Hey everyone,
It is possible to use an external Wi-Fi adapter with an android phone to run aircrack-ng, however I've had a lot of difficulties doing so. Here is a tutorial to make it easier for you.
The theory
Running the aircrack-ng suite itself is not much of a problem, as android is pretty much like ubuntu. The most difficult part of running aircrack is that the wifi chipsets of most phones do not support "monitor mode". This mode is required to capture any information from the air, not just the ones for your computer, and is therefore necessary for aircrack (airmon-ng). First of all, you should Google if your phone's wifi chipset supports this mode. If it does, find out how. If it doesn't, you can follow this guide and use a usb wifi stick.
Android is linux, and uses a linux kernel. The easiest way to get the driver for our WiFi adapter to work is to rebuild the android kernel with the driver built-in. We can then flash the new kernel to the phone, and copy the firmware binary. This tutorial uses CyanogenMod, because it is a well documented, open-source ROM. With some adjustments you can use the same method on other ROMs. If you do not have experience building a linux kernel, it is best to stick to this guide and use CyanogenMod.
What you'll need:
- Android phone
- Computer with Ubuntu (or other linux distribution)
- USB OTG Adapter (micro usb to usb female)
- Wireless USB Adapter
- Time and patience
I am using my Samsung Galaxy S4 GT-i9505 and an Eminent EM4454 Wireless USB adapter using the rt73 driver, but I am sure this will work with other devices.
A. Install your ROM and aircrack-ng, on your phone...
1) ...install Cyanogenmod. Don't delete the .zip download after installation.
2) ...install "Complete Linux Installer" from Google Play and download and unpack Ubuntu in /sdcard/ubuntu/ubuntu.img as stated in the app.
3) ...install the aircrack-ng suite in the chrooted ubuntu. On ubuntu 12.04, this cannot be done using apt-get:
sudo apt-get install build-essential libssl-dev nano
wget http://download.aircrack-ng.org/aircrack-ng-1.1.tar.gz
tar -xzvf aircrack-ng-1.1.tar.gz
cd aircrack-ng-1.1
nano common.mak
Then find CFLAGS ?= -g -W -Wall -Werror -O3 and remove -Werror.
make
sudo make install
B. Rebuild the kernel, in a terminal on linux on your computer...
1) ...install adb and fastboot
sudo apt-get install adb fastboot
2) Enable USB-debugging on your phone, connect to your computer and test the connection on linux on your computer:
adb get-state
3) Find the GitHub page for the cyanogenmod kernel for your device. You can find this page on cyanogenmod.org. Now download the kernel source and extract it into a folder.
4) Change working directory into the kernel
cd pathtothekernel
5) See if there is a .config file. In a CyanogenMod kernel, there probably isn't. Type:
nano .config
If you see an empty screen, we need to get your devices current configuration:
adb pull /proc/config.gz config.gz
zcat config.gz > .config
rm config.gz
4) Make the necessary changes in the configuration file to have your USB wireless driver built in. To do so:
make menuconfig
Use the enter key to expand an item in the menu, and the space bar to mark a module. Make sure you mark the necessary modules with a *, not an 'M', so they will be built-in. Most wireless drivers have the mac80211 driver as a dependency. Make sure you select that one with an asterix (*), too.
For example, for my rt73 based adapter, I did:
Networking Support > Wireless > [*] ... (mac80211)
Device Drivers > Network > Wireless LAB > [*] Ralink Drivers > [*] rt73usb
5) Make some changes to fight errors:
Still in menuconfig, make the following changes:
Kernel Hacking > (1024) Block? size > 1032
Now to tell gcc to build ignoring warnings edit the Makefile
nano Makefile
Now go down a few pages and add the line:
KCONFIG_CFLAGS += -w
6) The normal gcc C compiler cannot be used as it will build for your computers processor. We need to build for ARM-processors, called cross-compiling. To make the cross-compiling work you need the arm-eabi- toolchain.
cd ~/Downloads
git clone https://android.googlesource.com/platform/prebuilts/gcc/linux-x86/arm/arm-eabi-4.6
The will download the ~120Mb toolchain.
