[APP][2.1+] Wifi Protector v1.4.5 Wireless Security | Anti WifiKill | Anti DroidSheep

Search This thread
By:
Advanced…
gurkedev

gurkedev

Senior Member
Nov 17, 2011
52
362
ell3 said:
I understand that making apps "call home" is bad, but maybe disable it by default and make it possible to users to volunteerly check it and autosend crash dumps (at least when the app is in development... then remove it in final version?). Or maybe just save them to a .txt file somewhere and ask manually to send it to you... uh... just ideas :)
Click to expand...
Click to collapse

This is already included in the market version when using froyo (2.2+). I haven't had time yet to implement it in the free version. Edit: Implemented in v1.1.2.

ingenious247 said:
Correction, it only force closes when NOT connected to wifi
Click to expand...
Click to collapse

I'm still waiting the report you mentioned in your mail.

avgjoemomma said:
K, quick suggestion. I now get false alarms every time I switch from Wifi to Data or vice versa. I think the app is already registered to be alerted upon a connection change so maybe you have a sanity check before sending the alert and arp -d'ing?
Click to expand...
Click to collapse

What type of detection are you using? MAC or BSSID?
 
Last edited:
  • Like
Reactions: aweaver33
ell3

ell3

Senior Member
Nov 4, 2011
52
27
Mu
Hi ! I got to test your 3rd revision, and I ran thru some problems... but they are hard to reproduce as sometimes it behaves one way, sometimes doesnt....
Anyway, I sent you the logcat via PM.

1) when I start/stop/start during an attack, sometimes it fails to detect the attack is still running.
2) I disconnected the phone, started the attack, connected the phone, attack got detected, went to expert and it crashed. (that's the last you could see in my logcat attached) Then app respawned but I think not as service (there is no more shield in upper left corner of screen) and the app keeps crashing when I go expert.

As for the detection rate, it's still not 100%, sometimes it fails when starting/stopping the attack. I think I got the best results with the first version (but that could be just an impression, as I told you, it's hard to recreate the exact actions that reproduce the bug or no-detection)


@killerjc - This is not against viruses that target your device, it's against arp-based attacks (they might happen only inside your LAN) that might target phones and other devices as well.


@OP - Thanks for updates and bugfixes !!
 
gurkedev

gurkedev

Senior Member
Nov 17, 2011
52
362
v1.1.2 released today.

It comes with a couple of small bugfixes and performance improvements.

One word on BSSID analysis: If you get alerts with BSSID analysis enabled, go to Expert Perspective and compare the gateway MAC with the BSSID. You will probalby notice that the gateway MAC is completely different to the BSSID. This could be a network already under attack but it's more likely that you are connected to a virtualized wireless LAN. The concept of virtualization in wireless LANs is similar to wired networks. Relevant for you, as a Wifi Protector user, is that each participant in the network is assigned a dedicated virtual port and unique BSSID. Maybe you're lucky because the Access Point keeps the vendor ID (first 3 octets of the MAC) and changes only the last 3 octets, so you could keep BSSID analysis enabled and set the detection level to Light. But I'm afraid in most cases you will find yourself with 6 different octets. In such case you cannot use BSSID analysis.
 
  • Like
Reactions: jockel24, aweaver33, devrruti and 1 other person
M

Michal102

New member
Jun 22, 2010
1
2
Hi, I tried this app and it works perfectly. But i discovered few problems...

1. detection works perfectly, but countermeasures without busybox "arp" command doesn't work... I have installed busybox v1.19.3 (latest), but this version don't contain arp command (I do not know why).
This is a problem with my phone and not with app itself, some other people may have a similar problem, so here is a solution...
Solutoin: reinstalled busybox to version 1.18.4 (last version which contain arp command) and problem was solved :)

2. in version 1.1.2 when the network is under attack and countermeasures are active status is displayed as "Normal". In version 1.1.1 in this case there was information about the active countermeasures. I prefer to see the information that the network is under attack and countermeasure is active...
(Perhaps this is again a problem with my phone, but in the version 1.1.1 it was shown correctly)

Good work, very useful app :)
 
  • Like
Reactions: gurkedev and devrruti
A

avgjoemomma

Senior Member
Jul 15, 2010
488
76
gurkedev said:
v1.1.2 released today.

It comes with a couple of small bugfixes and performance improvements.

One word on BSSID analysis: If you get alerts with BSSID analysis enabled, go to Expert Perspective and compare the gateway MAC with the BSSID. You will probalby notice that the gateway MAC is completely different to the BSSID. This could be a network already under attack but it's more likely that you are connected to a virtualized wireless LAN. The concept of virtualization in wireless LANs is similar to wired networks. Relevant for you, as a Wifi Protector user, is that each participant in the network is assigned a dedicated virtual port and unique BSSID. Maybe you're lucky because the Access Point keeps the vendor ID (first 3 octets of the MAC) and changes only the last 3 octets, so you could keep BSSID analysis enabled and set the detection level to Light. But I'm afraid in most cases you will find yourself with 6 different octets. In such case you cannot use BSSID analysis.
Click to expand...
Click to collapse

I did some testing today at a Peet's and Starbucks as they were setting of WiFi Protector when I switched from 3G Data to WiFi (I use JuiceDefender to automatically switch based on location). gurkedev's analysis seems to be correct in that the APs used by these places use vLANs so we might get false alerts when using deeper levels of BSSID analysis. I'm keeping mine set to BSSID Deep as I don't mind the false alarms :p

I did some testing using two Nexus One's running CM7.x at Starbucks. I had one N1 running WiFI Protector and used my own to run WiFi Kill and the countermeasures worked like a charm. This is one app that will be installed by default for me :D Combined with sysctl hardening and the right iptables config, your phone should be pretty damned protected:p
 
gurkedev

gurkedev

Senior Member
Nov 17, 2011
52
362
Michal102 said:
Hi, I tried this app and it works perfectly. But i discovered few problems...

1. detection works perfectly, but countermeasures without busybox "arp" command doesn't work... I have installed busybox v1.19.3 (latest), but this version don't contain arp command (I do not know why).
This is a problem with my phone and not with app itself, some other people may have a similar problem, so here is a solution...
Solutoin: reinstalled busybox to version 1.18.4 (last version which contain arp command) and problem was solved :)
Click to expand...
Click to collapse

Thank you very much for sharing your insights and posting a solution! Next version will be smarter and won't rely on arp link to busybox exist.

Michal102 said:
2. in version 1.1.2 when the network is under attack and countermeasures are active status is displayed as "Normal". In version 1.1.1 in this case there was information about the active countermeasures. I prefer to see the information that the network is under attack and countermeasure is active...
(Perhaps this is again a problem with my phone, but in the version 1.1.1 it was shown correctly)

Good work, very useful app :)
Click to expand...
Click to collapse

v1.1.2 doesn't change shield color if attack starts while app main view is already open. Upcoming release will fix this. Attack prevention (countermeasures) should be shown correctly in v1.1.2.
 
W

WiredPirate

Guest
I like this app! Great concept, well done. My one question is can you please add the option in settings to hide the icon in the notification bar unless I am under attack? This would be very useful to me. Thanks again for the app!:)
 
K

kwazi

Senior Member
Nov 1, 2009
97
17
www.kwasik.com
haven't had a chance to try it yet, but will do soon.

Very happy someone took the time to write this up, and even more happy that you're willing to share it with XDA members for free.

Thanks :)
 
A

avgjoemomma

Senior Member
Jul 15, 2010
488
76
WiredPirate said:
I like this app! Great concept, well done. My one question is can you please add the option in settings to hide the icon in the notification bar unless I am under attack? This would be very useful to me. Thanks again for the app!:)
Click to expand...
Click to collapse

I think it might need to be in the notification bar to keep the OS from killing it.
 
aloy99

aloy99

Senior Member
May 15, 2011
601
87
Is it possible to uninstall the app after making the phone immune to wifi attacks as I have a limited amount of ram on my phone and cannot have services constantly running.

Sent from my x10 mini running the latest version of minicm 7. :D
 
A

avgjoemomma

Senior Member
Jul 15, 2010
488
76
aloy99 said:
Is it possible to uninstall the app after making the phone immune to wifi attacks as I have a limited amount of ram on my phone and cannot have services constantly running.

Sent from my x10 mini running the latest version of minicm 7. :D
Click to expand...
Click to collapse

I'm not the developer so he'll have to correct me if I'm wrong, but this app needs to remain active and running as it continuously is checking for attacks. You can't really flip a few settings on and be immune. There are some configurations that will help but nothing like how this app works. It monitors then takes countermeasures.

If I were you, I'd make room :p
 
casemandan

casemandan

Senior Member
Oct 12, 2010
651
407
L.I. NY
Lazy bumms

avgjoemomma said:
I'm not the developer so he'll have to correct me if I'm wrong, but this app needs to remain active and running as it continuously is checking for attacks. You can't really flip a few settings on and be immune. There are some configurations that will help but nothing like how this app works. It monitors then takes countermeasures.

If I were you, I'd make room :p
Click to expand...
Click to collapse
Unbelievable....
almost 1700 downloads and not even 50 thanks button hits for the awesome dev....
People are lazy ass **** ****s that dont deserve anything for free. :mad:


edit: maxed out my 5 daily thanks button hits so now its over 50:D
 
Last edited:
  • Like
Reactions: PapaWangsta and mr.maxout
A

avgjoemomma

Senior Member
Jul 15, 2010
488
76
casemandan said:
Unbelievable....
almost 1700 downloads and not even 50 thanks button hits for the awesome dev....
People are lazy ass **** ****s that dont deserve anything for free. :mad:


edit: maxed out my 5 daily thanks button hits so now its over 50:D
Click to expand...
Click to collapse

Yeah, that's how it goes. So lame. Well you can always WiFi Kill em:eek:;)
 
shockem

shockem

Inactive Recognized Developer
Sep 10, 2010
1,338
330
Singapore
casemandan said:
Unbelievable....
almost 1700 downloads and not even 50 thanks button hits for the awesome dev....
People are lazy ass **** ****s that dont deserve anything for free. :mad:


edit: maxed out my 5 daily thanks button hits so now its over 50:D
Click to expand...
Click to collapse

You are right, many people don't 'use' the thanks button. II hope more will make better use of it. I mean common its just a button that requires a single click!
 
cracksmurf

cracksmurf

Senior Member
Jan 16, 2009
159
68
Los Angeles
avgjoemomma said:
I think it might need to be in the notification bar to keep the OS from killing it.
Click to expand...
Click to collapse

Well i agree that it can get a little crowded in the notification bar. One nice fix i saw on a notifcation bar shortcut app is to give the option to make the notification icon either the same color as the notifacation bar or fully transparent. However, since this can result in a weird blank spot between icons, the ability to set the icon as either the first or last one was added. ie left or rightmost icon.
 
forceu

forceu

Senior Member
Jun 23, 2010
100
78
Does not work if you have two routers sharing the same BSSID.

For example I have a FritzBox 7270 and a TP Router, but after connecting to one of them, I get an BSSID alarm.

This is often used in hotels as well (one router for each floor), so I had to disable it.
 
  • Like
Reactions: sekjun9878
You must log in or register to reply here.

Similar threads

bponury
[APP] WifiKill - disable internet for network hoggers (Android 4.x)
Replies
3K
Views
3M
GoJo ^^
GoJo ^^
C
  • Locked
[APP]SuperOneClick v2.3.3 - Motorola Exploit Added!
Replies
7K
Views
16M
vanessaem
vanessaem
S
[APP][2.2+][ROOT][WiFi] Reaver-GUI for Android
Replies
2K
Views
2M
D
deverstator
R
  • Locked
[APP] z4root
Replies
3K
Views
7M
TRusselo
TRusselo
Z
[APP][2.2+] LBE Security Master 5.1.4722
Replies
3K
Views
2M
L
Labamba86

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 253
    gurkedev
    gurkedev
    Nov 15 2013 Version 1.4.5 released.

    This app is for those, who are tired of being kicked from the network by WifiKill. And for those, who are a little bit paranoid, because they know it's quite easy to read the Wi-Fi traffic with tools like DroidSheep, ettercap, FaceNiff, Cain & Abel and others. Such programs use the same technique to prevent you from accessing the network or to sniff your data. You can defend yourself with a single app.

    What is Wifi Protector?
    Wifi Protector is a Android security app specifically designed to detect and prevent ARP spoofing attacks against your phone in Wi-Fi networks.

    How does it work?
    Wifi Protector is continuously monitoring network related parameters. When abnormal behaviour is detected, an alert is triggered. The type of alert can be configured. Detection, basic protection and alert work on all phones. On rooted phones it is also possible to reconfigure the phone to make it immune against the attack.

    Get it!
    You can download the attached free version or get it for free from Google Play (mobile link).

    Comments, questions, bug reports are welcome.

    If you find the app useful please donate to this Bitcoin address: 19jqzdWFYTf5KZKnS6CJfG9vMX86ghysJQ



    FAQ

    Q: What is a MAC address?
    A: The Media Access Control address is a hardware address of a network interface. Every device in the (Wifi) network has a unique MAC address.

    Q: What is ARP?
    A: ARP stands for Address Resolution Protocol. When two devices want to communicate via Internet Protocol (IP) in a (Wifi) network they need to know each others MAC address. The ARP protocol is used to resolve the MAC address for a given IP address.

    Q: What is the ARP cache?
    A: The ARP cache is a temporary storage on your phone that holds pairs of IP and MAC addresses that belong together.

    Q: What is ARP cache poisoning?
    A: ARP cache poisoning is a method to inject false information into your phone's ARP cache by sending forged packets to the (Wifi) network.

    Q: What is DOS attack (Denial Of Service) through ARP cache poisoning?
    A: An attacker changes the ARP cache on your phone in a way that invalid MAC addresses are associated with certain IP addresses. Very popular is to inject a false MAC address for the default gateway of your phone. This is an effective way to prevent your phone from accessing the internet. The attack is very lightweight, so a single attacker can disturb large networks. With Wifi Protector on a rooted phone you are immune to this kind of attack.

    Q: What is MITM attack (Man In The Middle) through ARP cache poisoning?
    A: Like in DOS attacks an attacker changes the MAC address of your phone's default gateway in your phone's ARP cache. Instead of injecting an invalid MAC address he places the MAC address of his own device into the cache. If possible, he also poisons the ARP cache of the default gateway in the Wifi network and changes the MAC address associated with your phone's IP address in the gateway's ARP cache. If the default gateway is vulnerable, the attacker has established a full-routing MITM. He can now read and change everything you send and receive over the network, in some special cases even if you use encryption. If the default gateway is not vulnerable, the attacker has established a half-routing MITM. He can then read and change everything you send, but not the data you receive. With Wifi Protector on a rooted phone you are immune against half-routing and - to some extent - against full-routing MITM. In the full-routing MITM scenario Wifi Protector prevents the attacker to read and change everything you send, but not the data to receive. In any cases you get an alarm.


    Changelog

    Code: 
    1.4.5
- OTHER: Added ACCESS_SUPERUSER permission

1.4.4
- OTHER: Changed su handling which fixes issues with outdated su binaries

1.4.3
- BUGFIX: Notification icon no longer disappears when "Clear notification" button is pressed
- FEATURE: Added option to force start at boot, which is useful on devices that don't signal Wi-Fi start at boot
- OTHER: Added CHANGE_NETWORK_STATE permission, which is required on some Samsung tablets running Android 3.2 in order to disable Wi-Fi on attack

1.4.2
- BUGFIX: Fixed ANR on some devices that happened in rare cases when app is started first time
- BUGFIX: Fixed rare FC when restarting service from Expert Perspective

1.4.1
- BUGFIX: If notification settings haven't been configured the notification icon disappeared if main activity was closed. Fixed
- OTHER: Improved error messages

1.4.0
- FEATURE: Notification icon can be hidden

1.3.0
- FEATURE: Wi-Fi can be automatically disabled on attack (optional). This is useful on non-rooted phones
- FEATURE: App can be brought to the front on attack (optional)
- OTHER: Improved compatibility with battery saving apps

1.2.0
- BUGFIX: Attack notification ringtone didn't honor phone volume on some devices. Fixed
- BUGFIX: Vibration didn't honor phone silent mode. Fixed and made it configurable
- FEATURE: All spoofing attempts are logged, including SSID, BSSID, Gateway IP, Gateway MAC, Attacker MAC, Attacker IP. Vendors are resolved and shown in detailed log view. Logs are cleaned automatically. Log size can be configured
- FEATURE: Expert perspective shows BSSID vendor as well as SSID
- FEATURE: On attack vibrate in a given pattern. Duration, repeats and gaps configurable

1.1.4
- BUGFIX: Fixed crash on ICS when Expert is selected
- BUGFIX: On ICS a wrong phone IP address was shown. Fixed
- BUGFIX: Fixed minor bugs
- FEATURE: Internal arp command included

1.1.2
- BUGFIX: Database cursor closing properly
- BUGFIX: If manually clearing gateway ARP entry fails, an error message appears
- BUGFIX: If manual countermeasures fail, an error message appears
- BUGFIX: BSSID mode attack detection precision improved
- FEATURE: Background image can be switched off to save RAM
- OTHER: OUI database performance improved
- OTHER: Unused permissions removed
- OTHER: Size of internal buffers reduced to conserve resources

1.1.1
- BUGFIX: Fixed wireless connection state handling
- BUGFIX: Fixed FC on wireless connection change
- BUGFIX: Fixed BSSID display in expert perspective

1.1.0
- FEATURE: IEEE 802.11 BSSID analysis. Detects the situation when a network is joined, which is already under attack.
- FEATURE: Three BSSID analysis levels. Light: Vendor compare. Deep: 5 octet compare. Extreme: Exact match.
- FEATURE: Expert perspective shows current BSSID.
- FEATURE: Home screen shows attack detection method.

1.0.0
- Initial public release.

    MD5: WifiProtector-48.apk = 21bc43ba941a7f6bb75471e25e5dbd37
    MD5: WifiProtector-46.apk = 5a2acdec7be1ea9faf1cfc3fb480d747
    View
    15
    gurkedev
    gurkedev
    Version 1.4.5 has ACCESS_SUPERUSER permission. As usual your free copy is here.

    BTW: Today is Wifi Protector's 2nd birthday! Cheers!
    View
    8
    gurkedev
    gurkedev
    @Imjjames
    One of the design goals was efficiency. Nonetheless the battery consumption is under your control by setting the Collection Interval.

    With default value the consumption is about 1% on a Samsung Nexus S. You can reduce the consumption by increasing the Colletion Interval.
    View
    8
    gurkedev
    gurkedev
    Version 1.4.3 is ready and of course free for XDA users.

    Changes:

    • BUGFIX: Notification icon no longer disappears when "Clear notification" button is pressed
    • FEATURE: Added option to force start at boot, which is useful on devices that don't signal Wi-Fi start at boot
    • OTHER: Added CHANGE_NETWORK_STATE permission, which is required on some Samsung tablets running Android 3.2 in order to disable Wi-Fi on attack
    View
    7
    gurkedev
    gurkedev
    v1.2.0 released today.

    It fixes issues with phone silent mode and comes with a new logging feature. Please see changelog for details.
    View

New posts