-Added packets per second option to aireplay-ng
-Added support for new method through bcmon.apk
-Put back support for GB2.3.3+
-Now it works on android 4.x+
-Fixed some bugs
-Uploaded "Logcat" version to debug debian output
Hi to all,
I'd like to present you my app, an aircrack-ng gui for the android phones which support monitor mode, i.e. bcm4329 and bcm4330 based ones.
It relies on the work made by the guys here: http://bcmon.blogspot.com/
thread on xda: http://forum.xda-developers.com/show....php?t=1892535
*** Download ***
You can download the apk from the attachment in this post. If you plan to use the new method, you don't need the debian image, and use bcmon.apk to enable monitor mode (download here). For the old method, with compiled module, you need the debian image here:
*** Installation ***
This program needs a rooted phone, with superuser/supersu, and busybox installed.
-New method (with bcmon.apk)
1. Install bcmon.apk from here http://code.google.com/p/bcmon/downloads/list
2. Enable monitor mode through the app
3. Load aircrackgui app and use it (switch to new method if necessary through settings menu)
-Old method (with pre-compiled module):
1. Extract the content of sdcard.rar to your sd card root, it will be /sdcard/aircrackgui
2. Compile your patched module and copy together with firmware in "module" subfolder (/sdcard/aircrackgui/module)
Put ONLY one module/firmware.
Here is a guide on how to compile the kernel + module (you have to replace the module sources with those from bcmon).
-You can always switch to both methods through settings menu-
Currently these chipsets are supported:
Mobile phones: Nexus One, Evo 4G, Desire, Desire Z, Wildfire S
Files needed: fw_bcm4329.bcmon.bin, bcm4329.ko
**BCM4330** (No packet injection)
Mobile phones: Galaxy S II
Files needed: bcm4330_sta.bcmon.bin, dhd.ko
Original work, firmwares, and some bundles here:
3. Install AircrackGUI.apk
*** How to use ***
1. Start the application and click "Enable Monitor Mode" to load the patched drivers.
Once the controls are unlocked, scan for Networks (you can change the time to scan in seconds).
Select the desired Network, and start capturing on the second tab.
2. If you are attacking a WPA/WPA2 network, you can deauthenticate (broadcast/clients) to get the Handshake. Once you get it, you can stop capturing and start cracking, even though it's very slow on
phone, and would be better to do this from a pc. In the application folder is included a wordlist.txt
file that you can replace with your own.
The application picks the last captured file for cracking, so you can start cracking later, until you
don't capture again, however all the files are kept in "capture" subfolder.
3. If you are attacking a WEP network, you can start Fake Authentication on the first tab. You have to
start capturing first, because Fake Auth needs the channel to be fixed.
If the network uses Shared Key Authentication, you have to Deauth a client first to get the XOR file.
Once you get it (you can check the capture tab), restart Fake Auth, and it will use the file automatically.
Then you can start ARP Replaying on the third tab, to increase the IVS Capturing rate.
Finally you can crack the wep key using the same tab.