7) Tell the Makefile where the toolchain is
cd pathtothekernel
export PATH=$PATH:~/Downloads/arm-eabi-4.6/bin
export CROSS_COMPILE=arm-eabi-
export ARCH=arm
8) Then build the kernel. It you get errors, don't be scared and Google them. One cause of weird errors is not having enough memory; add a swapfile and try again. The building of the kernel will take quite some time:
make
C. Flash the new kernel to the phone
1) When the build is finished, it has saved "zImage". This image is our kernel. For the sake of simplicity, let's copy it to the desktop but rename it so that later commands won't override it:
cp arch/arm/boot/zImage ~/Desktop/new-zImage
2) For flashing, we need to pack this zImage into a boot.img. Get the boot.img out of the ROM you now run on your phone. For example, the CyangonMod.zip you had to flash to your phone to install it, contains a boot.img. Most flashable .zip files have a boot.img in them. Copy this boot.img to your desktop, too.
3) Extract the boot.img
sudo apt-get install abootimg
abootimg -x boot.img
this will place 3 new files on your desktop.
4) Delete the extracted zImage and boot.img, as we want our self-compiled kernel.
rm zImage
rm boot.img
5) Edit the configuration file and remove the line with kernel-size, as our new kernel's size will be slightly larger.
nano bootimg.cfg
Remove the line beginning with bootsize:, which is probably the first line
5) Use abootimg to repack new-zImage and the 2 extracted files.
abootimg --create boot.img -f bootimg.cfg -k new-zImage -r initrd.img
6) Backup your phone in case anything goes wrong, and flash the boot.img. For many phones, this can be done using fastboot on linux. On my Galaxy, I had to use Mobile Odin: http://xdaforums.com/showthread.php?t=1347899
D. Copy the firmware and run, on your phone...
1) ... start the chrooted ubuntu
2) ... insert your USB OTG and in that the Wireless USB Adapter
3) ... run airmon-ng and make sure your device is listed.
airmon-ng
If not, check that your kernel is flashed (under Settings > About Device > kernel it should say yourname@computername) and that the correct drivers were selected with an asterix * (built-in, y) in make menuconfig. If it is listed, continue.
4) We now have the correct driver, but the firmware is likely missing. Download the .bin firmware that belongs to your driver. In my case, I had to download the rt73 driver from aircrack-ng website, and copy the .bin firmware file. Install ES File Manager or another root explorer, choose Root Explorer and then mount /system as Read/Write so that you can edit the contents. Now copy the firmware file to /system/etc/firmware/.
5) Run airmon-ng and check which interface your Wireless USB Adapter is.
airmon-ng
6) Start the monitor mode
airmon-ng start wlan1
Replace wlan1 with the interface name of the Wireless USB Adapter
7) If everything went right, it should say that monitor mode is enabled. You can now use
airodump-ng mon0
replacing mon0 with the monitor interface. If you get the error SIOCFLAGS: No such file or directory, the firmware file (e.g. *.bin) is not placed in the right directory (/system/etc/firmware and maybe a path extension, check the firmware README) or has the wrong name.
Congratulations, you have now got a phone running aircrack-ng!
I got this to work on my stock Samsung TouchWiz ROM by making a few adjustments:
- Get the kernel from Samsung: http://opensource.samsung.com/
- Change the lines in the .config file of the kernel below ## Samsung Rooting ... from =y to =n using nano
- To get boot.img, download the ...tar.md5 firmware matching your current firmware from http://www.sammobile.com/firmware/, rename .tar.md5 to .tar, and extract the boot.img. You cannot use mkbootimg here, only abootimg, as this boot.img has a special ramdisk address!
It is possible to use an external Wi-Fi adapter with an android phone to run aircrack-ng, however I've had a lot of difficulties doing so. Here is a tutorial to make it easier for you.
The theory
Running the aircrack-ng suite itself is not much of a problem, as android is pretty much like ubuntu. The most difficult part of running aircrack is that the wifi chipsets of most phones do not support "monitor mode". This mode is required to capture any information from the air, not just the ones for your computer, and is therefore necessary for aircrack (airmon-ng). First of all, you should Google if your phone's wifi chipset supports this mode. If it does, find out how. If it doesn't, you can follow this guide and use a usb wifi stick.
Android is linux, and uses a linux kernel. The easiest way to get the driver for our WiFi adapter to work is to rebuild the android kernel with the driver built-in. We can then flash the new kernel to the phone, and copy the firmware binary. This tutorial uses CyanogenMod, because it is a well documented, open-source ROM. With some adjustments you can use the same method on other ROMs. If you do not have experience building a linux kernel, it is best to stick to this guide and use CyanogenMod.
What you'll need:
- Android phone
- Computer with Ubuntu (or other linux distribution)
- USB OTG Adapter (micro usb to usb female)
- Wireless USB Adapter
- Time and patience
I am using my Samsung Galaxy S4 GT-i9505 and an Eminent EM4454 Wireless USB adapter using the rt73 driver, but I am sure this will work with other devices.
A. Install your ROM and aircrack-ng, on your phone...
1) ...install Cyanogenmod. Don't delete the .zip download after installation.
2) ...install "Complete Linux Installer" from Google Play and download and unpack Ubuntu in /sdcard/ubuntu/ubuntu.img as stated in the app.
3) ...install the aircrack-ng suite in the chrooted ubuntu. On ubuntu 12.04, this cannot be done using apt-get:
sudo apt-get install build-essential libssl-dev nano
wget http://download.aircrack-ng.org/aircrack-ng-1.1.tar.gz
tar -xzvf aircrack-ng-1.1.tar.gz
cd aircrack-ng-1.1
nano common.mak
Then find CFLAGS ?= -g -W -Wall -Werror -O3 and remove -Werror.
make
sudo make install
B. Rebuild the kernel, in a terminal on linux on your computer...
1) ...install adb and fastboot
sudo apt-get install adb fastboot
2) Enable USB-debugging on your phone, connect to your computer and test the connection on linux on your computer:
adb get-state
3) Find the GitHub page for the cyanogenmod kernel for your device. You can find this page on cyanogenmod.org. Now download the kernel source and extract it into a folder.
4) Change working directory into the kernel
cd pathtothekernel
5) See if there is a .config file. In a CyanogenMod kernel, there probably isn't. Type:
nano .config
If you see an empty screen, we need to get your devices current configuration:
adb pull /proc/config.gz config.gz
zcat config.gz > .config
rm config.gz
4) Make the necessary changes in the configuration file to have your USB wireless driver built in. To do so:
make menuconfig
Use the enter key to expand an item in the menu, and the space bar to mark a module. Make sure you mark the necessary modules with a *, not an 'M', so they will be built-in. Most wireless drivers have the mac80211 driver as a dependency. Make sure you select that one with an asterix (*), too.
For example, for my rt73 based adapter, I did:
Networking Support > Wireless > [*] ... (mac80211)
Device Drivers > Network > Wireless LAB > [*] Ralink Drivers > [*] rt73usb
5) Make some changes to fight errors:
Still in menuconfig, make the following changes:
Kernel Hacking > (1024) Block? size > 1032
Now to tell gcc to build ignoring warnings edit the Makefile
nano Makefile
Now go down a few pages and add the line:
KCONFIG_CFLAGS += -w
6) The normal gcc C compiler cannot be used as it will build for your computers processor. We need to build for ARM-processors, called cross-compiling. To make the cross-compiling work you need the arm-eabi- toolchain.
cd ~/Downloads
git clone https://android.googlesource.com/platform/prebuilts/gcc/linux-x86/arm/arm-eabi-4.6
The will download the ~120Mb toolchain.
7) Tell the Makefile where the toolchain is
cd pathtothekernel
export PATH=$PATH:~/Downloads/arm-eabi-4.6/bin
export CROSS_COMPILE=arm-eabi-
export ARCH=arm
8) Then build the kernel. It you get errors, don't be scared and Google them. One cause of weird errors is not having enough memory; add a swapfile and try again. The building of the kernel will take quite some time:
make
C. Flash the new kernel to the phone
1) When the build is finished, it has saved "zImage". This image is our kernel. For the sake of simplicity, let's copy it to the desktop but rename it so that later commands won't override it:
cp arch/arm/boot/zImage ~/Desktop/new-zImage
2) For flashing, we need to pack this zImage into a boot.img. Get the boot.img out of the ROM you now run on your phone. For example, the CyangonMod.zip you had to flash to your phone to install it, contains a boot.img. Most flashable .zip files have a boot.img in them. Copy this boot.img to your desktop, too.
3) Extract the boot.img
sudo apt-get install abootimg
abootimg -x boot.img
this will place 3 new files on your desktop.
4) Delete the extracted zImage and boot.img, as we want our self-compiled kernel.
rm zImage
rm boot.img
5) Edit the configuration file and remove the line with kernel-size, as our new kernel's size will be slightly larger.
nano bootimg.cfg
Remove the line beginning with bootsize:, which is probably the first line
5) Use abootimg to repack new-zImage and the 2 extracted files.
abootimg --create boot.img -f bootimg.cfg -k new-zImage -r initrd.img
6) Backup your phone in case anything goes wrong, and flash the boot.img. For many phones, this can be done using fastboot on linux. On my Galaxy, I had to use Mobile Odin: http://xdaforums.com/showthread.php?t=1347899
D. Copy the firmware and run, on your phone...
1) ... start the chrooted ubuntu
2) ... insert your USB OTG and in that the Wireless USB Adapter
3) ... run airmon-ng and make sure your device is listed.
airmon-ng
If not, check that your kernel is flashed (under Settings > About Device > kernel it should say yourname@computername) and that the correct drivers were selected with an asterix * (built-in, y) in make menuconfig. If it is listed, continue.
4) We now have the correct driver, but the firmware is likely missing. Download the .bin firmware that belongs to your driver. In my case, I had to download the rt73 driver from aircrack-ng website, and copy the .bin firmware file. Install ES File Manager or another root explorer, choose Root Explorer and then mount /system as Read/Write so that you can edit the contents. Now copy the firmware file to /system/etc/firmware/.
5) Run airmon-ng and check which interface your Wireless USB Adapter is.
airmon-ng
6) Start the monitor mode
airmon-ng start wlan1
Replace wlan1 with the interface name of the Wireless USB Adapter
7) If everything went right, it should say that monitor mode is enabled. You can now use
airodump-ng mon0
replacing mon0 with the monitor interface. If you get the error SIOCFLAGS: No such file or directory, the firmware file (e.g. *.bin) is not placed in the right directory (/system/etc/firmware and maybe a path extension, check the firmware README) or has the wrong name.
Congratulations, you have now got a phone running aircrack-ng!
I got this to work on my stock Samsung TouchWiz ROM by making a few adjustments:
- Get the kernel from Samsung: http://opensource.samsung.com/
- Change the lines in the .config file of the kernel below ## Samsung Rooting ... from =y to =n using nano
- To get boot.img, download the ...tar.md5 firmware matching your current firmware from http://www.sammobile.com/firmware/, rename .tar.md5 to .tar, and extract the boot.img. You cannot use mkbootimg here, only abootimg, as this boot.img has a special ramdisk address!
Attachments
Last edited:
