How to Access Wi-Fi Networks Illegally Using Android

Want to test the security of a network? In the past, to do so, you would typically need a computer equipped with a specialized wireless network card and a system like Windows or Linux. However, now with certain Android devices, you can scan and break into wireless networks. These tools are available for free, provided your device is compatible. Note that unauthorized access to routers is illegal. The steps below will show you how to test the security of your own network.

Breaking into Compatible Devices. Not every Android phone or tablet can crack WPS PIN. It must be a device with a bcm4300 or Broadcom bcm4329 wireless chipset and it needs to be rooted. Your chances of success are highest with Cyanogen ROM. Some supported devices include:

• Nexus 7
• Galaxy S1/S2/S3/S4/S5
• Galaxy Y
• Nexus One
• Desire HD
• Micromax A67

Download and Install bcmon. This tool activates Monitor Mode on Broadcom processors, a key component for cracking PINs. The bcmon APK file is available for free on the Google Code website's bcmon page.

• To install the APK, in the Security menu, you will need to allow installation from unknown sources.

Launch bcmon. After the APK is installed, open the app. Follow the prompts to install the firmware and tools. Tap on the "Enable Monitor Mode" option. If the app freezes, reopen and try again. If it fails three times, your device may not be supported.

• To run bcmon, your device must be rooted.

Tap "Run bcmon terminal". A terminal similar to most Linux emulators will open. Type airodump-ng and press Enter. Airodump will load, and you will be taken to the command line interface. Type airodump-ng wlan0 and press Enter.

Identify the access point you want to crack. You will see a list of available access points and need to select one using WEP encryption.

Record the displayed MAC address. This is the MAC address for the router. If the list shows multiple routers, make sure it's the correct MAC address you need. Write this address down.

• At the same time, note the Channel the access point is using to broadcast.

Start scanning the channel. You'll need to collect data from the access point for several hours before attempting to crack the password. Enter airodump-ng -c channel# --bssid MAC address -w output ath0 and press Enter. Airodump will begin scanning. You can leave the device somewhere while it collects data. Ensure the device is charged if the battery is low.

• Replace channel# with the channel number that the access point is broadcasting on (e.g., 6).
• Replace MAC address with the router’s MAC address (e.g., 00:0a:95:9d:68:16).
• Continue scanning until you gather at least 20,000-30,000 packets.

Crack the password. Once you have collected enough packets, you can begin attempting to crack the password. Go back to the terminal and type aircrack-ng output*.cap and press Enter.

Record the hexadecimal password when finished. After the password cracking process (which may take several hours) is completed, the message Key Found! will appear, followed by the password in hexadecimal form. For the key to work, make sure the "Probability" is 100%.

• When entering the key, do not include the colons. For example, if the key is 12:34:56:78:90, input 1234567890.

Crack compatible devices. Not all Android phones or tablets can crack WPS PINs. The device must have a wireless processor such as the bcm4330 or Broadcom bcm4329, and it must be rooted. You will have the highest success rate with Cyanogen ROM. Some supported devices include:

• Nexus 7
• Galaxy Ace/S1/S2/S3
• Nexus One
• Desire HD

Download and install bcmon. This tool enables Monitor Mode on your Broadcom chipset – a crucial component for cracking the PIN. The bcmon APK file is available for free from the bcmon page on Google Code.

• To install the APK file, you'll need to allow installations from unknown sources under the Security menu.

Run bcmon. After installing the APK, launch the app. Install the firmware and tools when prompted. Tap the "Enable Monitor Mode" option. If the app freezes, try opening it again. If it doesn't work after three attempts, your device is likely unsupported.

• Your device must be rooted to run bcmon.

Download and install Reaver. Reaver is a tool specifically designed to crack WPS PINs to obtain WPA2 password hashes. The Reaver APK can be downloaded from the developer's thread on the XDA community forum.

Launch Reaver. Tap the Android icon in your app tray. Once you confirm you won't use it for malicious purposes, Reaver will scan for available access points. Tap the access point you wish to attempt cracking to continue.

• You may be prompted to confirm Monitor Mode again. In this case, bcmon will open once more.
• The access point you choose must support WPS encryption authentication. Not all routers support this feature.

Double-check your settings. In most cases, the default settings will suffice. Ensure that the "Automatic advanced settings" box is checked.

Starting the unlocking process. Click on the "Start attack" button located at the bottom of the Reaver Settings menu. A screen will appear, displaying the progress of the unlocking process.

• WPS unlocking can take anywhere from 2 to 10+ hours to complete, and success is not guaranteed.

• Unauthorized access to a router you have not been granted access to is illegal.
• In the USA and the UK, where unauthorized WiFi access is considered illegal, you could face penalties or arrest for involving anyone in such activities.

• Under the general law on unauthorized computer access (in the Netherlands), someone who illegally accesses a WiFi router cannot be prosecuted, as the router does not meet the legal definition of a computer under Dutch law.