FORUMS
Remove All Ads from XDA

[GUIDE] Use aircrack-ng on android phone using Wireless USB Adapter

26 posts
Thanks Meter: 34
 
By argentux, Junior Member on 25th June 2013, 03:05 PM
Post Reply Email Thread
Hey everyone,

It is possible to use an external Wi-Fi adapter with an android phone to run aircrack-ng, however I've had a lot of difficulties doing so. Here is a tutorial to make it easier for you.

The theory

Running the aircrack-ng suite itself is not much of a problem, as android is pretty much like ubuntu. The most difficult part of running aircrack is that the wifi chipsets of most phones do not support "monitor mode". This mode is required to capture any information from the air, not just the ones for your computer, and is therefore necessary for aircrack (airmon-ng). First of all, you should Google if your phone's wifi chipset supports this mode. If it does, find out how. If it doesn't, you can follow this guide and use a usb wifi stick.

Android is linux, and uses a linux kernel. The easiest way to get the driver for our WiFi adapter to work is to rebuild the android kernel with the driver built-in. We can then flash the new kernel to the phone, and copy the firmware binary. This tutorial uses CyanogenMod, because it is a well documented, open-source ROM. With some adjustments you can use the same method on other ROMs. If you do not have experience building a linux kernel, it is best to stick to this guide and use CyanogenMod.

What you'll need:
- Android phone
- Computer with Ubuntu (or other linux distribution)
- USB OTG Adapter (micro usb to usb female)
- Wireless USB Adapter
- Time and patience

I am using my Samsung Galaxy S4 GT-i9505 and an Eminent EM4454 Wireless USB adapter using the rt73 driver, but I am sure this will work with other devices.

A. Install your ROM and aircrack-ng, on your phone...
1) ...install Cyanogenmod. Don't delete the .zip download after installation.
2) ...install "Complete Linux Installer" from Google Play and download and unpack Ubuntu in /sdcard/ubuntu/ubuntu.img as stated in the app.
3) ...install the aircrack-ng suite in the chrooted ubuntu. On ubuntu 12.04, this cannot be done using apt-get:
sudo apt-get install build-essential libssl-dev nano
wget http://download.aircrack-ng.org/aircrack-ng-1.1.tar.gz
tar -xzvf aircrack-ng-1.1.tar.gz
cd aircrack-ng-1.1
nano common.mak

Then find CFLAGS ?= -g -W -Wall -Werror -O3 and remove -Werror.
make
sudo make install


B. Rebuild the kernel, in a terminal on linux on your computer...
1) ...install adb and fastboot
sudo apt-get install adb fastboot
2) Enable USB-debugging on your phone, connect to your computer and test the connection on linux on your computer:
adb get-state
3) Find the GitHub page for the cyanogenmod kernel for your device. You can find this page on cyanogenmod.org. Now download the kernel source and extract it into a folder.
4) Change working directory into the kernel
cd pathtothekernel
5) See if there is a .config file. In a CyanogenMod kernel, there probably isn't. Type:
nano .config
If you see an empty screen, we need to get your devices current configuration:
adb pull /proc/config.gz config.gz
zcat config.gz > .config
rm config.gz

4) Make the necessary changes in the configuration file to have your USB wireless driver built in. To do so:
make menuconfig
Use the enter key to expand an item in the menu, and the space bar to mark a module. Make sure you mark the necessary modules with a *, not an 'M', so they will be built-in. Most wireless drivers have the mac80211 driver as a dependency. Make sure you select that one with an asterix (*), too.
For example, for my rt73 based adapter, I did:
Networking Support > Wireless >[*] ... (mac80211)
Device Drivers > Network > Wireless LAB >[*] Ralink Drivers >[*] rt73usb

5) Make some changes to fight errors:
Still in menuconfig, make the following changes:
Kernel Hacking > (1024) Block? size > 1032
Now to tell gcc to build ignoring warnings edit the Makefile
nano Makefile
Now go down a few pages and add the line:
KCONFIG_CFLAGS += -w
6) The normal gcc C compiler cannot be used as it will build for your computers processor. We need to build for ARM-processors, called cross-compiling. To make the cross-compiling work you need the arm-eabi- toolchain.
cd ~/Downloads
git clone https://android.googlesource.com/pla...m/arm-eabi-4.6

The will download the ~120Mb toolchain.
7) Tell the Makefile where the toolchain is
cd pathtothekernel
export PATH=$PATH:~/Downloads/arm-eabi-4.6/bin
export CROSS_COMPILE=arm-eabi-
export ARCH=arm

8) Then build the kernel. It you get errors, don't be scared and Google them. One cause of weird errors is not having enough memory; add a swapfile and try again. The building of the kernel will take quite some time:
make

C. Flash the new kernel to the phone
1) When the build is finished, it has saved "zImage". This image is our kernel. For the sake of simplicity, let's copy it to the desktop but rename it so that later commands won't override it:
cp arch/arm/boot/zImage ~/Desktop/new-zImage
2) For flashing, we need to pack this zImage into a boot.img. Get the boot.img out of the ROM you now run on your phone. For example, the CyangonMod.zip you had to flash to your phone to install it, contains a boot.img. Most flashable .zip files have a boot.img in them. Copy this boot.img to your desktop, too.
3) Extract the boot.img
sudo apt-get install abootimg
abootimg -x boot.img

this will place 3 new files on your desktop.
4) Delete the extracted zImage and boot.img, as we want our self-compiled kernel.
rm zImage
rm boot.img

5) Edit the configuration file and remove the line with kernel-size, as our new kernel's size will be slightly larger.
nano bootimg.cfg
Remove the line beginning with bootsize:, which is probably the first line
5) Use abootimg to repack new-zImage and the 2 extracted files.
abootimg --create boot.img -f bootimg.cfg -k new-zImage -r initrd.img
6) Backup your phone in case anything goes wrong, and flash the boot.img. For many phones, this can be done using fastboot on linux. On my Galaxy, I had to use Mobile Odin: http://forum.xda-developers.com/show....php?t=1347899

D. Copy the firmware and run, on your phone...
1) ... start the chrooted ubuntu
2) ... insert your USB OTG and in that the Wireless USB Adapter
3) ... run airmon-ng and make sure your device is listed.
airmon-ng
If not, check that your kernel is flashed (under Settings > About Device > kernel it should say yourname@computername) and that the correct drivers were selected with an asterix * (built-in, y) in make menuconfig. If it is listed, continue.
4) We now have the correct driver, but the firmware is likely missing. Download the .bin firmware that belongs to your driver. In my case, I had to download the rt73 driver from aircrack-ng website, and copy the .bin firmware file. Install ES File Manager or another root explorer, choose Root Explorer and then mount /system as Read/Write so that you can edit the contents. Now copy the firmware file to /system/etc/firmware/.
5) Run airmon-ng and check which interface your Wireless USB Adapter is.
airmon-ng
6) Start the monitor mode
airmon-ng start wlan1
Replace wlan1 with the interface name of the Wireless USB Adapter
7) If everything went right, it should say that monitor mode is enabled. You can now use
airodump-ng mon0
replacing mon0 with the monitor interface. If you get the error SIOCFLAGS: No such file or directory, the firmware file (e.g. *.bin) is not placed in the right directory (/system/etc/firmware and maybe a path extension, check the firmware README) or has the wrong name.

Congratulations, you have now got a phone running aircrack-ng!

I got this to work on my stock Samsung TouchWiz ROM by making a few adjustments:
- Get the kernel from Samsung: http://opensource.samsung.com/
- Change the lines in the .config file of the kernel below ## Samsung Rooting ... from =y to =n using nano
- To get boot.img, download the ...tar.md5 firmware matching your current firmware from http://www.sammobile.com/firmware/, rename .tar.md5 to .tar, and extract the boot.img. You cannot use mkbootimg here, only abootimg, as this boot.img has a special ramdisk address!
Attached Thumbnails
Click image for larger version

Name:	image.jpg
Views:	12381
Size:	201.7 KB
ID:	2068619  
The Following 17 Users Say Thank You to argentux For This Useful Post: [ View ] Gift argentux Ad-Free
 
 
2nd July 2013, 04:17 PM |#2  
Junior Member
Flag wellington
Thanks Meter: 1
 
More
Thank you helped heaps. had been compiling as modules and couldnt insmod.
s4 i9505 stock rom - aircrack - tp-link tl-wn722n
12th October 2013, 03:38 PM |#3  
GruberEXN's Avatar
Junior Member
Thanks Meter: 19
 
More
Jesus, that was awesome. Couldn't find a better tutorial on the net!

Thanks again.

Btw, could you please upload the Galaxy S4 Cyanogen rom with the kernel?

I would appreciate alot.
17th October 2013, 02:43 PM |#4  
Junior Member
Thanks Meter: 0
 
More
Hey i have Htc desire C! I did the instal "bcmon.apk" but when I run the program turns out this message "cant run as root,'su' failed... why ??? please help me !
24th October 2013, 04:00 AM |#5  
Junior Member
Thanks Meter: 1
 
More
Quote:
Originally Posted by argentux

Hey everyone,

It is possible to use an external Wi-Fi adapter with an android phone to run aircrack-ng, however I've had a lot of difficulties doing so. Here is a tutorial to make it easier for you.

The theory

Running the aircrack-ng suite itself is not much of a problem, as android is pretty much like ubuntu. The most difficult part of running aircrack is that the wifi chipsets of most phones do not support "monitor mode". This mode is required to capture any information from the air, not just the ones for your computer, and is therefore necessary for aircrack (airmon-ng). First of all, you should Google if your phone's wifi chipset supports this mode. If it does, find out how. If it doesn't, you can follow this guide and use a usb wifi stick.

Android is linux, and uses a linux kernel. The easiest way to get the driver for our WiFi adapter to work is to rebuild the android kernel with the driver built-in. We can then flash the new kernel to the phone, and copy the firmware binary. This tutorial uses CyanogenMod, because it is a well documented, open-source ROM. With some adjustments you can use the same method on other ROMs. If you do not have experience building a linux kernel, it is best to stick to this guide and use CyanogenMod.

What you'll need:
- Android phone
- Computer with Ubuntu (or other linux distribution)
- USB OTG Adapter (micro usb to usb female)
- Wireless USB Adapter
- Time and patience

I am using my Samsung Galaxy S4 GT-i9505 and an Eminent EM4454 Wireless USB adapter using the rt73 driver, but I am sure this will work with other devices.

A. Install your ROM and aircrack-ng, on your phone...
1) ...install Cyanogenmod. Don't delete the .zip download after installation.
2) ...install "Complete Linux Installer" from Google Play and download and unpack Ubuntu in /sdcard/ubuntu/ubuntu.img as stated in the app.
3) ...install the aircrack-ng suite in the chrooted ubuntu. On ubuntu 12.04, this cannot be done using apt-get:
sudo apt-get install build-essential libssl-dev nano
wget http://download.aircrack-ng.org/aircrack-ng-1.1.tar.gz
tar -xzvf aircrack-ng-1.1.tar.gz
cd aircrack-ng-1.1
nano common.mak

Then find CFLAGS ?= -g -W -Wall -Werror -O3 and remove -Werror.
make
sudo make install


B. Rebuild the kernel, in a terminal on linux on your computer...
1) ...install adb and fastboot
sudo apt-get install adb fastboot
2) Enable USB-debugging on your phone, connect to your computer and test the connection on linux on your computer:
adb get-state
3) Find the GitHub page for the cyanogenmod kernel for your device. You can find this page on cyanogenmod.org. Now download the kernel source and extract it into a folder.
4) Change working directory into the kernel
cd pathtothekernel
5) See if there is a .config file. In a CyanogenMod kernel, there probably isn't. Type:
nano .config
If you see an empty screen, we need to get your devices current configuration:
adb pull /proc/config.gz config.gz
zcat config.gz > .config
rm config.gz

4) Make the necessary changes in the configuration file to have your USB wireless driver built in. To do so:
make menuconfig
Use the enter key to expand an item in the menu, and the space bar to mark a module. Make sure you mark the necessary modules with a *, not an 'M', so they will be built-in. Most wireless drivers have the mac80211 driver as a dependency. Make sure you select that one with an asterix (*), too.
For example, for my rt73 based adapter, I did:
Networking Support > Wireless >[*] ... (mac80211)
Device Drivers > Network > Wireless LAB >[*] Ralink Drivers >[*] rt73usb

5) Make some changes to fight errors:
Still in menuconfig, make the following changes:
Kernel Hacking > (1024) Block? size > 1032
Now to tell gcc to build ignoring warnings edit the Makefile
nano Makefile
Now go down a few pages and add the line:
KCONFIG_CFLAGS += -w
6) The normal gcc C compiler cannot be used as it will build for your computers processor. We need to build for ARM-processors, called cross-compiling. To make the cross-compiling work you need the arm-eabi- toolchain.
cd ~/Downloads
git clone https://android.googlesource.com/pla...m/arm-eabi-4.6

The will download the ~120Mb toolchain.
7) Tell the Makefile where the toolchain is
cd pathtothekernel
export PATH=$PATH:~/Downloads/arm-eabi-4.6/bin
export CROSS_COMPILE=arm-eabi-
export ARCH=arm

8) Then build the kernel. It you get errors, don't be scared and Google them. One cause of weird errors is not having enough memory; add a swapfile and try again. The building of the kernel will take quite some time:
make

C. Flash the new kernel to the phone
1) When the build is finished, it has saved "zImage". This image is our kernel. For the sake of simplicity, let's copy it to the desktop but rename it so that later commands won't override it:
cp arch/arm/boot/zImage ~/Desktop/new-zImage
2) For flashing, we need to pack this zImage into a boot.img. Get the boot.img out of the ROM you now run on your phone. For example, the CyangonMod.zip you had to flash to your phone to install it, contains a boot.img. Most flashable .zip files have a boot.img in them. Copy this boot.img to your desktop, too.
3) Extract the boot.img
sudo apt-get install abootimg
abootimg -x boot.img

this will place 3 new files on your desktop.
4) Delete the extracted zImage and boot.img, as we want our self-compiled kernel.
rm zImage
rm boot.img

5) Edit the configuration file and remove the line with kernel-size, as our new kernel's size will be slightly larger.
nano bootimg.cfg
Remove the line beginning with bootsize:, which is probably the first line
5) Use abootimg to repack new-zImage and the 2 extracted files.
abootimg --create boot.img -f bootimg.cfg -k new-zImage -r initrd.img
6) Backup your phone in case anything goes wrong, and flash the boot.img. For many phones, this can be done using fastboot on linux. On my Galaxy, I had to use Mobile Odin: http://forum.xda-developers.com/show....php?t=1347899

D. Copy the firmware and run, on your phone...
1) ... start the chrooted ubuntu
2) ... insert your USB OTG and in that the Wireless USB Adapter
3) ... run airmon-ng and make sure your device is listed.
airmon-ng
If not, check that your kernel is flashed (under Settings > About Device > kernel it should say yourname@computername) and that the correct drivers were selected with an asterix * (built-in, y) in make menuconfig. If it is listed, continue.
4) We now have the correct driver, but the firmware is likely missing. Download the .bin firmware that belongs to your driver. In my case, I had to download the rt73 driver from aircrack-ng website, and copy the .bin firmware file. Install ES File Manager or another root explorer, choose Root Explorer and then mount /system as Read/Write so that you can edit the contents. Now copy the firmware file to /system/etc/firmware/.
5) Run airmon-ng and check which interface your Wireless USB Adapter is.
airmon-ng
6) Start the monitor mode
airmon-ng start wlan1
Replace wlan1 with the interface name of the Wireless USB Adapter
7) If everything went right, it should say that monitor mode is enabled. You can now use
airodump-ng mon0
replacing mon0 with the monitor interface. If you get the error SIOCFLAGS: No such file or directory, the firmware file (e.g. *.bin) is not placed in the right directory (/system/etc/firmware and maybe a path extension, check the firmware README) or has the wrong name.

Congratulations, you have now got a phone running aircrack-ng!

I got this to work on my stock Samsung TouchWiz ROM by making a few adjustments:
- Get the kernel from Samsung: http://opensource.samsung.com/
- Change the lines in the .config file of the kernel below ## Samsung Rooting ... from =y to =n using nano
- To get boot.img, download the ...tar.md5 firmware matching your current firmware from http://www.sammobile.com/firmware/, rename .tar.md5 to .tar, and extract the boot.img. You cannot use mkbootimg here, only abootimg, as this boot.img has a special ramdisk address!

Thats insane that it can actually run aircrack, especially considering i had a hard time just running linux on it.
26th October 2013, 03:00 PM |#6  
GruberEXN's Avatar
Junior Member
Thanks Meter: 19
 
More
Quote:
Originally Posted by yoshihat

Thats insane that it can actually run aircrack, especially considering i had a hard time just running linux on it.

How is that so? For me it wasn't complicated at all.
31st October 2013, 03:21 AM |#7  
androidiphonehacker's Avatar
Member
Flag Calhoun
Thanks Meter: 2
 
More
I did everything and got everything ready, up to
Code:
make menuconfig
And it gives me error 2. And then it says something about there not being a variable.
:/
Please help?
2nd November 2013, 10:28 PM |#8  
GruberEXN's Avatar
Junior Member
Thanks Meter: 19
 
More
I am actually having a time trying to make it work. I did everything right, then I sucessfully build the boot.img, but when I flash it through Mobile Odin as "Kernel" and the Cyanogenmod loads, the screen is all screwed up, like the SystemUI has crashed + interference signal effect, its unusable. Then I restore it through TWRP back to normal.

Do you know what may be the problem? Im using the 10.1.3 JFLTEXX CyanogenMod Build. (For the i9505.)

Edit: Nevermind, was compiling the M build against the Stable one. Obvious error. It works 100% now, thanks!
6th November 2013, 09:48 PM |#9  
androidiphonehacker's Avatar
Member
Flag Calhoun
Thanks Meter: 2
 
More
Quote:
Originally Posted by GruberEXN

I am actually having a time trying to make it work. I did everything right, then I sucessfully build the boot.img, but when I flash it through Mobile Odin as "Kernel" and the Cyanogenmod loads, the screen is all screwed up, like the SystemUI has crashed + interference signal effect, its unusable. Then I restore it through TWRP back to normal.

Do you know what may be the problem? Im using the 10.1.3 JFLTEXX CyanogenMod Build. (For the i9505.)

Edit: Nevermind, was compiling the M build against the Stable one. Obvious error. It works 100% now, thanks!

Could you please send the edited working kernel with the modules/drivers built in that you installed? (Please, like a link or something?)
6th November 2013, 10:03 PM |#10  
GruberEXN's Avatar
Junior Member
Thanks Meter: 19
 
More
Quote:
Originally Posted by androidiphonehacker

Could you please send the edited working kernel with the modules/drivers built in that you installed? (Please, like a link or something?)

Ok! I built the RTL8187/8187b driver, do you have that one? (Alfa wireless chipsets often use those ones.)

Edited for unknown reasons!
6th November 2013, 10:13 PM |#11  
androidiphonehacker's Avatar
Member
Flag Calhoun
Thanks Meter: 2
 
More
I have a TP-Link TL-wn722n USB wireless adapter. I'm kind of a noob at kernel building, and I'm not sure what driver/module it uses. Soooo... Could you build it for me please please pleaaaase? xD

I have (that USB adapter), and the newest CyanogenMod ROM for model SGS-i9505.

Tell you what: I'll pay you if you build it.

Sent from my GT-I9505 using Tapatalk
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes