Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[APP][2.2+][ROOT][WiFi] Reaver-GUI for Android

OP SOEDI

Announcement from SOEDI: An Android-GUI for the famous WiFi penetration tool called Reaver-WPS.
24th September 2013, 06:27 PM   |  #1  
OP Senior Member
Thanks Meter: 217
 
130 posts
Join Date:Joined: May 2011

Reaver for Android v1.30
Reaver-WPS GUI for rooted devices with bcm4329/4330 wifi chipset or working external wifi card.


INFO:
Reaver for Android, short RfA, is a simple-to-use Reaver-GUI for Android devices with monitor-mode support.
It has some very cool features:

  • Detects automatically WPS-enabled routers.
  • All Reaver-Settings are accessible from a simple-to-use GUI.
  • Activates and deactivates Monitor-Mode automatically when needed.
  • Provides a simple way to connect when Reaver finds the WPA-Key.
  • External script support


Project status: PRE-FINAL
What does this mean?
There are some features which are not implemented yet.
Developement will continue very soon.

Installation
  1. Download/install bcmon.apk from HERE and RfA.apk from the bottom of this post. RfA may also download bcmon automatically.
  2. Run bcmon, if it crashes try a second time.
  3. If all runs fine, start RfA. If not, your device may be not bcmon compatible. Please see second post.
  4. After selecting an WPS-enabled router, click on "Test Monitor-Mode".
  5. Now you can use RfA:), don't uninstall bcmon.
Steps 1 - 4 are only for the installation, they don't have to be repeated once done.


FAQ:
What is this awesome app actually usefull for?
Well, RfA is able to unveil the actual WPA(2)-Key of many routers within 2 - 10 hours.

WHAT?! I though WPA(2) is safe?
It used to be, but then many router models got WiFi Protected Setup, short WPS, implemeted, which is pretty vulnerable. (Details)
Basically it's a Brute-Force attack with Reaver against a 8 digit pin with 10^4 + 10^3 possibilities.

What is Reaver?
Reaver-WPS is a pentesting tool developed by Tactical Network Solutions.
It attacks WPS-enabled routers and after the WPS-Pin is cracked, it retrieves the actual WPA-key.
Reaver provides only a terminal interface, which is ok for notebooks etc., however it's a pain on Android devices.
Because of this I developed RfA.

Doesn't Reaver requires monitor-mode and so can't work on Android?
Yes, Reaver needs monitor-mode, but thanks to bcmon (or external wifi cards) some Android devices are now monitor-mode capable.

bcmon compatibility
Developed and tested on: Nexus 7 2012 (Stock 4.3)
RfA *should* work on all devices with bcmon support (Broadcom bcm4329/bcm4330 chipsets)
Simply try by installing bcmon. Don't worry, if something goes wrong a simple reboot should fix everything.
For external wifi cards please see second post.

Tested & works on:
Nexus 7 2012 (Stock 4.3, Cyanogen 9)
Huawei Honour (Cyanogen Mod based ROM)

bcmon does NOT work on:
Samsung Galaxy S3/4/5
HTC One
LG G2
Nexus 4/5
Nexus 7 (2013)
Credits & used tools:
Monitor-Mode over bcmon.apk:
Omri Ildis, Ruby Feinstein & Yuval Ofir
See: bcmon.blogspot.com

Reaver-WPS:
Tactical Network Solutions
See: code.google.com/p/reaver-wps/
Donate / RfA Pro
You think this app is worth a donation?
I will be thankful for everything! :)
As a little gift you will also get the ad-free RfA Pro version.


Disclaimer
Attention: Hacking of networks is illegal without having the permission of the owner! The developer is not responsible for any damage etc. this app could cause.
This software is only intended to show a big security hole, not to be able to surf in the neighbours Wifi;)
XDA:DevDB Information
Reaver-GUI for Android, App for all devices (see above for details)

Contributors
SOEDI, bcmon team & Tactical Network Solutions

Version Information
Status: Stable
Current Stable Version: 1.30
Stable Release Date: 2014-07-01
Beta Release Date: 2013-11-04

Created 2013-09-24
Last Updated 2014-09-27
Attached Thumbnails
Click image for larger version

Name:	Screenshot_2014-07-01-15-28-30.png
Views:	21139
Size:	106.3 KB
ID:	2827539   Click image for larger version

Name:	Screenshot_2014-07-01-15-29-19.png
Views:	20446
Size:	197.1 KB
ID:	2827540   Click image for larger version

Name:	Screenshot_2014-07-01-15-29-53.png
Views:	20144
Size:	145.3 KB
ID:	2827541   Click image for larger version

Name:	Screenshot_2014-09-26-16-59-06.png
Views:	14615
Size:	142.5 KB
ID:	2951116   Click image for larger version

