5,599,842 Members 46,828 Now Online
XDA Developers Android and Mobile Development Forum

[APP][2.1+] Wifi Protector v1.4.5 Wireless Security | Anti WifiKill | Anti DroidSheep

Tip us?
 
gurkedev
Old
(Last edited by gurkedev; 15th November 2013 at 07:10 PM.) Reason: new release
#1  
gurkedev's Avatar
Member - OP
Thanks Meter 336
Posts: 49
Join Date: Nov 2011
Default [APP][2.1+] Wifi Protector v1.4.5 Wireless Security | Anti WifiKill | Anti DroidSheep

Nov 15 2013 Version 1.4.5 released.

This app is for those, who are tired of being kicked from the network by WifiKill. And for those, who are a little bit paranoid, because they know it's quite easy to read the Wi-Fi traffic with tools like DroidSheep, ettercap, FaceNiff, Cain & Abel and others. Such programs use the same technique to prevent you from accessing the network or to sniff your data. You can defend yourself with a single app.

What is Wifi Protector?
Wifi Protector is a Android security app specifically designed to detect and prevent ARP spoofing attacks against your phone in Wi-Fi networks.

How does it work?
Wifi Protector is continuously monitoring network related parameters. When abnormal behaviour is detected, an alert is triggered. The type of alert can be configured. Detection, basic protection and alert work on all phones. On rooted phones it is also possible to reconfigure the phone to make it immune against the attack.

Get it!
You can download the attached free version or get it for free from Google Play (mobile link).

Comments, questions, bug reports are welcome.

If you find the app useful please donate to this Bitcoin address: 19jqzdWFYTf5KZKnS6CJfG9vMX86ghysJQ




Changelog
Code:
1.4.5
- OTHER: Added ACCESS_SUPERUSER permission

1.4.4
- OTHER: Changed su handling which fixes issues with outdated su binaries

1.4.3
- BUGFIX: Notification icon no longer disappears when "Clear notification" button is pressed
- FEATURE: Added option to force start at boot, which is useful on devices that don't signal Wi-Fi start at boot
- OTHER: Added CHANGE_NETWORK_STATE permission, which is required on some Samsung tablets running Android 3.2 in order to disable Wi-Fi on attack

1.4.2
- BUGFIX: Fixed ANR on some devices that happened in rare cases when app is started first time
- BUGFIX: Fixed rare FC when restarting service from Expert Perspective

1.4.1
- BUGFIX: If notification settings haven't been configured the notification icon disappeared if main activity was closed. Fixed
- OTHER: Improved error messages

1.4.0
- FEATURE: Notification icon can be hidden

1.3.0
- FEATURE: Wi-Fi can be automatically disabled on attack (optional). This is useful on non-rooted phones
- FEATURE: App can be brought to the front on attack (optional)
- OTHER: Improved compatibility with battery saving apps

1.2.0
- BUGFIX: Attack notification ringtone didn't honor phone volume on some devices. Fixed
- BUGFIX: Vibration didn't honor phone silent mode. Fixed and made it configurable
- FEATURE: All spoofing attempts are logged, including SSID, BSSID, Gateway IP, Gateway MAC, Attacker MAC, Attacker IP. Vendors are resolved and shown in detailed log view. Logs are cleaned automatically. Log size can be configured
- FEATURE: Expert perspective shows BSSID vendor as well as SSID
- FEATURE: On attack vibrate in a given pattern. Duration, repeats and gaps configurable

1.1.4
- BUGFIX: Fixed crash on ICS when Expert is selected
- BUGFIX: On ICS a wrong phone IP address was shown. Fixed
- BUGFIX: Fixed minor bugs
- FEATURE: Internal arp command included

1.1.2
- BUGFIX: Database cursor closing properly
- BUGFIX: If manually clearing gateway ARP entry fails, an error message appears
- BUGFIX: If manual countermeasures fail, an error message appears
- BUGFIX: BSSID mode attack detection precision improved
- FEATURE: Background image can be switched off to save RAM
- OTHER: OUI database performance improved
- OTHER: Unused permissions removed
- OTHER: Size of internal buffers reduced to conserve resources

1.1.1
- BUGFIX: Fixed wireless connection state handling
- BUGFIX: Fixed FC on wireless connection change
- BUGFIX: Fixed BSSID display in expert perspective

1.1.0
- FEATURE: IEEE 802.11 BSSID analysis. Detects the situation when a network is joined, which is already under attack.
- FEATURE: Three BSSID analysis levels. Light: Vendor compare. Deep: 5 octet compare. Extreme: Exact match.
- FEATURE: Expert perspective shows current BSSID.
- FEATURE: Home screen shows attack detection method.

