tags:

views:

110

answers:

1
+5  Q: 

Is it possible to write a wifi cracking util for Android phones? Monitor mode vs Multicast?

Considering writing a wifi cracking (wep, wpa) auditing tool for the android platform, but I am wondering if it is possible to do without a rooted phone. I had thought it would be impossible to run on an unrooted phone due to the phones wifi chip ignoring packets not addressed to the phone. That is, without the ability to set the wifi chip to monitor mode many of these attacks wont work.

I was surprised to learn that android supports multicast packets. That is, android phones can be set to receive packets not addressed to them.

My questions are:

  • Does having a multicast lock mean I can receive all packets broadcast, or does it only apply to packets with a multicast flag (if such a thing exists)?

  • Is there a difference between monitor mode and multicast?

  • Does the android api have a system for switching channels?

More generally I'm curious:

  • Is anyone familar with other wifi cracking projects running on android (google searches turned up very little)?

  • What difficulties am I likely to run into?

This question is related to SO question Is there anyway to put Android WIFI (droid handset) into permiscuous monitoring mode?

+2  A: 

Does the android api have a system for switching channels?

Nope, it will choose the channel when it connects to an AP. If you can get monitor mode working, the API to set that up will provide something to select the channel.

Is there a difference between monitor mode and multicast?

Yes. Multicast means the packet was addressed to a multicast address, in monitor mode, you can pick up everything that is transmitted on the channel.

I was surprised to learn that android supports multicast packets. That is, android phones can be set to receive packets not addressed to them.

Yes but this isn't monitor mode, "Normally the Wifi stack filters out packets not explicitly addressed to this device. Acquring a MulticastLock will cause the stack to receive packets addressed to multicast"

Your main obstacle is getting monitor mode working, (you'll need to use the NDK... and your wireless firmware has to support monitor mode. someone's been able to do it) then you can record traffic (WEP IVs, WPA 4 way handshake, etc) and analyze it on the phone or send it off to something more powerful. For non-passive attacks you may need the ability to write at lower layers of the network stack though... which is possible using Linux system calls (packet(7), raw(7)), I don't see anything in the Android API unfortunately.

Longpoke  2010-06-23 16:52:46

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security