[APP][2.2+][ROOT][WiFi] Reaver-GUI for Android

Search This thread
By:
Advanced…
S

smudge100

Member
Feb 14, 2014
22
0
Hi, I get the following problems.
Hi,

When i launch RfA and goto settings/monitor mode. i can't browse to the activation (start.sh) script.

When i select browse i get;

Error occurred
An error has occurred in sub:
java.lang.RuntimeException: Path "does not exist
Continue ?

If i manually enter the path

/data/data/com.bcmon.bcmon/start.sh

when i Start attack i get;

Stdout:

Std Err:
sh:./data/data.com.bcmon.bcmon/start.sh: No such file or directory

but it is there and contains;

#!/bin/bash
svc wifi disable
LD_LIBRARY_PATH=/data/data/com.bcmon.bcmon/files/libs
LD_PRELOAD=/data/data/com.bcmon.bcmon/files/libs/libfake_driver.so sh
cd /data/data/com.bcmon.bcmon/files/tools
./enable_bcmon
echo "rfasuccess"
exit

??? any ideas please ???

Using pixel on Oreo 8.1
 
S

smudge100

Member
Feb 14, 2014
22
0
gamblodar said:
The path you entered is different from the error path. Triple check everything
Click to expand...
Click to collapse

?? which path i entered ? /data/data/com.bcmon.bcmon/start.sh i have a copy in /data/data/com.bcmon.bcmon/files/start.sh and /data/data/com.bcmon.bcmon/files/tools/start.sh

and have tried them too.

the first problem is RfA wont even let me browse ??? the error i get when simply selecting the browse option ?
Error occurred
An error has occurred in sub:
java.lang.RuntimeException: Path "does not exist
Continue ?
 
Last edited:
S

smudge100

Member
Feb 14, 2014
22
0
antukubo said:
Just enter the path manually by typing OR if you have root file explorer ( eg ES File Explorer), copy the full path and paste at reaver
Click to expand...
Click to collapse


Yep i put the full path in manually eg /data/data/com.bcmon.bcmon/files/tools/start.sh

but when i select "start attack" i get ;

Debug: actibation script

Stdout:

StdErr:

Control the Wi-Fi manager

usage:svc wifi [enable/disable]
Turn Wi-Fi on or off.

./data/data/com.bcmon.bcmon/files/tools/start.sh[4]:sh:not found
./data/data/com.bcmon.bcmon/files/tools/start.sh[5]:cd: /data/data/com.bcmon.bcmon/files/tools :No such file or directory
./data/data/com.bcmon.bcmon/files/tools/start.sh[6]:./enable_bcmon: not found ./data/data/com.bcmon.bcmon/files/tools/start.sh[8]:exit:not found

start.sh file;

#!/bin/bash
svc wifi disable
LD_LIBRARY_PATH=/data/data/com.bcmon.bcmon/files/libs
LD_PRELOAD=/data/data/com.bcmon.bcmon/files/libs/libfake_driver.so sh
cd /data/data/com.bcmon.bcmon/files/tools
./enable_bcmon
echo “rfasuccess”
exit

I edited this removing sh from line 4; i now get

Debug: actibation script

Stdout:

rfasuccess

StdErr:

Control the Wi-Fi manager

usage:svc wifi [enable/disable]
Turn Wi-Fi on or off.

./data/data/com.bcmo.bcmon/files/tools/start.sh[7]:./enable_bcmon: not found

????
 
S

smudge100

Member
Feb 14, 2014
22
0
antukubo said:
Don't put sh files on /data partition unless you give the right permission. Just put at sdcard (eg
/sdcard/start.sh)
Click to expand...
Click to collapse
ok - so i move start.sh stop.sh and warm.sh to /sdcard/
(do i remove the sh from the "LD_PRELOAD=/data/data.com.bcmon.bcmon/files/libs/libfake_driver.so sh" line 4 ? - i tried both ways anyway)
I now get;
./sdcard/start.sh[6]:./enable.bcmon:not found

what permissions should i give ?? which files ?

thankyou.
 
antukubo

antukubo

Senior Member
Feb 9, 2011
257
73
Johor Bahru
smudge100 said:
do i remove the sh from the "LD_PRELOAD=/data/data.com.bcmon.bcmon/files/libs/libfake_driver.so sh" line 4 ?
Click to expand...
Click to collapse

Do not remove any line. That original script is good to go. Just replace back the original sh to /sdcard.

