Introduction
Security researchers have identified some wireless routers of having default passwords derived from a routers MAC address (e.g D8:3A:32:28:21:72) or SSID (network name). To determine what vendor the WiFi network is on, you can lookup the MAC address here or download the MAC address lookup app.
If you have any of these routers listed below I suggest you check it for vulnerability. The good news is that there are a number of freely available apps in Cydia (which requires you to jailbreak your device) and iTunes that are able to recover these passwords. This will not work if the default password has been changed. My success rate of gaining entry into a compatible router is ~65%. The comparison table gives you an idea how the apps compare side-by-side:
Table 1: Best iDevice WiFi Hacking Apps
Name
|
Cost
|
Store
|
Offline
|
MAC Shown
|
Signal Strength
|
Network Scan
|
Connect in App
|
$8.19
|
Cydia
|
Yes
|
Yes
|
Yes
|
Yes
|
Yes
| |
$1.99
|
iTunes
|
No
|
No
|
No
|
No
|
No
| |
Free
|
Cydia
|
Yes
|
Yes
|
Yes
|
Yes
|
No
| |
Free
|
Internet
|
No
|
No
|
No
|
No
|
No
| |
$3.99
|
Cydia
|
No
|
No
|
No
|
No
|
No
| |
$2.25
|
Cydia
|
No
|
No
|
No
|
No
|
No
| |
$3.99
|
Cydia
|
No
|
No
|
No
|
No
|
No
|
There are a few more available in iTunes, but they have an ugly GUI or in a foreign language:
Universal WPA Finder $0.99
WiFi WPA $1.99
WPA Inspector $1.99
HAG WPA Finder $0.99
You can also search the app store for any WiFi related app (if it is not showing to your right, temporarily disable adblock). Suggested search terms: wifi, wep, wpa, ssid, network.
1 iWep Pro
The developer over at iWazDev has created the best, feature packed and most expensive (or free if you decide to download it from a repo that hosts cracked apps) WiFi auditing tool out there. It is also the most difficult to setup as you are required to download 12 iWep Pro dictionaries in Cydia (2004 to 2011) for offline use (instructions here). The MAC address is shown during the network scan, signal strength is shown and you can also connect and test the password through the app. Another good thing is that he offers a trial which is ad supported. Here is a list of supported networks. Do any of these look familiar?
Table 2: Supported Networks
WLAN_XX
|
WiFIXXXXXX
|
ThomsonXXXXXX
|
DmaxXXXXXX
|
WLAN_XXXX
|
WiFiXXXXXX
|
BTHomeHub-XXXX
|
Orange-XXXXX
|
JAZZTEL_XXXX
|
YACOMXXXXXX
|
INFINITUMXXXXXX
|
CytaXXXXXX
|
WLANXXXXXX
|
SpeedTouchXXXXXX
|
Bbox-XXXXXX
|
TN_private_XXXXXX
|
BigPondXXXXXX
|
Alice_XXXXXXX
|
O2wirelessXXXXXX
|
FastWeb-1-XXXXXXX
|
DlinkXXXXXX
|
BlinkXXXXXX
|
SKYXXXXX
|
EircomXXXX XXXX
|
 |
| iWep Pro Network Scan |
 |
| Manual Lookup |
2 WPA Tester
The only iTunes app that made the cut supports a similar large range of networks as iWep Pro but functionality is quite limited with manual input of network names (SSID). The app is a little misleading in the description as it states a whole host of networks that this app supports. But ISPs do not stick to one router model or vendor, they have a variety. So, as an example, if you have a Verizon router, chances are that it is not supported. Supported Networks:
Australia BigPond
U.S. Verizon
U.K. BTHomeHub, Sky
Italy Alice, Fastweb, InfostradaWiFi, TeleTù, Tele2
Spain Ono, JAZZTEL, YaCOM, WiFi, ADSL
Portugal Vodafone, Meo, Sapo, Zon
Ireland Eircom
France Bbox
Mexico INFINITUM
Greece OTEnet
Cyprus Cyta
Many Countries Huawei, Dlink, Tecom, Discus, WLAN, D-LINK, WIRELESS, O2Wireless, Thomson, SpeedTouch, privat, DMAX, Orange
This app is only good for Thomson based routers that usually have a combination ending of six capital letters and numbers XXXXXX. It supports offline mode, network scanning and you will have to download the rainbow tables in order to use it.
This is not an app but an actual online tool that can be accessed on any computer. It is worthy of bookmark status on your phone and your computer. Again, this is only good for Thomson / SpeedTouch based routers and it works just as good as iWep Pro for hacking SpeedTouch / Thomson routers.
 |
| Web based Thomson SSID lookup found three keys |
From the same developer as iWep Pro, this is only good for Thomson / SpeedTouch based routers and the fwssid app is also good for Fastweb routers. You will have to manually input the XXXXXX part of the SSID and a button will pop up, allowing you to copy the password to your device.
 |
| SpeedSSID found two keys |
Table 3: Supported Networks
ThomsonXXXXXX
|
Orange-XXXXXX
|
INFINITUMXXXXXX
|
TN_private_XXXXXX
|
SpeedTouchXXXXXX
|
DMAXXXXXX
|
Bbox-XXXXXX
|
CYTAXXXXXX
|
6 dlssid
This has the same GUI / function as the SpeedSSID app and it claims to be able to generate network keys from Dlink routers. I have not had any success with this app so I cannot comment on its effectiveness. Probably because Dlink put out so many different models out each year. However, it is from a reputable developer and I am hoping to find out from anyone who was able to get this app to work.
7 Dessid
This app is good for Eircom routers with the distinctive XXXX XXXX after the name which are used extensively in Ireland. Same GUI as the above, however unlike the others, you are able to scan for networks and view a google map of every router that has been sniffed.
 |
| Pinned locations of routers, many more now |
There is an interesting app available in Cydia called WiFiPass. It logs any WiFi password you type into your phone and displays it in the app. There is also an iTunes app called Passmule that has the default administrator passwords of many vendors and models. I managed to get into this network by doing so.
 |
| Passmule in action |
Network Sniffers Free WiFi Locations
Coming Soon
Beware
iDevices are limited in processing power and hardware to be able to brute-force attack Wi-Fi networks. Any app that claims to do this (e.g. iWifihack), is wasting your time (by making you do surveys) and possibly stealing your money. Aircrack-ng the popular Linux / Backtrack suite of penetration testing has been ported to the iPhone as a proof of concept. However, it is a hardware limitation where the WiFi card cannot inject or collect packets.
Video of Some of these Tools in Action
Like the info and video, just a quick question what did you use to make video not the screencast, more the iphone mirroring and controlling via the mac, thanks
ReplyDeleteiDemo: http://www.plutinosoft.com/idemo
ReplyDeleteScreensplitr:http://screensplitr.com/