3

Run bcmon. After installing the APK file, run the app. If prompted, install the
firmware and tools. Tap the "Enable Monitor Mode" option. If the app crashes, open
it and try again. If it fails for a third time, your device is most likely not
supported.

Your device must be rooted in order to run bcmon.

4
Tap "Run bcmon terminal". This will launch a terminal similar to most Linux
terminals.Type airodump-ng and tap the Enter button. AIrdump will load, and you
will be taken to the command prompt again. Type airodump-ng wlan0 and tap the Enter
button.

5
Identify the access point you want to crack. You will see a list of available
access points. You must select an access point that is using WEP encryption.

6
Note the MAC address that appears. This is the MAC address for the router. Make
sure that you have the right one if there are multiple routers listed. Jot this MAC
address down.

Also note the Channel that the access point is broadcasting on.

7
Start scanning the channel. You will need to collect information from the access
point for several hours before you can attempt to crack the password. Type
airodump-ng -c channel# --bssid MAC address -w output ath0 and tap Enter. Airodump
will begin scanning. You can leave the device for a while as it scans for
information. Be sure to plug it in if you are running low on battery.

Replace channel# with the channel number the access point is broadcasting on
(e.g. 6).
Replace MAC address with the MAC address of the router (e.g 00:0a:95:9d:68:16)
Keep scanning until you reach at least 20,000-30,000 packets.

8
Crack the password. Once you have a suitable number of packets, you can start
attempting to crack the password . Return to the terminal and type aircrack-ng
output*.cap and tap Enter.

9
Note the hexadecimal password when finished. After the cracking process is complete
(which could take several hours), the message Key Found! will appear, followed by
the key in hexadecimal form. Make sure that "Probability" is 100% or the key will
not work.[1]

When you enter the key, enter it without the ":". For example, if the key was
12:34:56:78:90, you would enter 1234567890.

next app

4
Download and install Reaver. Reaver is a program developed to crack the WPS PIN in
order to retrieve the WPA2 passphrase. The Reaver APK can be downloaded from the
developers' thread on the XDA-developers forums.

5
Launch Reaver. Tap the Reaver for Android icon in your App drawer. After confirming
that you are not using it for illegal purposes, Reaver will scan for available
access points. Tap the access point you want to crack to continue.

You may need to verify Monitor Mode before proceeding. If this is the case,
bcmon will open again.
The access point you select must accept WPS authentication. Not all routers
support this.

6
Verify your settings. In most cases you can leave the settings that appear at their
default. Make sure that the "Automatic advanced settings" box is checked.

7
Start the cracking process. Tap the "Start attack" button at the bottom of the
Reaver Settings menu. The monitor will open and you will see the results of the
ongoing crack displayed.

Cracking WPS can take anywhere from 2-10+ hours to complete, and it is not
always successful.[2]