There are 4 files under /data/data/com.bcmon.bcmon/files/tools/ that need the right permission.

1. bcmon_wrapper.sh
2. enable_bcmon
3. reaver
4. reaver.db

Make sure those 4 file permission is rwxrwxrwx.

BTW, not many phones today can fire up monitor mode unless with mod kernel. The second problem is PIE restriction which means you have to dissamble linker file to bypass PIE.
 
S

smudge100

Member
Feb 14, 2014
22
0
antukubo said:
Do not remove any line. That original script is good to go. Just replace back the original sh to /sdcard.

There are 4 files under /data/data/com.bcmon.bcmon/files/tools/ that need the right permission.

1. bcmon_wrapper.sh
2. enable_bcmon
3. reaver
4. reaver.db

Make sure those 4 file permission is rwxrwxrwx.

BTW, not many phones today can fire up monitor mode unless with mod kernel. The second problem is PIE restriction which means you have to dissamble linker file to bypass PIE.
Click to expand...
Click to collapse

ok thanks - made sure

1. bcmon_wrapper.sh
2. enable_bcmon
3. reaver
4. reaver.db

are permission is rwxrwxrwx.(reaver.db was rw-rw-rw-.

chaged /sdcard/start.sh back to original.

now get;

Debug: activation script

Stdout:

rfasuccess

StdErr:

Control the Wi-Fi manager

usage:svc wifi [enable/disable]
Turn Wi-Fi on or off.

./sdcard/start.sh[4]:sh:not found (end of
./sdcard/start.sh[5]:cd: /data/data/com.bcmon.bcmon/files/tools :No such file or directory
./sdcard/start.sh[6]:./enable_bcmon: not found
./sdcard/start.sh[8]:exit:not found

So not finding sh (LD_PRELOAD=/data/data/com.bcmon.bcmon/files/libs/libfake_driver.so sh) or changing the directory to /data/data/bcmon.bcom/files/tools to run enable_bcmon

as for the kernel, my phone is just a standard Pixel 1 (rooted), as for PIE , any links to help here or should i leave it??

still, i should still see the files ?? or not ?

---------- Post added at 06:27 AM ---------- Previous post was at 06:12 AM ----------

ok thanks - made sure

1. bcmon_wrapper.sh
2. enable_bcmon
3. reaver
4. reaver.db

are permission is rwxrwxrwx.(reaver.db was rw-rw-rw-.

chaged /sdcard/start.sh back to original.

now get;

Debug: actibation script

Stdout:

rfasuccess

StdErr:

Control the Wi-Fi manager

usage:svc wifi [enable/disable]
Turn Wi-Fi on or off.

./sdcard/start.sh[4]:sh:not found
./sdcard/start.sh[5]:cd: /data/data/com.bcmon.bcmon/files/tools :No such file or directory
./sdcard/start.sh[6]:./enable_bcmon: not found
./sdcard/start.sh[8]:exit:not found

so sh not being found (LD_PRELOAD=/data/data.com.bcmon.bcmon/files/libs/libfake_driver.so sh)
and directory not being changed to run enable_bcmon
also no running exit ???

Not sure what PIE is all about ??? any decent links etc ??
as for kernal - im just running a pixel1 - rooted.
 
antukubo

antukubo

Senior Member
Feb 9, 2011
257
73
Johor Bahru
@smudge100

Let's drill a few things.
1. Do u have busybox? Updated perhaps?
2. Do Reaver and bcmon apps have storage permission?
3. Have reaver and bcmon granted su permission?
4. Reboot your phone and try again?

PIE restriction is far more complex. U can google it for more info.

Pixel 1 - rooted - stock kernel. Not much can i say because i do not own that. But AFAIK, most of the phone required mod kernel. Some required custom rom (eg lineageOS). And some required additional kernel mod for external wifi module via otg.

For example, I have Acer Iconia A200 tablet. Very old tablet that still using stock Ice Cream Sandwich rom. BUT, that old tablet can easily run monitor mode with internal wifi module (no need wifi dongle). I have 2 custom kernel, only 1 working. That's mean not every custom kernel can fire up mon mode.
 
S

smudge100

Member
Feb 14, 2014
22
0
Hi - i'll run through them...

Let's drill a few things.
1. Do u have busybox? Updated perhaps?
No - do i need this ? - i rooted using magisk
2. Do Reaver and bcmon apps have storage permission?
bcmon has rwxrwx---
Owner - rwx - Group - rwx - Others - (not set - does it need rwx ?)
Set UID (not set) Set GID (not set) Sticky (not set)

under /data/data/com.bcmon.bcmon/files/tools/

1. bcmon_wrapper.sh - rwxrwxrwx
2. enable_bcmon - rwxrwxrwx
3. reaver - rwxrwxrwx
4. reaver.db - rwxrwxrwx
(to all above) Set UID (not set) Set GID (not set) Sticky (not set) - to be honest i don't even know what this is ?

3. Have reaver and bcmon granted su permission?
YES
4. Reboot your phone and try again?
DONE
PIE restriction is far more complex. U can google it for more info.
will look into = any good pointer article appreciated - searching get me a lot of cooking recipes!

Pixel 1 - rooted - stock kernel. Not much can i say because i do not own that. But AFAIK, most of the phone required mod kernel. Some required custom rom (eg lineageOS). And some required additional kernel mod for external wifi module via otg.

ok, i havn't mod the kernal, out of interest - what if i use an external wifi adaptor ?? surely this can't resove the issue with RfA not finding the files directors ??

For example, I have Acer Iconia A200 tablet. Very old tablet that still using stock Ice Cream Sandwich rom. BUT, that old tablet can easily run monitor mode with internal wifi module (no need wifi dongle). I have 2 custom kernel, only 1 working. That's mean not every custom kernel can fire up mon mode.[/QUOTE]

Thanks for your help !
 
Last edited:
antukubo

antukubo

Senior Member
Feb 9, 2011
257
73
Johor Bahru
No - do i need this ? - i rooted using magisk
Click to expand...
Click to collapse

You need busybox to run shell command. Those sh files are using shell script


bcmon has rwxrwx---...
Click to expand...
Click to collapse

What i meant was apps storage permission. Go to setting - app - reaver/bcmon - storage permission on

searching get me a lot of cooking recipes!
Click to expand...
Click to collapse

Do not google "PIE" but "bypass android PIE". LOL!

what if i use an external wifi adaptor ?? surely this can't resove the issue with RfA not finding the files directors ??
Click to expand...
Click to collapse

External wifi adaptor also require custom kernel. BUT it does not related with rfa finding directory problem. I suspect busybox is the issue. Install it, reboot and try.
 
S

smudge100

Member
Feb 14, 2014
22
0
Ok - bcmon and reaver have storage permission.

I installed busybox (using BusyBox Stephen(Stericson) App), and restarted phone. I had to install in /system/bin rather than /system/xbin - as it asked me to try a different location - is that ok ? left all other settings as default. (it says BusyBox v1.27.2-Stericson is installed).
now when i run RfA and choose the WPS AP
and "start attack" the phone kind of locks for a while - then

Debug: activation script
Stdout:
rfasuccess

StdErr:
Control the Wi-Fi manager
usage: svc wifi [enabledisable]
Turn Wi-Fi on or off.

./sdcard/start.sh[4]: sh : not found
./sdcard/start.sh[5]: cd : /data/data/com.bcmon.bcmon/files/tools : No such file or directory
./sdcard/start.sh[6]:./enable_bcmon :not found
./sdcard/start.sh[8] exit: not found

The first problem line [4] : sh not found ? what could be causing this ?

James (looking into PIE thing now...)

antukubo said:
You need busybox to run shell command. Those sh files are using shell script




What i meant was apps storage permission. Go to setting - app - reaver/bcmon - storage permission on



Do not google "PIE" but "bypass android PIE". LOL!



External wifi adaptor also require custom kernel. BUT it does not related with rfa finding directory problem. I suspect busybox is the issue. Install it, reboot and try.
Click to expand...
Click to collapse
 
S

smudge100

Member
Feb 14, 2014
22
0
antukubo said:
Possibility

1. Your files are not in the right directory. Open terminal emulator and type

su
ls /data/data/com.bcmon.bcmon/files
ls /data/data/com.bcmon.bcmon/files/tools

2. Copy your start.sh here. I need check. Do you mod the script?
Click to expand...
Click to collapse

originally had the start.sh stop.sh and warm.sh in /data/data/com.bcmon.bcmon/files/tools but was told to move them out of the data partition. Anyway i had the same problem there;
./sdcard/start.sh[4]: sh : not found
before was /data/data/bcmon.bcmon/files/tools/start.sh[4]: sh : not found
so it is not recognising "sh" on line 4 of script start.sh (not modified)
line 4 of start.sh is
LD_PRELOAD=/data/data/com.bcmon.bcmon/files/libs/libfake_driver.so sh

??
 
antukubo

antukubo

Senior Member
Feb 9, 2011
257
73
Johor Bahru
smudge100 said:
./sdcard/start.sh[5]: cd : /data/data/com.bcmon.bcmon/files/tools : No such file or directory
./sdcard/start.sh[6]:./enable_bcmon :not found
Click to expand...
Click to collapse

Those errors shows your files are not at the right place. That is why i asked u to run terminal emulator and ls bcmon directory. Files like reaver, reaver_db, enable_bcmon, etc must be at /data/data/com.bcmon.bcmon/files/tools/ directory.


./sdcard/start.sh[8] exit: not found
Click to expand...
Click to collapse

This error i believe is because of busybox. Since u installed at xbin, go to Magisk Manager and select 'bind mount busybox to xbin'
 
S

smudge100

Member
Feb 14, 2014
22
0
Hi,
busybox is installed in /system/bin (it would not allow /system/xbin)
my shart.sh (held in /sdcard/start.sh and /data/data/com.bcmon.bcmon/files/tools/start.sh) is as follows;

#!/bin/bash
svc wifi disable
LD_LIBRARY_PATH=/data/data/com.bcmon.bcmon/files/libs
LD_PRELOAD=/data/data/com.bcmon.bcmon/files/libs/libfake_driver.so sh
cd /data/data/com.bcmon.bcmon/files/tools
./enable_bcmon
echo “rfasuccess”
exit


(terminal em)
su
ls /data/data/com.bcmon.bcmon/files
bcm4330_sta.bcmon.bin jtr stop.sh
fw_bcm4329.bcmon.bin libs tools
fw_bcmdhd.bcmom.bin start.bak warm.sh

ls /data/data/com.bcmon.bcmon/files/tools
aircrack-ng enable_bcmon start.bak
airdecloak-ng iwmulticall start.sh
aireplay-ng john stop.sh
airodump-ng kstats tcpdump
bcmon_wrapper.sh ping_bcmon tkiptun-ng
besside-ng reaver warm.sh
dict.txt reaver.db wash
sailfish:/data/data/com.termux/files/home #

Thanks....
 
