Thursday, October 10, 2013

Functional Aircrack-ng on Android for Broadcom chipsets available! (How to hack WiFi with Android)

Most of you have probably heard about programs such as Backtrack, or attacks such like Airmon, Airodump or Aircrack. All of these programs/attacks are capable to potentially hack WiFi routers with special attacks. And you know what? These attacks are working on Android now, too.

This feature and attack is (unfortunately) working on Broadcom-chipsets and some more devices only so It needs a lot of time to make a fully working monitor mode with aircrack for all Android devices.

What do I need?

To attack a WiFi, you need an app called bcmon which enables monitor mode for your device. With monitor mode enabled, you're free to do such stuff like this.

Bcmon can be downloaded at the official site:

To make the Aircrack-ng workable, you need to download the additional app called AircrackGUI.

AircrackGUI does it all - FakeAuth, deauth, capturing packages and entire cracking.
Be sure to have root + busybox installed otherwise you won't be able to run this app properly.

Hacking time.

Let's hack some. It's not that hard after all, I will quote from deviato - an XDA member (author of the app):


1. Start the application and click "Enable Monitor Mode" to load the patched drivers.
Once the controls are unlocked, scan for Networks (you can change the time to scan in seconds).
Select the desired Network, and start capturing on the second tab.

2. If you are attacking a WPA/WPA2 network, you can deauthenticate (broadcast/clients) to get the Handshake. Once you get it, you can stop capturing and start cracking, even though it's very slow on
phone, and would be better to do this from a pc. In the application folder is included a wordlist.txt
file that you can replace with your own.
The application picks the last captured file for cracking, so you can start cracking later, until you
don't capture again, however all the files are kept in "capture" subfolder.

3. If you are attacking a WEP network, you can start Fake Authentication on the first tab. You have to
start capturing first, because Fake Auth needs the channel to be fixed.
If the network uses Shared Key Authentication, you have to Deauth a client first to get the XOR file.
Once you get it (you can check the capture tab), restart Fake Auth, and it will use the file automatically.
Then you can start ARP Replaying on the third tab, to increase the IVS Capturing rate.
Finally you can crack the wep key using the same tab.

Bcmon has two methods to run - the old one and the new one. The new is surprisly much better because you don't need to compile the kernel to make the mornitor mode work.
If you think this information I provided to you is not complete, please visit the site mentioned above for more additional info.

Note also, hacking WiFi passwords may be illegal in your country, use it only on your sites and only for your own responsibility. This walkthrough is for educational purposes only.

No comments:

Post a Comment