Do you want to test the security of your network? Previously you needed Linux installed on a computer with a specific wireless network card. Now, however, it is also possible to use certain Android devices for scanning and cracking wireless networks. These tools are available for free as long as the device is compatible. Read this guide to learn how.
Note: Hacking without permission is illegal. This guide is for testing your personal network.
Steps
Method 1 of 2: Hack a WEP Router
Step 1. Root a compatible device
Not all Android phones or tablets will be able to crack a WPS PIN. The device must have a Broadcom bcm4329 or bcm4330 wireless chipset, and must have root permissions. Cyanogen ROM will provide the best chance of success. Some of the known supported devices include:
- Nexus 7
- Galaxy S1 / S2 / S3 / S4 / S5
- Galaxy Y
- Nexus One
- Desire HD
- Micromax A67
Step 2. Download and install bcmon
This tool enables monitor mode on the Broadcom chipset, which is essential for finding the PIN. The bcmon APK file is available for free from the bcmon page on the Google Code website.
To install an APK file, you need to allow installations from unknown sources in your Security menu. Check out step 2 of this article for detailed information
Step 3. Run bcmon
After installing the APK file, launch the application. If prompted, install firmware and tools. Tap the "Enable Monitor Mode" option. If the application crashes, open and try again. If it fails for the third time, it is very likely that the device is not supported.
Your device must have root permissions to run bcmon
Step 4. Press "Start bcmon terminal"
This will launch a Linux-like terminal. Type airodump-ng and tap the Enter button. AIrdump will load and you will be returned to the command prompt. Type airodump-ng wlan0 and tap the Enter button.
Step 5. Identify the access point you want to crack
You will see a list of available access points; you need to select one that uses WEP encryption.
Step 6. Write down the MAC address that appears
It is that of the router. Make sure you have the right one if there are multiple routers listed. Make a note of this MAC address.
Also note the channel the router is broadcasting on
Step 7. Start channel scan
You will need to gather information from the access point for several hours before you can attempt to crack the password. Type: airodump-ng -c channel # --bssid MAC address -w output ath0 and press Enter. Airodump will start scanning. You can leave the device on for a while to get more information. Make sure to charge it if the battery is not fully charged.
- Replace channel # with the number the router is broadcasting on (for example, 6).
- Replace MAC address with that of the router (for example, 00: 0a: 95: 9d: 68: 16).
- Keep scanning until you reach at least 20,000-30,000 packets.
Step 8. Break the password
Once you have an adequate number of packages, you can begin the password crack attempt. Return to the terminal, type aircrack-ng output *.cap and tap Enter.
Step 9. Write down the hex password when done
When the cracking process is complete (it may take several hours), the message "key found!" Will appear, followed by the key in hexadecimal form. Make sure "Probability" is 100% or the key won't work.
When entering the key, do it without using the ":". Example: if the key is 12: 34: 56: 78: 90, you would enter 1234567890
Method 2 of 2: Hack a WPA2 WPS Router
Step 1. Root a compatible device
Not all Android phones or tablets will be able to crack a WPS PIN. The device must have a Broadcom bcm4329 or bcm4330 wireless chipset, and must have root permissions. Cyanogen ROM will provide the best chance of success. Some of the known supported devices include:
- Nexus 7
- Galaxy S1 / S2
- Nexus One
- Desire HD
Step 2. Download and install bcmon
This tool enables monitor mode on the Broadcom chipset, which is essential for finding the PIN. The bcmon APK file is available for free from the bcmon page on the Google Code website.
To install an APK file, you need to allow installations from unknown sources in your Security menu. Check out step 2 of this article for detailed information
Step 3. Run bcmon
After installing the APK file, launch the application. If prompted, install firmware and tools. Tap the "Enable Monitor Mode" option. If the application crashes, open and try again. If it fails for the third time, it is very likely that the device is not supported.
Your device must have root permissions to run bcmon
Step 4. Download and install Reaver
Reaver is a program developed to intercept the WPS PIN, in order to recover the series of alphanumeric codes that make up the WPA2 password. The Reaver APK can be downloaded from the developers topic on the XDA-Developers forum.
Step 5. Launch Reaver
Tap the Reaver for Android icon in the application panel. After confirming that you are not using it for illegal purposes, Reaver scans for available access points. Tap the access point you want to crack to continue.
- You may need to check monitor mode before proceeding. If this is the case, bcmon will open again.
- The access point you select must accept WPS authentication. Keep in mind that not all routers support it.
Step 6. Check the settings
In many cases you will be able to use the default settings. Make sure the "Automatic Advanced Settings" option is checked.
Step 7. Start the cracking process
Tap the "Start Attack" button at the bottom of Reaver's Settings menu. The monitor will open and you will see the results in progress.