Last edited:
antukubo

antukubo

Senior Member
Feb 9, 2011
257
73
Johor Bahru
Hmm strange. Everything seems ok. Let's try a few things. Fire up terminal emulator and type one by one

su
svc wifi disable
LD_LIBRARY_PATH=/data/data/com.bcmon.bcmon/files/libs
LD_PRELOAD=/data/data/com.bcmon.bcmon/files/libs/libfake_driver.so sh
cd /data/data/com.bcmon.bcmon/files/tools
./enable_bcmon
exit

The other thing u can do is uninstall reaver n bcmon. Delete com.bcmon.bcmon folder. Reboot device. Install again plus extracting bcmon.apk procedure
 
S

smudge100

Member
Feb 14, 2014
22
0
antukubo said:
Hmm strange. Everything seems ok. Let's try a few things. Fire up terminal emulator and type one by one

su
svc wifi disable
LD_LIBRARY_PATH=/data/data/com.bcmon.bcmon/files/libs
LD_PRELOAD=/data/data/com.bcmon.bcmon/files/libs/libfake_driver.so sh
cd /data/data/com.bcmon.bcmon/files/tools
./enable_bcmon
exit

The other thing u can do is uninstall reaver n bcmon. Delete com.bcmon.bcmon folder. Reboot device. Install again plus extracting bcmon.apk procedure
Click to expand...
Click to collapse

Hi, maybe some progress ..
su
sailfish:/data/data/com.termux/files/home #
svc wifi disable
svc wifi disable
sailfish:/data/data/com.termux/files/home #
LD_LIBRARY_PATH=/data/data/com.bcmon.bcmon/files/libs
H=/data/data.com.bcmon.bcmon/files/libs #
sailfish:/data/data/com.termux/files/home #
LD_PRELOAD=/data/data/com.bcmon.bcmon/files/libs/libfake_driver.so sh
mon.bcmon/files/libs/libfake_driver.so sh <
CANNOT LINK EXECUTABLE "sh": "/data/data.com.bcmon.bcmon/files/libs/libfake_driver so"
is 32 -bit instead of 64-bit
Aborted
134!sailfish:/data/data/com.termux/files/home #
cd /data/data/com.bcmon.bcmon/files/tools
sailfish:/data/data/com.bcmom.bcmon/files/tools #
./enable_bcmon

"./enable_bcmon": error: Android 5.0 and later only support position-independent executables (-fPIE).
sailfish:/data/data/com.bcmom.bcmon/files/tools #
exit
exit

so 2 issues i guess the 32/64 thing and the PIE thing...
i'm running Android 8.1 Oreo
Im going to factory reset my phone and re-install everything anyway, so which order do you reccomed ?

magisk
twrp
busybox
bcmon
reaver
??
thanks...
 
You must log in or register to reply here.

Similar threads

C
  • Locked
[APP]SuperOneClick v2.3.3 - Motorola Exploit Added!
Replies
7K
Views
16M
vanessaem
vanessaem
HootanParsa
[APP][2.2+] MiXplorer v6.x Released (fully-featured file manager)
Replies
42K
Views
7M
IronTechmonkey
IronTechmonkey
K
[ROOT ANDROID][2.x-6.0] KINGROOT: The One-Click Root Tool for Almost All Devices
Replies
8K
Views
6M
Andrey247
Andrey247
Chainfire
[App] [26.04.2011][v1.2] GingerBreak APK (root for GingerBread)
Replies
2K
Views
5M
missingy1997
missingy1997
PerfectSlayer
[APP][ROOT/NONROOT][OFFICIAL] AdAway v6.1.0
Replies
17K
Views
6M
stephtban
stephtban

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 181
    S
    SOEDI
    8pxfqkb9.png

    Reaver for Android v1.30
    Reaver-WPS GUI for rooted devices with bcm4329/4330 wifi chipset or working external wifi card.
    4t3b7gia.png


    INFO:
    Reaver for Android, short RfA, is a simple-to-use Reaver-GUI for Android devices with monitor-mode support.
    It has some very cool features:

    • Detects automatically WPS-enabled routers.
    • All Reaver-Settings are accessible from a simple-to-use GUI.
    • Activates and deactivates Monitor-Mode automatically when needed.
    • Provides a simple way to connect when Reaver finds the WPA-Key.
    • External script support

    Project status: PRE-FINAL
    What does this mean?
    There are some features which are not implemented yet.
    Developement will continue very soon.​


    Installation

    1. Download/install bcmon.apk from HERE and RfA.apk from the bottom of this post. RfA may also download bcmon automatically.
    2. Run bcmon, if it crashes try a second time.
    3. If all runs fine, start RfA. If not, your device may be not bcmon compatible. Please see second post.
    4. After selecting an WPS-enabled router, click on "Test Monitor-Mode".
    5. Now you can use RfA:), don't uninstall bcmon.
    Steps 1 - 4 are only for the installation, they don't have to be repeated once done.


    FAQ:

    What is this awesome app actually usefull for?
    Well, RfA is able to unveil the actual WPA(2)-Key of many routers within 2 - 10 hours.

    WHAT?! I though WPA(2) is safe?
    It used to be, but then many router models got WiFi Protected Setup, short WPS, implemeted, which is pretty vulnerable. (Details)
    Basically it's a Brute-Force attack with Reaver against a 8 digit pin with 10^4 + 10^3 possibilities.

    What is Reaver?
    Reaver-WPS is a pentesting tool developed by Tactical Network Solutions.
    It attacks WPS-enabled routers and after the WPS-Pin is cracked, it retrieves the actual WPA-key.
    Reaver provides only a terminal interface, which is ok for notebooks etc., however it's a pain on Android devices.
    Because of this I developed RfA.

    Doesn't Reaver requires monitor-mode and so can't work on Android?
    Yes, Reaver needs monitor-mode, but thanks to bcmon (or external wifi cards) some Android devices are now monitor-mode capable.​


    bcmon compatibility
    Developed and tested on: Nexus 7 2012 (Stock 4.3)
    RfA *should* work on all devices with bcmon support (Broadcom bcm4329/bcm4330 chipsets)
    Simply try by installing bcmon. Don't worry, if something goes wrong a simple reboot should fix everything.
    For external wifi cards please see second post.

    Tested & works on:
    Nexus 7 2012 (Stock 4.3, Cyanogen 9)
    Huawei Honour (Cyanogen Mod based ROM)

    bcmon does NOT work on:
    Samsung Galaxy S3/4/5
    HTC One
    LG G2
    Nexus 4/5
    Nexus 7 (2013)

    Credits & used tools:

    Monitor-Mode over bcmon.apk:
    Omri Ildis, Ruby Feinstein & Yuval Ofir
    See: bcmon.blogspot.com

    Reaver-WPS:
    Tactical Network Solutions
    See: code.google.com/p/reaver-wps/

    Disclaimer

    Attention: Hacking of networks is illegal without having the permission of the owner! The developer is not responsible for any damage etc. this app could cause.
    This software is only intended to show a big security hole, not to be able to surf in the neighbours Wifi;)

    XDA:DevDB Information
    Reaver-GUI for Android, App for all devices (see above for details)

    Contributors
    SOEDI, bcmon team & Tactical Network Solutions

    Version Information
    Status: Stable
    Current Stable Version: 1.30
    Stable Release Date: 2014-07-01
    Beta Release Date: 2013-11-04

    Created 2013-09-24
    Last Updated 2014-09-27
    View
    17
    S
    SOEDI
    Second Post

    • If anyone has working Andorid drivers for external Wifi cards, please let me know,
    • If the layout looks strange on your phone, please send me a screenshot, so I can fix it
      I have only a tablet and HD phone (emulator works to slow), so can't test the layout properly.


    Usage of custom-scripts

    To make RfA less dependent from bcmon, which seems to be dicontinued, I introduced custom monitor-mode-activation scripts.

    Please note that those scripts only have sense for you, if you are already able to use monitor-mode on your device. Ether via special firmware for the internel wifi card or a kernel, which properly supports external wifi cards. Those scripts serve only as a "connector" between your wifi interface and RfA.
    In order to enable this function you need to open RfA settings, tap on "Monitor-Mode settings" and disable the "Use bcmon" checkbox.

    There are 3 different scripts you can specify:

    Activation script
    This script will be executed in it's own directory.
    It should enable monitor-mode and exit.
    Example:
    Code: 
    #!/bin/bash
svc wifi disable
LD_LIBRARY_PATH=/data/data/com.bcmon.bcmon/files/libs
LD_PRELOAD=/data/data/com.bcmon.bcmon/files/libs/libfake_driver.so sh
cd /data/data/com.bcmon.bcmon/files/tools
./enable_bcmon
echo "rfasuccess"
exit
    Click to expand...
    Click to collapse

    Warm-up script
    RfA will read in this script as textfile and execute the commands internally. This is needed to execute reaver in the same terminal session as the script.
    It should do all prepartions before Reaver is started. At least it has to cd into the directory where the reaver binary is.
    Example:
    Code: 
    #!/bin/bash
LD_LIBRARY_PATH=/data/data/com.bcmon.bcmon/files/libs
LD_PRELOAD=/data/data/com.bcmon.bcmon/files/libs/libfake_driver.so sh
cd /data/data/com.bcmon.bcmon/files/tools
    Click to expand...
    Click to collapse

    Stop script
    This script will be executed in it's own directory.
    It should disable monitor-mode and exit.
    Code: 
    #!/bin/bash
svc wifi enable
echo "rfasuccess"
    Click to expand...
    Click to collapse

    Additional Information
    • You have also to specify your wifi-interface.
    • The given examples are those scripts, which RfA uses by default when you enable the "Use bcmon" checkbox.
    • The activation and stop script have to echo "rfasuccess" in order to tell RfA that they were executed properly. With this method you can also implement a sort of error-checking, by returning "rfasuccess" only when everything went fine.
    Click to expand...
    Click to collapse
    View
    9
    S
    SOEDI
    New Version

    Hey folks,

    finally, I found some time and implemented script support.
    This makes RfA ready for bcmon independent usage. Now, if you have a working external wifi card and the right kernel, you will be able to write a short shell-script (details later) and RfA will be able to use it.

    Also, this will make RfA compatible with @n01ce PwnAir, at least after the script for it is ready ;)


    Regards,
    SOEDI


    P.S: Release will be in the next few days.
    View
    7
    S
    SOEDI
    @ruleh: it’s amazing how you stay calm and keep on answering even the most stupid questions!

    In the meantime I integrated the PixieDust attack. I had to rewrite some parts of RfA, pixiewps and reaver itself, but it looks pretty promising now. It was not easy to get the stuff compiled, so keep that in mind when you meet a "Segmentation fault" sometimes ;)
    Details (and release) will follow later...

    RfA 1.40 is coming soon, yeah :D
    View
    6
    S
    SOEDI
    osd_daedalus said:
    Theorically, all that needs is to crosscompile mdk3 (or bully, or a kernel module which supports monitor mode, or another program you want) for ARM architecture, and eventually doing some tweakings.

    In the reality, considering no one did other wifi tools for android, apart the old Reaver (excluding apps in google play mostly to find default passwords according to bssid and router model), I believe it's much difficult than thought.

    Let's remember also the aim of bcmon, reaver-wps and RfA is to return tools to use with internal wifi.
    I believe (but still to try), that if you use Linux Deploy to install Kali, a powered microusb-OTG and an external wifi dongle, you are able to run all of wifi-sec tools you want from your device.

    Just a personal consideration: I'm against the use of mdk3, because the "art" of reaver/bully is to find the correct settings not to trigger the WPS lockdown. I have tested on my TNCAP router and, according also to what I have read, unless you put up a series of wireless tools to intercept packets and monitor your router (wireshark, kismet, etc), you won't realize there is a WPS bruteforce attack in course.
    But start flooding periodically the AP with mdk3, freezing and resetting it in cycle, and I'll be the first to suspect an attack, intercept your packets and knock at your door with a handgun ;)

    P.S. being in topic, there are some reports of TNCAP routers being able to reboot with permanent lock WPS already on, after some floods with mdk3.
    Click to expand...
    Click to collapse

    Here's an android + bcmon compatible mdk3 binary + source. Tested and works on N7 2012 4.3, but some attack may not work (as fast) as they should.

    copy the mdk3 binary inside the zip to data/data/com.bcmon.bcmon/files/tools and don't forget to set the right permissions.


    Best Regards
    SOEDI
    View

New posts