I would be very interested if any work was done on this. Cracking WPA with known ESSIDs would be very doable from android(assuming you had a WPA hashtable database). But the only thing you would really need is to capture the 3way TKIP handshake or w/e. A good rainbow table database though is 50+ gigs so good luck getting that on your SD card.. and getting the initial handshake would still require promiscuous mode
Even if you can't do injection it would be nice if there was a tool to capture initial vectors or handshakes for use later. Even if you couldn't run a PTW cracker on your IV capture file it would be cool if you could run it and bring it back to your PC and crack it.
Is it possible to get iwconfig working? That would be a good first step. I'd imagine by default though you would not be able to do this with the stock driver.
Wouldn't it be nice.. iwconfig wlan0 mode monitor..
I have tried running those type of commands from debian linux on my G1, but it recognizes your wifi card as a LAN adapter so you can't run low level commands on it to set it's mode.
If someone could get the aircrack-ng suite running on android i would LOVE you!
I don't understand why people think that cracking wep on your phone would be useless/only for bad reasons. Half of the people you meet don't even know their own linksys wrt54g wifi password and being able to retrieve that in a couple minutes is beautiful.
I wonder if getting an ARP poisoning MITM tool on android would be more doable? ettercap-ng command line would be very fun!