try by installing bcmon. Don't worry, if something goes wrong a simple reboot should fix everything.
For external wifi cards please see second post.
Tested & works on:
Nexus 7 2012 (Stock 4.3, Cyanogen 9)
Huawei Honour (Cyanogen Mod based ROM)
bcmon does NOT work on:
Samsung Galaxy S3/4/5
HTC One
LG G2
Nexus 4/5
Nexus 7 (2013)
Monitor-Mode over bcmon.apk:Disclaimer
Omri Ildis, Ruby Feinstein & Yuval Ofir
See: bcmon.blogspot.com
Reaver-WPS:
Tactical Network Solutions
See: code.google.com/p/reaver-wps/
Attention: Hacking of networks is illegal without having the permission of the owner! The developer is not responsible for any damage etc. this app could cause.XDA:DevDB Information
This software is only intended to show a big security hole, not to be able to surf in the neighbours Wifi;)
Reaver-GUI for Android, App for all devices (see above for details)
Contributors
SOEDI, bcmon team & Tactical Network Solutions
Version Information
Status: Stable
Current Stable Version: 1.30
Stable Release Date: 2014-07-01
Beta Release Date: 2013-11-04
Created 2013-09-24
Last Updated 2014-09-27
Last edited by DrGreenway; 21st January 2016 at 10:44 AM. Reason: Added Android version tag to title
OPSenior Member
Thanks Meter: 320
Second Post- If anyone has working Andorid drivers for external Wifi cards, please let me know,
- If the layout looks strange on your phone, please send me a screenshot, so I can fix it
I have only a tablet and HD phone (emulator works to slow), so can't test the layout properly.
Usage of custom-scripts
To make RfA less dependent from bcmon, which seems to be dicontinued, I introduced custom monitor-mode-activation scripts.
Please note that those scripts only have sense for you, if you are already able to use monitor-mode on your device. Ether via special firmware for the internel wifi card or a kernel, which properly supports external wifi cards. Those scripts serve only as a "connector" between your wifi interface and RfA.
In order to enable this function you need to open RfA settings, tap on "Monitor-Mode settings" and disable the "Use bcmon" checkbox.
There are 3 different scripts you can specify:
Activation script
Quote:
This script will be executed in it's own directory.
It should enable monitor-mode and exit.
Example:
It should enable monitor-mode and exit.
Example:
Code:
#!/bin/bash svc wifi disable LD_LIBRARY_PATH=/data/data/com.bcmon.bcmon/files/libs LD_PRELOAD=/data/data/com.bcmon.bcmon/files/libs/libfake_driver.so sh cd /data/data/com.bcmon.bcmon/files/tools ./enable_bcmon echo "rfasuccess" exit
Quote:
RfA will read in this script as textfile and execute the commands internally. This is needed to execute reaver in the same terminal session as the script.
It should do all prepartions before Reaver is started. At least it has to cd into the directory where the reaver binary is.
Example:
It should do all prepartions before Reaver is started. At least it has to cd into the directory where the reaver binary is.
Example:
Code:
#!/bin/bash LD_LIBRARY_PATH=/data/data/com.bcmon.bcmon/files/libs LD_PRELOAD=/data/data/com.bcmon.bcmon/files/libs/libfake_driver.so sh cd /data/data/com.bcmon.bcmon/files/tools
Quote:
This script will be executed in it's own directory.
It should disable monitor-mode and exit.
It should disable monitor-mode and exit.
Code:
#!/bin/bash svc wifi enable echo "rfasuccess"
Quote:
- You have also to specify your wifi-interface.
- The given examples are those scripts, which RfA uses by default when you enable the "Use bcmon" checkbox.
- The activation and stop script have to echo "rfasuccess" in order to tell RfA that they were executed properly. With this method you can also implement a sort of error-checking, by returning "rfasuccess" only when everything went fine.
Last edited by SOEDI; 12th October 2014 at 03:26 PM.
Interesting.... nice job.
But better not let this get into the wrong hands, with these Admin Password hacking apps going on, anyone can take over someones router.
Sent from my super rare, old Scroll Excel running Android 2.3 using the offical app.
DOES DAT APP RUN ON DEVICES STILL ROCKIN 2.3?
But better not let this get into the wrong hands, with these Admin Password hacking apps going on, anyone can take over someones router.
Sent from my super rare, old Scroll Excel running Android 2.3 using the offical app.
DOES DAT APP RUN ON DEVICES STILL ROCKIN 2.3?
Junior Member
Thanks Meter: 30
Great job folks.
But for some reason user mode bcmode do not work well on HTC HD2 and my custom firmware, so I am using system module bcmon which create eth0 monitor interface instead of wlan0 (wifi0).
Can you please add interface selection or auto-detect interface in monitor mode ?
Tnx !
But for some reason user mode bcmode do not work well on HTC HD2 and my custom firmware, so I am using system module bcmon which create eth0 monitor interface instead of wlan0 (wifi0).
Can you please add interface selection or auto-detect interface in monitor mode ?
Tnx !