Name:	Screenshot_2014-09-26-17-00-27.png
Views:	14327
Size:	166.1 KB
ID:	2951117  
Attached Files
File Type: apk RfA 1.30.apk - [Click for QR Code] (719.3 KB, 61298 views)
Last edited by GermainZ; 27th September 2014 at 07:24 PM. Reason: Added Android version tag to title
The Following 110 Users Say Thank You to SOEDI For This Useful Post: [ View ]
24th September 2013, 06:27 PM   |  #2  
OP Senior Member
Thanks Meter: 217
 
130 posts
Join Date:Joined: May 2011
Prompt Second Post
  • If anyone has working Andorid drivers for external Wifi cards, please let me know,
  • If the layout looks strange on your phone, please send me a screenshot, so I can fix it
    I have only a tablet and HD phone (emulator works to slow), so can't test the layout properly.



Usage of custom-scripts

To make RfA less dependent from bcmon, which seems to be dicontinued, I introduced custom monitor-mode-activation scripts.

Please note that those scripts only have sense for you, if you are already able to use monitor-mode on your device. Ether via special firmware for the internel wifi card or a kernel, which properly supports external wifi cards. Those scripts serve only as a "connector" between your wifi interface and RfA.
In order to enable this function you need to open RfA settings, tap on "Monitor-Mode settings" and disable the "Use bcmon" checkbox.

There are 3 different scripts you can specify:

Activation script
Quote:

This script will be executed in it's own directory.
It should enable monitor-mode and exit.
Example:

Code:
#!/bin/bash
svc wifi disable
LD_LIBRARY_PATH=/data/data/com.bcmon.bcmon/files/libs
LD_PRELOAD=/data/data/com.bcmon.bcmon/files/libs/libfake_driver.so sh
cd /data/data/com.bcmon.bcmon/files/tools
./enable_bcmon
echo "rfasuccess"
exit

Warm-up script
Quote:

RfA will read in this script as textfile and execute the commands internally. This is needed to execute reaver in the same terminal session as the script.
It should do all prepartions before Reaver is started. At least it has to cd into the directory where the reaver binary is.
Example:

Code:
#!/bin/bash
LD_LIBRARY_PATH=/data/data/com.bcmon.bcmon/files/libs
LD_PRELOAD=/data/data/com.bcmon.bcmon/files/libs/libfake_driver.so sh
cd /data/data/com.bcmon.bcmon/files/tools

Stop script
Quote:

This script will be executed in it's own directory.
It should disable monitor-mode and exit.

Code:
#!/bin/bash
svc wifi enable
echo "rfasuccess"

Additional Information
Quote:

  • You have also to specify your wifi-interface.
  • The given examples are those scripts, which RfA uses by default when you enable the "Use bcmon" checkbox.
  • The activation and stop script have to echo "rfasuccess" in order to tell RfA that they were executed properly. With this method you can also implement a sort of error-checking, by returning "rfasuccess" only when everything went fine.

Last edited by SOEDI; 12th October 2014 at 04:26 PM.
The Following 4 Users Say Thank You to SOEDI For This Useful Post: [ View ]
24th September 2013, 06:34 PM   |  #3  
LoopingCreeper's Avatar
Member
Thanks Meter: 5
 
95 posts
Join Date:Joined: Aug 2013
Interesting.... nice job.
But better not let this get into the wrong hands, with these Admin Password hacking apps going on, anyone can take over someones router.

Sent from my super rare, old Scroll Excel running Android 2.3 using the offical app.
DOES DAT APP RUN ON DEVICES STILL ROCKIN 2.3?
24th September 2013, 10:25 PM   |  #4  
Junior Member
Thanks Meter: 30
 
25 posts
Join Date:Joined: Aug 2007
Great job folks.
But for some reason user mode bcmode do not work well on HTC HD2 and my custom firmware, so I am using system module bcmon which create eth0 monitor interface instead of wlan0 (wifi0).
Can you please add interface selection or auto-detect interface in monitor mode ?

Tnx !
Last edited by Paxy; 24th September 2013 at 10:28 PM. Reason: misspled
25th September 2013, 12:00 AM   |  #5  
OP Senior Member
Thanks Meter: 217
 
130 posts
Join Date:Joined: May 2011
interface support
Hi,
RfA supports wlan0 and eth0 interface.
The problem seems to be the startup script and location of the Reaver binary, which seems to be different on your HD2.
Please describe exactly how you start monitor-mode, so I can update RfA

regards,
SOEDI
25th September 2013, 10:01 AM   |  #6  
Junior Member
Thanks Meter: 30
 
25 posts
Join Date:Joined: Aug 2007
Quote:
Originally Posted by SOEDI

Please describe exactly how you start monitor-mode, so I can update RfA

Ok.
I have downloaded module src code from https://code.google.com/p/bcmon/sour...Fsrc%2Fbcm4329
Compile for my kernel and use with script that switch drivers with:
Code:
insmod bcm4329.ko firmware_path=fw_bcm4329.bcmon.bin
Firmware version is from https://code.google.com/p/bcmon/sour...2Fbcm4329%2Ffw

After that I can use sniffer like airodump (airodump -i eth0) and aireplay without need to switch monitor mode with airmon.

---------- Post added at 08:01 AM ---------- Previous post was at 07:11 AM ----------

Ahh, I have just researched the problem.
Problem is at enable_bcmon
Code:
./enable_bcmon
error: SIOCGIFFLAGS (No such device)
error: SIOCGIFFLAGS (No such device)
Couldn't find device index: No such device
I have also tried to start reaver with ./reaver -i eth0 -b 90:F6:52:C0:22:9C -c 1 -a -vv -w -S, but old problem with this drivers occurred, failed to associate to AP (it is not range problem, it is old known inject problem with kernel module driver)

Just have to find a way to make new bcmon working.
Last edited by Paxy; 25th September 2013 at 09:14 AM. Reason: added
The Following User Says Thank You to Paxy For This Useful Post: [ View ]
25th September 2013, 11:59 AM   |  #7  
OP Senior Member
Thanks Meter: 217
 
130 posts
Join Date:Joined: May 2011
Quote:

[/COLOR]Ahh, I have just researched the problem.
Problem is at enable_bcmon

Code:
./enable_bcmon
error: SIOCGIFFLAGS (No such device)
error: SIOCGIFFLAGS (No such device)
Couldn't find device index: No such device
I have also tried to start reaver with ./reaver -i eth0 -b 90:F6:52:C0:22:9C -c 1 -a -vv -w -S, but old problem with this drivers occurred, failed to associate to AP (it is not range problem, it is old known inject problem with kernel module driver)

Just have to find a way to make new bcmon working.

Ok, I see where the problem is....
The method to activate Monitor-Mode over bcmon.apk is:
Code:
define some paths
./enable_bcmon
But if you have self compiled modules:
Code:
sh setup.sh
?define tools path?.
Also on the bcmon website they said they fixed injection. Have you installed the newest firmware files and modules?
If you want to use bcmon.apk instead, maybe try to reinstall BusyBox. Some users reported this fixed their problems.
After you got your Monitor-Mode working, post it and I will update RfA.

reagrds,
SOEDI
The Following User Says Thank You to SOEDI For This Useful Post: [ View ]
25th September 2013, 09:09 PM   |  #8  
Junior Member
Thanks Meter: 10
 
15 posts
Join Date:Joined: Sep 2013
Talking
First of all thank You SOEDI

Finally someone did it.. reaver is on android...

However i find the job of making it functional only half done...

as i understood from reaver forums it works best with wireless cards based on RTL8187 chipsets
in addition on the site of those modded bcmon drivers there is a statement that it doesn't support radiotap (be it mode or whatever) wich reaver seems to require..

so my idea is why not expanding Your application by adding linux kernel driver to support usb OTG (on the go) plugged in the android device's usb port...

search for phrase "android pcap" in google and You'll find it on kismet wireless

sorry for lack of link.. aperently i'd have to write 9 additional posts to post one

there is a source code down on that site too.. and it's monitor mode with no root priviledges..
plus additionally You also could add a functionality to Your gui to choose between built-in card and the one plugged in via USB-OTG to select wich one the gui is going to use..

So.. how about it? it could be mindblowing if You'd suceed
I'd bet You'd probably make a lot of peapole happy out there
sorry 4 my eventual spelling mistakes engilsh is not my native though..
regards
GusT.
The Following 2 Users Say Thank You to gustarballs1983 For This Useful Post: [ View ]
25th September 2013, 09:19 PM   |  #9  
OP Senior Member
Thanks Meter: 217
 
130 posts
Join Date:Joined: May 2011
Radiotap Headers
Hi,

The new bcmon.apk method supports radiotap headers, tested and worked At least with bcm4330 on Nexus7.
Monitor-Mode over USB-OTG would be cool, but I'm working on 3 other projects, so this will take some time...
At least it's working pretty good for a beta release
The Following User Says Thank You to SOEDI For This Useful Post: [ View ]
26th September 2013, 07:54 PM   |  #10  
Senior Member
Thanks Meter: 29
 
130 posts
Join Date:Joined: May 2012
For me, the precess stops at "Switching wlan0 to channel 6".
I have a Galaxy S2 (i think it has a bcm4330 chipset) and android 4.2.2

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes