[APP][2.2+][ROOT][WiFi] Reaver-GUI for Android

Search This thread
By:
Advanced…
H

handyflo

Senior Member
Jul 21, 2014
85
7
Hi all,
I have a google Nexus 7 2012 and Android 5.0 Lollipop installed.
bcmon and Reaver for Android does not work. It seems to be that bcmon:
"install firmware and tools" does not work.
An error occurs.
Has anyone managed to get bcmon working with this device and Android version?
root via SuperSU for bcmon is granted
 
Last edited:
Lrs121

Lrs121

Senior Member
Feb 10, 2012
884
620
Stop the planet, I want off.
Nexus 7 (2013)
Nvidia Shield Tablet
handyflo said:
Hi all,
I have a google Nexus 7 2012 and Android 5.0 Lollipop installed.
bcmon and Reaver for Android does not work. It seems to be that bcmon:
"install firmware and tools" does not work.
An error occurs.
Has anyone managed to get bcmon working with this device and Android version?
root via SuperSU for bcmon is granted
Click to expand...
Click to collapse

Last I checked bcmon was broken on lollipop you'll have to drop back to KitKat for it to work
 
H

handyflo

Senior Member
Jul 21, 2014
85
7
is there any chance that bcmon and or reaver for android will ever work under lollipop? AFAIK the bcmon development was stoped, so its will work only with CM11 for my grouper Nexus 7 2012?
 
painx

painx

Senior Member
Jun 19, 2014
74
9
Bcmon doesnt work and i try it with the scripts. Now what can I do? ; its show me a pop up window : " Monitor-mode disabled successfully All scrips should are tested now , RfA is ready to use."
 
F

funkydude101

Senior Member
Oct 13, 2007
215
30
Toronto, ON
Thanks for this, works well! Quick question, have you or anyone else been able to implement the mdk3 script floating around to get around modern day ap rate limiting?

Would be appreciated!
 
O

osd_daedalus

Senior Member
Mar 6, 2014
231
124
Samsung Galaxy S4
Samsung Galaxy Tab 3 10.1
funkydude101 said:
Thanks for this, works well! Quick question, have you or anyone else been able to implement the mdk3 script floating around to get around modern day ap rate limiting?

Would be appreciated!
Click to expand...
Click to collapse

Theorically, all that needs is to crosscompile mdk3 (or bully, or a kernel module which supports monitor mode, or another program you want) for ARM architecture, and eventually doing some tweakings.

In the reality, considering no one did other wifi tools for android, apart the old Reaver (excluding apps in google play mostly to find default passwords according to bssid and router model), I believe it's much difficult than thought.

Let's remember also the aim of bcmon, reaver-wps and RfA is to return tools to use with internal wifi.
I believe (but still to try), that if you use Linux Deploy to install Kali, a powered microusb-OTG and an external wifi dongle, you are able to run all of wifi-sec tools you want from your device.

Just a personal consideration: I'm against the use of mdk3, because the "art" of reaver/bully is to find the correct settings not to trigger the WPS lockdown. I have tested on my TNCAP router and, according also to what I have read, unless you put up a series of wireless tools to intercept packets and monitor your router (wireshark, kismet, etc), you won't realize there is a WPS bruteforce attack in course.
But start flooding periodically the AP with mdk3, freezing and resetting it in cycle, and I'll be the first to suspect an attack, intercept your packets and knock at your door with a handgun ;)

P.S. being in topic, there are some reports of TNCAP routers being able to reboot with permanent lock WPS already on, after some floods with mdk3.
 
Last edited:
S

SOEDI

Senior Member
May 14, 2011
154
354
osd_daedalus said:
Theorically, all that needs is to crosscompile mdk3 (or bully, or a kernel module which supports monitor mode, or another program you want) for ARM architecture, and eventually doing some tweakings.

In the reality, considering no one did other wifi tools for android, apart the old Reaver (excluding apps in google play mostly to find default passwords according to bssid and router model), I believe it's much difficult than thought.

Let's remember also the aim of bcmon, reaver-wps and RfA is to return tools to use with internal wifi.
I believe (but still to try), that if you use Linux Deploy to install Kali, a powered microusb-OTG and an external wifi dongle, you are able to run all of wifi-sec tools you want from your device.

Just a personal consideration: I'm against the use of mdk3, because the "art" of reaver/bully is to find the correct settings not to trigger the WPS lockdown. I have tested on my TNCAP router and, according also to what I have read, unless you put up a series of wireless tools to intercept packets and monitor your router (wireshark, kismet, etc), you won't realize there is a WPS bruteforce attack in course.
But start flooding periodically the AP with mdk3, freezing and resetting it in cycle, and I'll be the first to suspect an attack, intercept your packets and knock at your door with a handgun ;)

P.S. being in topic, there are some reports of TNCAP routers being able to reboot with permanent lock WPS already on, after some floods with mdk3.
Click to expand...
Click to collapse

Here's an android + bcmon compatible mdk3 binary + source. Tested and works on N7 2012 4.3, but some attack may not work (as fast) as they should.

copy the mdk3 binary inside the zip to data/data/com.bcmon.bcmon/files/tools and don't forget to set the right permissions.


Best Regards
SOEDI
 

Attachments

  • mdk3_android_kit.zip
    308.6 KB · Views: 2,233
Last edited:
  • Like
Reactions: xinwang0, lutzz, CracX0r and 3 others
X

xXxDontknowmexXx

Member
Dec 23, 2014
25
1
SOEDI said:
Hi n01ce,

This version of RfA uses the Reaver binary which came along with the bcmon.apk.
Therefore, I can't provide any detailed build instructions for Reaver.
A friend of mine and I managed get mdk3 compiled (and working!) along with bcmon, so when you need it don't hesitate to ask.

I saw you were working on the bcmon modules. The source code is pretty incomplete, isn't it?
Any chance we could get bcm4334 chipset based phones into Monitior-Mode?


regards,
SOEDI
Click to expand...
Click to collapse

how did you managed to have mdk3?
Im using galaxy s2, can you help me to install mdk3 in reaver binary? :)
 
X

xXxDontknowmexXx

Member
Dec 23, 2014
25
1
SOEDI said:
Here's an android + bcmon compatible mdk3 binary + source. Tested and works on N7 2012 4.3, but some attack may not work (as fast) as they should.

copy the mdk3 binary inside the zip to data/data/com.bcmon.bcmon/files/tools and don't forget to set the right permissions.


Best Regards
SOEDI
Click to expand...
Click to collapse

Can you help me please?
How to set right permissions, I got permission denied :(
 
X

xXxDontknowmexXx

Member
Dec 23, 2014
25
1
MDK3

SOEDI said:
Here's an android + bcmon compatible mdk3 binary + source. Tested and works on N7 2012 4.3, but some attack may not work (as fast) as they should.

copy the mdk3 binary inside the zip to data/data/com.bcmon.bcmon/files/tools and don't forget to set the right permissions.


Best Regards
SOEDI
Click to expand...
Click to collapse

Never mind, I set right permissions with chmod 777, btw really THANKS for providing mdk3 binary! :)

Im now trying to set airbase-ng work with bcmon, do you maybe know where can I download airbase-ng binary for bcmon?
 
C

CracX0r

Member
Dec 10, 2014
31
6
SOEDI said:
Here's an android + bcmon compatible mdk3 binary + source. Tested and works on N7 2012 4.3, but some attack may not work (as fast) as they should.

copy the mdk3 binary inside the zip to data/data/com.bcmon.bcmon/files/tools and don't forget to set the right permissions.


Best Regards
SOEDI
Click to expand...
Click to collapse

thank you for mdk3

how do i use the zip though do i just place the whole zip in bcmon/tools

or do i extract only the mdk3 file and place that bcmon/tools
 
C

CracX0r

Member
Dec 10, 2014
31
6
reaver does not work on s2

ive tried on many roms

stock - not working
cm9 - cm10 - cm11 = not working
and other aosp roms = not working

it doesnt pick up any networks even with scan fix on or off

---------- Post added at 09:24 AM ---------- Previous post was at 09:21 AM ----------
SOEDI said:
Here's an android + bcmon compatible mdk3 binary + source. Tested and works on N7 2012 4.3, but some attack may not work (as fast) as they should.

copy the mdk3 binary inside the zip to data/data/com.bcmon.bcmon/files/tools and don't forget to set the right permissions.


Best Regards
SOEDI
Click to expand...
Click to collapse

could you port wifite to s2?
 
X

xXxDontknowmexXx

Member
Dec 23, 2014
25
1
CracX0r said:
reaver does not work on s2

ive tried on many roms

stock - not working
cm9 - cm10 - cm11 = not working
and other aosp roms = not working

it doesnt pick up any networks even with scan fix on or off

---------- Post added at 09:24 AM ---------- Previous post was at 09:21 AM ----------



could you port wifite to s2?
Click to expand...
Click to collapse

It does work, but you should do exactly like this:

First open reaver with wifi ON (bcmon NOT in monitor mode)
Then you scan, and you will find access points. Select vulnerable access point you want to crack then open bcmon, start monitor mode then go back to reaver and click start attack :)
 
C

CracX0r

Member
Dec 10, 2014
31
6
xXxDontknowmexXx said:
It does work, but you should do exactly like this:

First open reaver with wifi ON (bcmon NOT in monitor mode)
Then you scan, and you will find access points. Select vulnerable access point you want to crack then open bcmon, start monitor mode then go back to reaver and click start attack :)
Click to expand...
Click to collapse

lol forget it
id rather do it from terminal lol

this app looks horrible to be honest
 
G

gustarballs1983

Member
Sep 25, 2013
37
18
Hello agin..

I've contacted Bryce Thomas the Guy who made "Liber80211" one of the first attempts to port Linux drivers to android user space without root requirement. He recently responded Me that He put together sort of a guide for those who are willing to further push onwads that project.. prerequirement for such a brave would be knowledge on C and Java programing languages..

anyways Here's the link to the guide..
http://brycethomas.github.io/2015/01/18/porting-a-kernel-space-usb-driver-to-android-user-space.html
Hopefully somebody manages to make use of it and figures out how to fully port the wifi drivers so they have monitor mode and full packet injection

best of luck to You
Gus T.
 
  • Like
Reactions: osd_daedalus, nvo2411 and xXxDontknowmexXx
You must log in or register to reply here.

Similar threads

C
  • Locked
[APP]SuperOneClick v2.3.3 - Motorola Exploit Added!
Replies
7K
Views
16M
vanessaem
vanessaem
HootanParsa
[APP][2.2+] MiXplorer v6.x Released (fully-featured file manager)
Replies
44K
Views
7M
SulettaA
SulettaA
K
[ROOT ANDROID][2.x-6.0] KINGROOT: The One-Click Root Tool for Almost All Devices
Replies
8K
Views
6M
bobiba11
bobiba11
Chainfire
[App] [26.04.2011][v1.2] GingerBreak APK (root for GingerBread)
Replies
2K
Views
5M
ZG089▼
ZG089▼
PerfectSlayer
[APP][ROOT/NONROOT][OFFICIAL] AdAway v6.1.1
Replies
18K
Views
7M
S
Sgtmack

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 183
    S
    SOEDI
    8pxfqkb9.png

    Reaver for Android v1.30
    Reaver-WPS GUI for rooted devices with bcm4329/4330 wifi chipset or working external wifi card.
    4t3b7gia.png


    INFO:
    Reaver for Android, short RfA, is a simple-to-use Reaver-GUI for Android devices with monitor-mode support.
    It has some very cool features:

    • Detects automatically WPS-enabled routers.
    • All Reaver-Settings are accessible from a simple-to-use GUI.
    • Activates and deactivates Monitor-Mode automatically when needed.
    • Provides a simple way to connect when Reaver finds the WPA-Key.
    • External script support

    Project status: PRE-FINAL
    What does this mean?
    There are some features which are not implemented yet.
    Developement will continue very soon.​


    Installation

    1. Download/install bcmon.apk from HERE and RfA.apk from the bottom of this post. RfA may also download bcmon automatically.
    2. Run bcmon, if it crashes try a second time.
    3. If all runs fine, start RfA. If not, your device may be not bcmon compatible. Please see second post.
    4. After selecting an WPS-enabled router, click on "Test Monitor-Mode".
    5. Now you can use RfA:), don't uninstall bcmon.
    Steps 1 - 4 are only for the installation, they don't have to be repeated once done.


    FAQ:

    What is this awesome app actually usefull for?
    Well, RfA is able to unveil the actual WPA(2)-Key of many routers within 2 - 10 hours.

    WHAT?! I though WPA(2) is safe?
    It used to be, but then many router models got WiFi Protected Setup, short WPS, implemeted, which is pretty vulnerable. (Details)
    Basically it's a Brute-Force attack with Reaver against a 8 digit pin with 10^4 + 10^3 possibilities.

    What is Reaver?
    Reaver-WPS is a pentesting tool developed by Tactical Network Solutions.
    It attacks WPS-enabled routers and after the WPS-Pin is cracked, it retrieves the actual WPA-key.
    Reaver provides only a terminal interface, which is ok for notebooks etc., however it's a pain on Android devices.
    Because of this I developed RfA.

    Doesn't Reaver requires monitor-mode and so can't work on Android?
    Yes, Reaver needs monitor-mode, but thanks to bcmon (or external wifi cards) some Android devices are now monitor-mode capable.​


    bcmon compatibility
    Developed and tested on: Nexus 7 2012 (Stock 4.3)
    RfA *should* work on all devices with bcmon support (Broadcom bcm4329/bcm4330 chipsets)
    Simply try by installing bcmon. Don't worry, if something goes wrong a simple reboot should fix everything.
    For external wifi cards please see second post.

    Tested & works on:
    Nexus 7 2012 (Stock 4.3, Cyanogen 9)
    Huawei Honour (Cyanogen Mod based ROM)

    bcmon does NOT work on:
    Samsung Galaxy S3/4/5
    HTC One
    LG G2
    Nexus 4/5
    Nexus 7 (2013)

    Credits & used tools:

    Monitor-Mode over bcmon.apk:
    Omri Ildis, Ruby Feinstein & Yuval Ofir
    See: bcmon.blogspot.com

    Reaver-WPS:
    Tactical Network Solutions
    See: code.google.com/p/reaver-wps/

    Disclaimer

    Attention: Hacking of networks is illegal without having the permission of the owner! The developer is not responsible for any damage etc. this app could cause.
    This software is only intended to show a big security hole, not to be able to surf in the neighbours Wifi;)

    XDA:DevDB Information
    Reaver-GUI for Android, App for all devices (see above for details)

    Contributors
    SOEDI, bcmon team & Tactical Network Solutions

    Version Information
    Status: Stable
    Current Stable Version: 1.30
    Stable Release Date: 2014-07-01
    Beta Release Date: 2013-11-04

    Created 2013-09-24
    Last Updated 2014-09-27
    View
    17
    S
    SOEDI
    Second Post

    • If anyone has working Andorid drivers for external Wifi cards, please let me know,
    • If the layout looks strange on your phone, please send me a screenshot, so I can fix it
      I have only a tablet and HD phone (emulator works to slow), so can't test the layout properly.


    Usage of custom-scripts

    To make RfA less dependent from bcmon, which seems to be dicontinued, I introduced custom monitor-mode-activation scripts.

    Please note that those scripts only have sense for you, if you are already able to use monitor-mode on your device. Ether via special firmware for the internel wifi card or a kernel, which properly supports external wifi cards. Those scripts serve only as a "connector" between your wifi interface and RfA.
    In order to enable this function you need to open RfA settings, tap on "Monitor-Mode settings" and disable the "Use bcmon" checkbox.

    There are 3 different scripts you can specify:

    Activation script
    This script will be executed in it's own directory.
    It should enable monitor-mode and exit.
    Example:
    Code: 
    #!/bin/bash
svc wifi disable
LD_LIBRARY_PATH=/data/data/com.bcmon.bcmon/files/libs
LD_PRELOAD=/data/data/com.bcmon.bcmon/files/libs/libfake_driver.so sh
cd /data/data/com.bcmon.bcmon/files/tools
./enable_bcmon
echo "rfasuccess"
exit
    Click to expand...
    Click to collapse

    Warm-up script
    RfA will read in this script as textfile and execute the commands internally. This is needed to execute reaver in the same terminal session as the script.
    It should do all prepartions before Reaver is started. At least it has to cd into the directory where the reaver binary is.
    Example:
    Code: 
    #!/bin/bash
LD_LIBRARY_PATH=/data/data/com.bcmon.bcmon/files/libs
LD_PRELOAD=/data/data/com.bcmon.bcmon/files/libs/libfake_driver.so sh
cd /data/data/com.bcmon.bcmon/files/tools
    Click to expand...
    Click to collapse

    Stop script
    This script will be executed in it's own directory.
    It should disable monitor-mode and exit.
    Code: 
    #!/bin/bash
svc wifi enable
echo "rfasuccess"
    Click to expand...
    Click to collapse

    Additional Information
    • You have also to specify your wifi-interface.
    • The given examples are those scripts, which RfA uses by default when you enable the "Use bcmon" checkbox.
    • The activation and stop script have to echo "rfasuccess" in order to tell RfA that they were executed properly. With this method you can also implement a sort of error-checking, by returning "rfasuccess" only when everything went fine.
    Click to expand...
    Click to collapse
    View
    9
    S
    SOEDI
    New Version

    Hey folks,

    finally, I found some time and implemented script support.
    This makes RfA ready for bcmon independent usage. Now, if you have a working external wifi card and the right kernel, you will be able to write a short shell-script (details later) and RfA will be able to use it.

    Also, this will make RfA compatible with @n01ce PwnAir, at least after the script for it is ready ;)


    Regards,
    SOEDI


    P.S: Release will be in the next few days.
    View
    7
    S
    SOEDI
    @ruleh: it’s amazing how you stay calm and keep on answering even the most stupid questions!

    In the meantime I integrated the PixieDust attack. I had to rewrite some parts of RfA, pixiewps and reaver itself, but it looks pretty promising now. It was not easy to get the stuff compiled, so keep that in mind when you meet a "Segmentation fault" sometimes ;)
    Details (and release) will follow later...

    RfA 1.40 is coming soon, yeah :D
    View
    6
    S
    SOEDI
    osd_daedalus said:
    Theorically, all that needs is to crosscompile mdk3 (or bully, or a kernel module which supports monitor mode, or another program you want) for ARM architecture, and eventually doing some tweakings.

    In the reality, considering no one did other wifi tools for android, apart the old Reaver (excluding apps in google play mostly to find default passwords according to bssid and router model), I believe it's much difficult than thought.

    Let's remember also the aim of bcmon, reaver-wps and RfA is to return tools to use with internal wifi.
    I believe (but still to try), that if you use Linux Deploy to install Kali, a powered microusb-OTG and an external wifi dongle, you are able to run all of wifi-sec tools you want from your device.

    Just a personal consideration: I'm against the use of mdk3, because the "art" of reaver/bully is to find the correct settings not to trigger the WPS lockdown. I have tested on my TNCAP router and, according also to what I have read, unless you put up a series of wireless tools to intercept packets and monitor your router (wireshark, kismet, etc), you won't realize there is a WPS bruteforce attack in course.
    But start flooding periodically the AP with mdk3, freezing and resetting it in cycle, and I'll be the first to suspect an attack, intercept your packets and knock at your door with a handgun ;)

    P.S. being in topic, there are some reports of TNCAP routers being able to reboot with permanent lock WPS already on, after some floods with mdk3.
    Click to expand...
    Click to collapse

    Here's an android + bcmon compatible mdk3 binary + source. Tested and works on N7 2012 4.3, but some attack may not work (as fast) as they should.

    copy the mdk3 binary inside the zip to data/data/com.bcmon.bcmon/files/tools and don't forget to set the right permissions.


    Best Regards
    SOEDI
    View

New posts