Hacking WPA Using an Android Phone

Before we begin, here goes the disclaimer:

This hacking experiment was performed on a personal wireless router. Under no circumstances should you ever use the procedures denoted below to hack into a wireless network that you do not personally own or have no permission to perform security tests on. I am not responsible for any damage done to either your phone or the router itself.

With that out of the way, let’s begin. Android phones are basically glorified Linux computers inside your pocket, they can perform all functions that any computer can perform, only much slower and less efficiently. By taking advantage of that, we can just go ahead and plug some code into the terminal and start hacking, right? Well, no.

First of all, we will need a rooted Android phone, but that step is pretty much obvious by now, you will need complete control over your phone in order for this to work. Besides a rooted android phone, you will also need to change the firmware on your wireless antenna to enable monitor mode. To do that, go to this website and download the bcmon app. After you do that, you will need to install the Android Terminal Emulator app, found for free in the Android app store.

So, to recap, you will need:

  • A rooted Android phone.
  • Bcmon app that can be found here.
  • Terminal Emulator app that can be found here.
  • Some time.

The first step would be to launch the bcmon app and install the firmware into your wireless antenna (bcmon allows you to restore your original firmware as well). The next step is to enable monitor mode on the device, this will enable the well known monitor mode used in almost every wireless network hack.

screenshot_2014-12-08-22-42-59         screenshot_2014-12-08-22-42-38

Now that we have enabled monitor mode, the next step will be to run wash, which will enable us to view all available networks to hack and weather their WPS is locked, because the hack exploits a security flaw inherit of the WPS protocol. (It would be better to use your phone in landscape mode from now on, as all the information displayed on screen won’t fit in portrait mode).


The network names are displayed on the right, while their BSSID and channels are displayed on the left of the screen. Take note of both the BSSID and the channel the network you want to perform the hack are on. (You will obviously want the WPS to be unlocked). The next step would be to close the terminal, go back and then tap the run bcmon terminal option.

We will now execute a popular terminal program called reaver that came with the installation of bcmon. To learn more about all the option available and how the program works, just write “reaver info” in the terminal. Now that we have our targets BSSID and channel, the only thing left is to punch in the code that will allow us to hack into the network. To do this, type the following line into the terminal:

reaver -i (interface card name) -b (target BSSID) -c (channel) -vv


reaver -i wlan0 -b 20:4E:7F:A0:54:37 -c 5 -vv

You will see reaver starting to try out different WPS codes to break into the network. If the process locks up and starts giving out multiple errors and warnings with no sign of getting back to the cracking process, try out adding the ignore locks function to the code.

reaver -i wlan0 -b 20:4E:7F:A0:54:37 -c 5 -vv –ignore-locks

After you wait an hour or two, your Android device hopefully broke into the WPS key and provided you with a password. (It is handy that reaver actually stores your session in case something happens).

So, after seeing how easy it is to break into a secure WPA network, you might be asking, is there a way to protect myself from such attacks? Well yes, there is. By going into your router settings, simply disable the WPS option that is enabled by default on almost all routers (stupid idea), and that’s it! Really? Yes! That’s it!


Thank you for reading, don’t forget to leave a comment if you have any questions.


Leave a Reply to king Cancel reply

Your email address will not be published. Required fields are marked *