Playing more with the Android Scripting Environment, I wrote a simple script to display any access points in wifi range. Once you select an SSID, it will display some basic info on that AP, such as the MAC address and encryption type. If you have a rooted phone, you could theoretically brute force an APs password using *nix iwconfig commands. The next post I will show some quick and dirty code to brute force passwords. But for now here is the script for some UI WiFi scanning.
#imports and get an object of android import android, time droid = android.Android() #scan the wifi and assign vars to hold the results #this is dirty, making sure WiFi is on, and #toggling on if not would be better; API Browser =) droid.wifiStartScan() ap = droid.wifiGetScanResults() aps = ap.result #lists to hold the data from scan x =  o =  #loop through results and grab the data we are interested in #format the strings to be displayed in the UI for point in aps: x.append(point["ssid"]) #capabilities are the encryption, if blank there is no encryption if point["capabilities"] == "": o.append("MAC: "+point["bssid"]+"\nFreq: "+str(point["frequency"])+"\nEencryp: [OPEN]") else: o.append("MAC: "+point["bssid"]+"\nFreq: "+str(point["frequency"])+"\nEencryp: "+point["capabilities"]) #set up UI dialog, populate, and present droid.dialogCreateAlert("WiFi Scan", None) droid.dialogSetItems(x) droid.dialogShow() #this grabs what the user has selected result = droid.dialogGetResponse().result #if selection not null, create new UI, populate, and present if result.has_key("item"): item = result["item"] droid.dialogCreateAlert("Basic Info", o[item]) droid.dialogShow()
I just rooted my phone and turns out android doesn’t have iwconfig. They use the stack some how; didn’t find a whole lot of info on it. So no bruteforcing via the terminal… I am going to look into some other method. Anyway, I’ll at least post some code going over permutations.