1.0.0
- Initial public release.
MD5: WifiProtector-48.apk = 21bc43ba941a7f6bb75471e25e5dbd37
MD5: WifiProtector-46.apk = 5a2acdec7be1ea9faf1cfc3fb480d747
Attached Thumbnails
Click image for larger version

Name:	screenshot_blue_240.jpg
Views:	10050
Size:	21.4 KB
ID:	785600   Click image for larger version

Name:	screenshot_red_240.jpg
Views:	9869
Size:	24.5 KB
ID:	785601   Click image for larger version

Name:	screenshot_expert_240.jpg
Views:	9214
Size:	21.6 KB
ID:	785608   Click image for larger version

Name:	screenshot_settings1_240.jpg
Views:	7074
Size:	28.3 KB
ID:	848873   Click image for larger version

Name:	screenshot_settings2_240.jpg
Views:	6594
Size:	31.6 KB
ID:	848874  

Click image for larger version

Name:	screenshot_settings3_240.jpg
Views:	6260
Size:	29.9 KB
ID:	848875  
Attached Files
File Type: apk WifiProtector-46.apk - [Click for QR Code] (1.56 MB, 12092 views)
File Type: apk WifiProtector-48.apk - [Click for QR Code] (1.56 MB, 2881 views)
The Following 224 Users Say Thank You to gurkedev For This Useful Post: [ Click to Expand ]
 
Imjjames
Old
(Last edited by Imjjames; 17th November 2011 at 07:56 PM.)
#2  
Member
Thanks Meter 16
Posts: 53
Join Date: Nov 2011
Anyone test this yet?How is the battery consumption when running in backround?
The Following User Says Thank You to Imjjames For This Useful Post: [ Click to Expand ]
 
gurkedev
Old
#3  
gurkedev's Avatar
Member - OP
Thanks Meter 336
Posts: 49
Join Date: Nov 2011
@Imjjames
One of the design goals was efficiency. Nonetheless the battery consumption is under your control by setting the Collection Interval.

With default value the consumption is about 1% on a Samsung Nexus S. You can reduce the consumption by increasing the Colletion Interval.
The Following 8 Users Say Thank You to gurkedev For This Useful Post: [ Click to Expand ]
 
DnaPolymerase
Old
#4  
Senior Member
Thanks Meter 9
Posts: 115
Join Date: Sep 2011
I'll try this one, I think it's useful when connecting to open networks, you never know.
 
ell3
Old
#5  
ell3's Avatar
Member
Thanks Meter 23
Posts: 52
Join Date: Nov 2011
Location: Mu
Well done sir, now we have the first ARP-Watch on Android !!

I just tested against ettercap (pc) and it's working (running on Ideos stock rom):

When the network is clean and the pc starts spoofing, I get the alarm on phone correctly.
When the network is already under attack by the pc and I join in with the phone, I get no alarm as the app seems to flag the attacker as the legit router, and therefore when the attack stops, the app thinks that the real router is the attacker.

It happens that when I go to Expert and manually start-stop the service 3-4 times, the app stop responding or crashes, but then it respawns in a couple seconds ! Nice !!!

Let's just remember that this is effective against arp-based attacks, if someone is sniffing passively, this won't fire any alert and the sniffer can still capture your data.

Thanks for this app !
The Following 7 Users Say Thank You to ell3 For This Useful Post: [ Click to Expand ]
 
LJP1111
Old
#6  
Senior Member
Thanks Meter 5
Posts: 103
Join Date: Jan 2011
Quote:
Originally Posted by ell3 View Post
Well done sir, now we have the first ARP-Watch on Android !!

I just tested against ettercap (pc) and it's working (running on Ideos stock rom):

When the network is clean and the pc starts spoofing, I get the alarm on phone correctly.
When the network is already under attack by the pc and I join in with the phone, I get no alarm as the app seems to flag the attacker as the legit router, and therefore when the attack stops, the app thinks that the real router is the attacker.

It happens that when I go to Expert and manually start-stop the service 3-4 times, the app stop responding or crashes, but then it respawns in a couple seconds ! Nice !!!

Let's just remember that this is effective against arp-based attacks, if someone is sniffing passively, this won't fire any alert and the sniffer can still capture your data.

Thanks for this app !
Thanks for taking the time to test this. Will be interesting to see what this is capable of doing and any limitations.

Thanks to the developer too!

Sent from my GT-I9100 using XDA App

N.E.A.K Kernel version 2.0.2x + Sammy LPQ ICS ROM - waiting for N.E.A.R ICS!
 
ell3
Old
#7  
ell3's Avatar
Member
Thanks Meter 23
Posts: 52
Join Date: Nov 2011
Location: Mu
@OP Maybe this could be handy for an update: before running the main watching activity, make an arping on the net and warn about possible problems.

Normal arping reply:
Code:
00:16:01:AA:BB:CC at 192.168.0.1
00:18:4d:DD:EE:FF at 192.168.0.228
00:15:af:00:00:00 at 192.168.0.244
Arping reply when the net is under attack
Code:
00:15:af:00:00:00 at 192.168.0.1
00:15:af:00:00:00 at 192.168.0.182
00:18:4d:DD:EE:FF at 192.168.0.228
00:15:af:00:00:00 at 192.168.0.244
same MAC on different machines... hmmm... suspicious, maybe the attacker is already in.

what do you think ?
The Following 2 Users Say Thank You to ell3 For This Useful Post: [ Click to Expand ]
 
avgjoemomma
Old
#8  
Senior Member
Thanks Meter 80
Posts: 454
Join Date: Jul 2010
This is a great idea! Can you give us more details on what changes you make for rooted phones to be protected? I have implemented most of the sysctl tcp hardening techniques already and want to make sure they won't get overridden.
Hardware: Google Nexus One
Recovery: ClockworkMod 5.0.2.0
ROM: CM7 (nightly)
Kernel: intersectRaven's Kernel AVS (latest)
Tweaks: zeppelinrox's V6 SuperCharger, zeppelinrox's Kick Ass Kernerlizer, SD read cache 1536
 
avgjoemomma
Old
#9  
Senior Member
Thanks Meter 80
Posts: 454
Join Date: Jul 2010
Hmm, the WiFi Protector app and service are taking up 20MB RAM. If you can optimize it a bit and cut the RAM usage to 5 or 10 you'll get more love
Hardware: Google Nexus One
Recovery: ClockworkMod 5.0.2.0
ROM: CM7 (nightly)
Kernel: intersectRaven's Kernel AVS (latest)
Tweaks: zeppelinrox's V6 SuperCharger, zeppelinrox's Kick Ass Kernerlizer, SD read cache 1536
 
gurkedev
Old
(Last edited by gurkedev; 20th November 2011 at 04:40 PM.) Reason: New feature in v1.1.0
#10  
gurkedev's Avatar
Member - OP
Thanks Meter 336
Posts: 49
Join Date: Nov 2011
Quote:
Originally Posted by ell3 View Post
When the network is already under attack by the pc and I join in with the phone, I get no alarm as the app seems to flag the attacker as the legit router, and therefore when the attack stops, the app thinks that the real router is the attacker.
It's true, when you join a network that is already under attack the app sees the attacker MAC as the MAC of the gateway. Although this will happen very rarely, there is a point on the roadmap to counteract this behaviour. Future version will build a local database of legit MAC-IP pairs of gateways in known networks. The database will be checked whenever you join a network. This way it is relatively easy to identify a network already under attack.

Update Nov 20 2011: Version 1.1.0 comes with IEEE 802.11 BSSID analysis and detects a network already under attack.

The Following 5 Users Say Thank You to gurkedev For This Useful Post: [ Click to Expand ]
Tags
android, arp spoofing, protection, security, wireless
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes