[APP][2.2+][ROOT][WiFi] Reaver-GUI for Android

Search This thread
By:
Advanced…
C

Charle692

Senior Member
Jul 7, 2012
164
20
Ottawa
SOEDI said:
Ok, there we have the problem...
If bcmon can't enable Monitor-Mode, RfA will also fail cause it's using the same method and files from bcmon.
The only thing you can do is flashing another firmware or searching/asking on the bcmon website for help, sorry:(

Good luck:)
Click to expand...
Click to collapse

Alright well thanks for your help if they find a fix for it i will be sure to come back and share in here as some others have problems too.

Sent from my ASUS Transformer Pad TF300T using XDA Premium HD app
 
S

SOEDI

Senior Member
May 14, 2011
154
354
Yes, session saving should work out-of-the-box.
Don't forget to activate the first setting (Automatic Mode)
Also make sure that you have full rw-permission for:
Code: 
data/data/com.bcmon.bcmon/files/tools

regards,
SOEDI
 
  • Like
Reactions: Moon83
S

sanglxagdm

Senior Member
Nov 8, 2011
81
5
I use Samsung Galaxy S2. I have a problem.
1. First, wifi must on then launch RfA, scan.
2. wifi must off then launch bcmon, enable monitor (if wifi on, i can't enable monitor).
3. after found WPS pin, and WPA pass, i chose exit or copy key conect ... my phone is reboot
I try press home button then close RfA by "kill all, clean ram", my phone isn't reboot, but then if i press wifi on, my phone is reboot.
(while attacking the target, i press stop, my phone is reboot)
.4. At "Set lock-delay", Can you change to input "optional value" exam in reaver as 61s, 65s.
Sorry my english is bad :(
 
S

SOEDI

Senior Member
May 14, 2011
154
354
sanglxagdm said:
I use Samsung Galaxy S2. I have a problem.
1. First, wifi must on then launch RfA, scan.
2. wifi must off then launch bcmon, enable monitor (if wifi on, i can't enable monitor).
3. after found WPS pin, and WPA pass, i chose exit or copy key conect ... my phone is reboot
I try press home button then close RfA by "kill all, clean ram", my phone isn't reboot, but then if i press wifi on, my phone is reboot.
(while attacking the target, i press stop, my phone is reboot)
.4. At "Set lock-delay", Can you change to input "optional value" exam in reaver as 61s, 65s.
Sorry my english is bad :(
Click to expand...
Click to collapse

Ok, if I understand you right, you have the following problems:

Phone reboots while disabling Monitor-Mode:
Try to disable Monitor-Mode over bcmon first.

You want to have a custom lock delay input.
Ok, as soon as I have time I will implement this.

Please keep in mind that bcmon on the SGS2 is pretty unstable.
Reboots may happen.


regards,
SOEDI
 
  • Like
Reactions: dalya and sanglxagdm
haseogu

haseogu

Senior Member
Sep 24, 2012
269
57
Well my reaver stuck in changing the channel, how to fix it, samsung galaxy tab 2 p3100

Sent from my GT-P3100 using Tapatalk HD
 
G

gustarballs1983

Member
Sep 25, 2013
37
18
Hello agin

I Have a simple question can this app be able to only detect wps enabled routers(no need for the brute force just ability to check vulnerability) but without bcmon.apk and without root?? can anyone check?
I do not have bcm based wifi and RfA ran without bcmon.apk and without busybox and it claimed that even monitor mode is on, only reaver claimed there is no libcap.so.1.. so it wouldn't run the attack
anyway currently I'm planning to send it for repair because it is malfunctioning, seemes internal memory craped out shows 0/0b total volume.

Please let me know in this thread..
Regards
GusT.
 
S

Seraph2013

New member
Oct 11, 2013
2
0
Error Monitor-Mode

Hello

Please describe the sequence of actions for the program to work correctly .
Because on my phone Samsung Galaxy S II 4.1.2 firmware 4.1.2 I9100XXLS8 program does not work correctly.

My actions :

1. Run the RFA.
2 . Scan the network.
3 . Opt for the network.
4 . run bcmon.
5 . In RFA choose test monitor mode.

An error Monitor-Mode activation failed.


I attach the log command iwconfig

127 | u0_a140 @ android :/ # iwconfig
lo no wireless extensions.

gannet0 no wireless extensions.

sit0 no wireless extensions.

ip6tnl0 no wireless extensions.

rmnet0 no wireless extensions.

u0_a140 @ android :/ # iwconfig
lo no wireless extensions.

gannet0 no wireless extensions.

sit0 no wireless extensions.
ip6tnl0 no wireless extensions.
rmnet0 no wireless extensions.

rmnet1 no wireless extensions.

rmnet2 no wireless extensions.
p2p0 IEEE 802.11abgn ESSID: off / any Mode: Monitor Access Point: Not-Associated Tx-Power = 1496 dBm
Retry long limit: 7 RTS thr: off Fragment thr: off
Encryption key: off
Power Management: on

wlan0 IEEE 802.11abgn ESSID: off / any
Mode: Monitor Access Point: Not-Associated Tx-Power = 1496 dBm
Retry long limit: 7 RTS thr: off Fragment thr: off
Encryption key: off
Power Management: on

u0_a140 @ android :/ #
 
ickk

ickk

Senior Member
Nov 8, 2011
482
113
Tampa, FL
Any plans to add support for multiple adapters? I have a usb nic with a cantenna I'd love to use with my transformer's dock.
 
S

SOEDI

Senior Member
May 14, 2011
154
354
gustarballs1983 said:
Hello agin

I Have a simple question can this app be able to only detect wps enabled routers(no need for the brute force just ability to check vulnerability) but without bcmon.apk and without root?? can anyone check?
I do not have bcm based wifi and RfA ran without bcmon.apk and without busybox and it claimed that even monitor mode is on, only reaver claimed there is no libcap.so.1.. so it wouldn't run the attack
anyway currently I'm planning to send it for repair because it is malfunctioning, seemes internal memory craped out shows 0/0b total volume.

Please let me know in this thread..
Regards
GusT.
Click to expand...
Click to collapse

Yes, RfA marks WPS-enabled routers with green icons
 
S

SOEDI

Senior Member
May 14, 2011
154
354
Seraph2013 said:
Hello

Please describe the sequence of actions for the program to work correctly .
Because on my phone Samsung Galaxy S II 4.1.2 firmware 4.1.2 I9100XXLS8 program does not work correctly.

My actions :

1. Run the RFA.
2 . Scan the network.
3 . Opt for the network.
4 . run bcmon.
5 . In RFA choose test monitor mode.

An error Monitor-Mode activation failed.


I attach the log command iwconfig

127 | u0_a140 @ android :/ # iwconfig
lo no wireless extensions.

gannet0 no wireless extensions.

sit0 no wireless extensions.

ip6tnl0 no wireless extensions.

rmnet0 no wireless extensions.

u0_a140 @ android :/ # iwconfig
lo no wireless extensions.

gannet0 no wireless extensions.

sit0 no wireless extensions.
ip6tnl0 no wireless extensions.
rmnet0 no wireless extensions.

rmnet1 no wireless extensions.

rmnet2 no wireless extensions.
p2p0 IEEE 802.11abgn ESSID: off / any Mode: Monitor Access Point: Not-Associated Tx-Power = 1496 dBm
Retry long limit: 7 RTS thr: off Fragment thr: off
Encryption key: off
Power Management: on

wlan0 IEEE 802.11abgn ESSID: off / any
Mode: Monitor Access Point: Not-Associated Tx-Power = 1496 dBm
Retry long limit: 7 RTS thr: off Fragment thr: off
Encryption key: off
Power Management: on

u0_a140 @ android :/ #
Click to expand...
Click to collapse

Yeah... seems like RfA doesn’t like the S2.
Do you mean with run bcmon to enable Monitor-Mode over it?
And did you tried to test Monitor-Mode without starting bcmon first?
 