Last edited by Paxy; 24th September 2013 at 09:28 PM. Reason: misspled
OPSenior Member
Thanks Meter: 320
interface support
Hi,
RfA supports wlan0 and eth0 interface.
The problem seems to be the startup script and location of the Reaver binary, which seems to be different on your HD2.
Please describe exactly how you start monitor-mode, so I can update RfA
regards,
SOEDI
RfA supports wlan0 and eth0 interface.
The problem seems to be the startup script and location of the Reaver binary, which seems to be different on your HD2.
Please describe exactly how you start monitor-mode, so I can update RfA
regards,
SOEDI
Junior Member
Thanks Meter: 30
I have downloaded module src code from https://code.google.com/p/bcmon/sour...Fsrc%2Fbcm4329
Compile for my kernel and use with script that switch drivers with:
Code:
insmod bcm4329.ko firmware_path=fw_bcm4329.bcmon.bin
After that I can use sniffer like airodump (airodump -i eth0) and aireplay without need to switch monitor mode with airmon.
---------- Post added at 08:01 AM ---------- Previous post was at 07:11 AM ----------
Ahh, I have just researched the problem.
Problem is at enable_bcmon
Code:
./enable_bcmon error: SIOCGIFFLAGS (No such device) error: SIOCGIFFLAGS (No such device) Couldn't find device index: No such device
Just have to find a way to make new bcmon working.
Last edited by Paxy; 25th September 2013 at 08:14 AM. Reason: added
OPSenior Member
Thanks Meter: 320
Quote:
[/COLOR]Ahh, I have just researched the problem.
Problem is at enable_bcmon
Problem is at enable_bcmon
Code:
./enable_bcmon error: SIOCGIFFLAGS (No such device) error: SIOCGIFFLAGS (No such device) Couldn't find device index: No such device
Just have to find a way to make new bcmon working.
The method to activate Monitor-Mode over bcmon.apk is:
Code:
define some paths ./enable_bcmon
Code:
sh setup.sh ?define tools path?.
If you want to use bcmon.apk instead, maybe try to reinstall BusyBox. Some users reported this fixed their problems.
After you got your Monitor-Mode working, post it and I will update RfA.
reagrds,
SOEDI
Member
Thanks Meter: 18
First of all thank You SOEDI
Finally someone did it.. reaver is on android...
However i find the job of making it functional only half done...
as i understood from reaver forums it works best with wireless cards based on RTL8187 chipsets
in addition on the site of those modded bcmon drivers there is a statement that it doesn't support radiotap (be it mode or whatever) wich reaver seems to require..
so my idea is why not expanding Your application by adding linux kernel driver to support usb OTG (on the go) plugged in theandroid device's usb port...
search for phrase "android pcap" in google and You'll find it on kismet wireless
sorry for lack of link.. aperently i'd have to write 9 additional posts to post one
there is a source code down on that site too.. and it's monitor mode with no root priviledges..
plus additionally You also could add a functionality to Your gui to choose between built-in card and the one plugged in via USB-OTG to select wich one the gui is going to use..
So.. how about it? it could be mindblowing if You'd suceed
I'd bet You'd probably make a lot of peapole happy out there
sorry 4 my eventual spelling mistakes engilsh is not my native though..
regards
GusT.
Finally someone did it.. reaver is on android...
However i find the job of making it functional only half done...
as i understood from reaver forums it works best with wireless cards based on RTL8187 chipsets
in addition on the site of those modded bcmon drivers there is a statement that it doesn't support radiotap (be it mode or whatever) wich reaver seems to require..
so my idea is why not expanding Your application by adding linux kernel driver to support usb OTG (on the go) plugged in theandroid device's usb port...
search for phrase "android pcap" in google and You'll find it on kismet wireless
sorry for lack of link.. aperently i'd have to write 9 additional posts to post one
there is a source code down on that site too.. and it's monitor mode with no root priviledges..
plus additionally You also could add a functionality to Your gui to choose between built-in card and the one plugged in via USB-OTG to select wich one the gui is going to use..
So.. how about it? it could be mindblowing if You'd suceed
I'd bet You'd probably make a lot of peapole happy out there
sorry 4 my eventual spelling mistakes engilsh is not my native though..
regards
GusT.
OPSenior Member
Thanks Meter: 320
Radiotap Headers
Hi,
The new bcmon.apk method supports radiotap headers, tested and worked At least with bcm4330 on Nexus7.
Monitor-Mode over USB-OTG would be cool, but I'm working on 3 other projects, so this will take some time...
At least it's working pretty good for a beta release
The new bcmon.apk method supports radiotap headers, tested and worked
At least with bcm4330 on Nexus7.Monitor-Mode over USB-OTG would be cool, but I'm working on 3 other projects, so this will take some time...
At least it's working pretty good for a beta release
Senior Member
Thanks Meter: 34
For me, the precess stops at "Switching wlan0 to channel 6".
I have a Galaxy S2 (i think it has a bcm4330 chipset) and android 4.2.2
I have a Galaxy S2 (i think it has a bcm4330 chipset) and android 4.2.2
0 comments:
Post a Comment