views:

110

answers:

1

Considering writing a wifi cracking (wep, wpa) auditing tool for the android platform, but I am wondering if it is possible to do without a rooted phone. I had thought it would be impossible to run on an unrooted phone due to the phones wifi chip ignoring packets not addressed to the phone. That is, without the ability to set the wifi chip to monitor mode many of these attacks wont work.

I was surprised to learn that android supports multicast packets. That is, android phones can be set to receive packets not addressed to them.

My questions are:

  • Does having a multicast lock mean I can receive all packets broadcast, or does it only apply to packets with a multicast flag (if such a thing exists)?

  • Is there a difference between monitor mode and multicast?

  • Does the android api have a system for switching channels?

More generally I'm curious:

  • Is anyone familar with other wifi cracking projects running on android (google searches turned up very little)?

  • What difficulties am I likely to run into?

This question is related to SO question Is there anyway to put Android WIFI (droid handset) into permiscuous monitoring mode?

+2  A: 

Does the android api have a system for switching channels?

Nope, it will choose the channel when it connects to an AP. If you can get monitor mode working, the API to set that up will provide something to select the channel.

Is there a difference between monitor mode and multicast?

Yes. Multicast means the packet was addressed to a multicast address, in monitor mode, you can pick up everything that is transmitted on the channel.

I was surprised to learn that android supports multicast packets. That is, android phones can be set to receive packets not addressed to them.

Yes but this isn't monitor mode, "Normally the Wifi stack filters out packets not explicitly addressed to this device. Acquring a MulticastLock will cause the stack to receive packets addressed to multicast"

Your main obstacle is getting monitor mode working, (you'll need to use the NDK... and your wireless firmware has to support monitor mode. someone's been able to do it) then you can record traffic (WEP IVs, WPA 4 way handshake, etc) and analyze it on the phone or send it off to something more powerful. For non-passive attacks you may need the ability to write at lower layers of the network stack though... which is possible using Linux system calls (packet(7), raw(7)), I don't see anything in the Android API unfortunately.

Longpoke