Last edited:
S

SOEDI

Senior Member
May 14, 2011
154
354
ickk said:
Any plans to add support for multiple adapters? I have a usb nic with a cantenna I'd love to use with my transformer's dock.
Click to expand...
Click to collapse

I’m not into firmware development, so if you are self able to switch you adapter into monitor-mode (example: iwconfig wlan1 mode monitor)
then I can modify RfA to use it.
 
S

Seraph2013

New member
Oct 11, 2013
2
0
SOEDI said:
Yeah... seems like RfA doesn’t like the S2.
Do you mean with run bcmon to enable Monitor-Mode over it?
And did you tried to test Monitor-Mode without starting bcmon first?
Click to expand...
Click to collapse

I have used different methods of starting. In the end, it does not find the RFA network when running bcmon. And if it is not running bcmon RFA sees the network, but the network selection and inclusion of test monitor-mode fails.
 
G

gustarballs1983

Member
Sep 25, 2013
37
18
SOEDI said:
I’m not into firmware development
Click to expand...
Click to collapse

who says You need to make new firmware..
www[dot]kismetwireless[dot]net/android-pcap/

Place "." without quotes instead of [dot] (sorry they don't let me post links yet)

implements the Linux kernel RTL8187 driver in userspace using the Android USB host API

This means it doesn't require root privileges

try adding RTL 8187 to RfA same way as guys from kismet did in Android PCAP.apk

btw down that page You'll find sources for that app also if You are willing to take a look into it

Btw no need for adding other drivers as Reaver works the best only with RTL 8187. Other chipsets seem to have random results.
 
tbudke

tbudke

Senior Member
May 18, 2012
281
32
Has anyone tested this on Galaxy S4?

Sent from my SPH-L720 using XDA Premium 4 mobile app
 
S

SOEDI

Senior Member
May 14, 2011
154
354
Seraph2013 said:
I have used different methods of starting. In the end, it does not find the RFA network when running bcmon. And if it is not running bcmon RFA sees the network, but the network selection and inclusion of test monitor-mode fails.
Click to expand...
Click to collapse

Have you tried to:

1. Run RfA
2. Select network
3. Test monitor-mode
4. Switch to bcmon, enable monitor-mode
5. Switch back to RfA
6. Test monitor-mode/start attack

regards,
SOEDI
 
Last edited:
You must log in or register to reply here.

Similar threads

C
  • Locked
[APP]SuperOneClick v2.3.3 - Motorola Exploit Added!
Replies
7K
Views
16M
vanessaem
vanessaem
HootanParsa
[APP][2.2+] MiXplorer v6.x Released (fully-featured file manager)
Replies
44K
Views
7M
Ultramanoid
Ultramanoid
K
[ROOT ANDROID][2.x-6.0] KINGROOT: The One-Click Root Tool for Almost All Devices
Replies
8K
Views
6M
bobiba11
bobiba11
Chainfire
[App] [26.04.2011][v1.2] GingerBreak APK (root for GingerBread)
Replies
2K
Views
5M
ZG089▼
ZG089▼
PerfectSlayer
[APP][ROOT/NONROOT][OFFICIAL] AdAway v6.1.1
Replies
18K
Views
7M
S
Sgtmack

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 183
    S
    SOEDI
    8pxfqkb9.png

    Reaver for Android v1.30
    Reaver-WPS GUI for rooted devices with bcm4329/4330 wifi chipset or working external wifi card.
    4t3b7gia.png


    INFO:
    Reaver for Android, short RfA, is a simple-to-use Reaver-GUI for Android devices with monitor-mode support.
    It has some very cool features:

    • Detects automatically WPS-enabled routers.
    • All Reaver-Settings are accessible from a simple-to-use GUI.
    • Activates and deactivates Monitor-Mode automatically when needed.
    • Provides a simple way to connect when Reaver finds the WPA-Key.
    • External script support

    Project status: PRE-FINAL
    What does this mean?
    There are some features which are not implemented yet.
    Developement will continue very soon.​


    Installation

    1. Download/install bcmon.apk from HERE and RfA.apk from the bottom of this post. RfA may also download bcmon automatically.
    2. Run bcmon, if it crashes try a second time.
    3. If all runs fine, start RfA. If not, your device may be not bcmon compatible. Please see second post.
    4. After selecting an WPS-enabled router, click on "Test Monitor-Mode".
    5. Now you can use RfA:), don't uninstall bcmon.
    Steps 1 - 4 are only for the installation, they don't have to be repeated once done.


    FAQ:

    What is this awesome app actually usefull for?
    Well, RfA is able to unveil the actual WPA(2)-Key of many routers within 2 - 10 hours.

    WHAT?! I though WPA(2) is safe?
    It used to be, but then many router models got WiFi Protected Setup, short WPS, implemeted, which is pretty vulnerable. (Details)
    Basically it's a Brute-Force attack with Reaver against a 8 digit pin with 10^4 + 10^3 possibilities.

    What is Reaver?
    Reaver-WPS is a pentesting tool developed by Tactical Network Solutions.
    It attacks WPS-enabled routers and after the WPS-Pin is cracked, it retrieves the actual WPA-key.
    Reaver provides only a terminal interface, which is ok for notebooks etc., however it's a pain on Android devices.
    Because of this I developed RfA.

    Doesn't Reaver requires monitor-mode and so can't work on Android?
    Yes, Reaver needs monitor-mode, but thanks to bcmon (or external wifi cards) some Android devices are now monitor-mode capable.​


    bcmon compatibility
    Developed and tested on: Nexus 7 2012 (Stock 4.3)
    RfA *should* work on all devices with bcmon support (Broadcom bcm4329/bcm4330 chipsets)
    Simply try by installing bcmon. Don't worry, if something goes wrong a simple reboot should fix everything.
    For external wifi cards please see second post.

    Tested & works on:
    Nexus 7 2012 (Stock 4.3, Cyanogen 9)
    Huawei Honour (Cyanogen Mod based ROM)

    bcmon does NOT work on:
    Samsung Galaxy S3/4/5
    HTC One
    LG G2
    Nexus 4/5
    Nexus 7 (2013)

    Credits & used tools:

    Monitor-Mode over bcmon.apk:
    Omri Ildis, Ruby Feinstein & Yuval Ofir
    See: bcmon.blogspot.com

    Reaver-WPS:
    Tactical Network Solutions
    See: code.google.com/p/reaver-wps/

    Disclaimer

    Attention: Hacking of networks is illegal without having the permission of the owner! The developer is not responsible for any damage etc. this app could cause.
    This software is only intended to show a big security hole, not to be able to surf in the neighbours Wifi;)

    XDA:DevDB Information
    Reaver-GUI for Android, App for all devices (see above for details)

    Contributors
    SOEDI, bcmon team & Tactical Network Solutions

    Version Information
    Status: Stable
    Current Stable Version: 1.30
    Stable Release Date: 2014-07-01
    Beta Release Date: 2013-11-04

    Created 2013-09-24
    Last Updated 2014-09-27
    View
    17
    S
    SOEDI
    Second Post

    • If anyone has working Andorid drivers for external Wifi cards, please let me know,
    • If the layout looks strange on your phone, please send me a screenshot, so I can fix it
      I have only a tablet and HD phone (emulator works to slow), so can't test the layout properly.


    Usage of custom-scripts

    To make RfA less dependent from bcmon, which seems to be dicontinued, I introduced custom monitor-mode-activation scripts.

    Please note that those scripts only have sense for you, if you are already able to use monitor-mode on your device. Ether via special firmware for the internel wifi card or a kernel, which properly supports external wifi cards. Those scripts serve only as a "connector" between your wifi interface and RfA.
    In order to enable this function you need to open RfA settings, tap on "Monitor-Mode settings" and disable the "Use bcmon" checkbox.

    There are 3 different scripts you can specify:

    Activation script
    This script will be executed in it's own directory.
    It should enable monitor-mode and exit.
    Example:
    Code: 
    #!/bin/bash
svc wifi disable
LD_LIBRARY_PATH=/data/data/com.bcmon.bcmon/files/libs
LD_PRELOAD=/data/data/com.bcmon.bcmon/files/libs/libfake_driver.so sh
cd /data/data/com.bcmon.bcmon/files/tools
./enable_bcmon
echo "rfasuccess"
exit
    Click to expand...
    Click to collapse

    Warm-up script
    RfA will read in this script as textfile and execute the commands internally. This is needed to execute reaver in the same terminal session as the script.
    It should do all prepartions before Reaver is started. At least it has to cd into the directory where the reaver binary is.
    Example:
    Code: 
    #!/bin/bash
LD_LIBRARY_PATH=/data/data/com.bcmon.bcmon/files/libs
LD_PRELOAD=/data/data/com.bcmon.bcmon/files/libs/libfake_driver.so sh
cd /data/data/com.bcmon.bcmon/files/tools
    Click to expand...
    Click to collapse

    Stop script
    This script will be executed in it's own directory.
    It should disable monitor-mode and exit.
    Code: 
    #!/bin/bash
svc wifi enable
echo "rfasuccess"
    Click to expand...
    Click to collapse

    Additional Information
    • You have also to specify your wifi-interface.
    • The given examples are those scripts, which RfA uses by default when you enable the "Use bcmon" checkbox.
    • The activation and stop script have to echo "rfasuccess" in order to tell RfA that they were executed properly. With this method you can also implement a sort of error-checking, by returning "rfasuccess" only when everything went fine.
    Click to expand...
    Click to collapse
    View
    9
    S
    SOEDI
    New Version

    Hey folks,

    finally, I found some time and implemented script support.
    This makes RfA ready for bcmon independent usage. Now, if you have a working external wifi card and the right kernel, you will be able to write a short shell-script (details later) and RfA will be able to use it.

    Also, this will make RfA compatible with @n01ce PwnAir, at least after the script for it is ready ;)


    Regards,
    SOEDI


    P.S: Release will be in the next few days.
    View
    7
    S
    SOEDI
    @ruleh: it’s amazing how you stay calm and keep on answering even the most stupid questions!

    In the meantime I integrated the PixieDust attack. I had to rewrite some parts of RfA, pixiewps and reaver itself, but it looks pretty promising now. It was not easy to get the stuff compiled, so keep that in mind when you meet a "Segmentation fault" sometimes ;)
    Details (and release) will follow later...

    RfA 1.40 is coming soon, yeah :D
    View
    6
    S
    SOEDI
    osd_daedalus said:
    Theorically, all that needs is to crosscompile mdk3 (or bully, or a kernel module which supports monitor mode, or another program you want) for ARM architecture, and eventually doing some tweakings.

    In the reality, considering no one did other wifi tools for android, apart the old Reaver (excluding apps in google play mostly to find default passwords according to bssid and router model), I believe it's much difficult than thought.

    Let's remember also the aim of bcmon, reaver-wps and RfA is to return tools to use with internal wifi.
    I believe (but still to try), that if you use Linux Deploy to install Kali, a powered microusb-OTG and an external wifi dongle, you are able to run all of wifi-sec tools you want from your device.

    Just a personal consideration: I'm against the use of mdk3, because the "art" of reaver/bully is to find the correct settings not to trigger the WPS lockdown. I have tested on my TNCAP router and, according also to what I have read, unless you put up a series of wireless tools to intercept packets and monitor your router (wireshark, kismet, etc), you won't realize there is a WPS bruteforce attack in course.
    But start flooding periodically the AP with mdk3, freezing and resetting it in cycle, and I'll be the first to suspect an attack, intercept your packets and knock at your door with a handgun ;)

    P.S. being in topic, there are some reports of TNCAP routers being able to reboot with permanent lock WPS already on, after some floods with mdk3.
    Click to expand...
    Click to collapse

    Here's an android + bcmon compatible mdk3 binary + source. Tested and works on N7 2012 4.3, but some attack may not work (as fast) as they should.

    copy the mdk3 binary inside the zip to data/data/com.bcmon.bcmon/files/tools and don't forget to set the right permissions.


    Best Regards
    SOEDI
    View

New posts