Sunday, June 5, 2011

iOS WiFi Hacking

After much time, I have gathered a compilation regarding various iPhone hacking tools for wireless networks. These include iWifiHack, Ch0ry, iWep, WiFiPass, PassMule, and Aircrack.

Having thoroughly tested both myself, I can confidently say that iWifiHack and Ch0ry are both scams. iWifiHack available here can only be downloaded from the official site after a lengthy FileIce process (See Fake Name Generator). This is "not a valid app" when added to the iTunes library. Still, some have persisted in making another copy available on various mirrors such as that on Dropbox. These include a file named, which can be opened to reveal iWifiHack.ipa. After renaming the extension to another .zip, can be extracted, added to the iTunes library, and synced. This is only composed of still images that give the appearance of capturing packets, etc. The networks default, hpsetup, HomeLife, and more, can be found by without fail in all "scans." In fact, the .pngs that display their name and encryption standard are located in the root of the app folder (ex. Home WPA.png). Interestingly enough, Ch0ry too has attracted quite a bit of attention, even though it too simply displays itself as "not a valid app." I am sure that there are copies that work well enough for the "demonstration," however it does not surprise me that these too seem to only yield disillusioned commentaries similar to iWifiHack as they are near copies of the other right down to the download button style.

As for iWep, WiFiPass, and PassMule, they seem to produce superior results. iWep has a limited abilities tethered to factory set versions of certain models. Dictionaries are required. The file can be found free at the repo or more information here. At the same time, although not true hacking, WiFiPass (or WiFi Passwords from Cydia by BigBoss) views keys previously entered or stored in the registry. PassMule is another useful tool in the App Store for default router passwords.

At last, a working proof-of-concept version of the Aircrack-ng suite has been ported to iOS, but run through the terminal, it is not yet stable for 4.X+: touchair. Having downloaded these files, SSH the contained folder aircrack over to /private/var/. Now you can run commands such as "/private/var/aircrack/aircrack-ng -a 1 /private/var/aircrack/touch.ivs" which tells it to dump and crack the packets of the network corresponding to the first BSSID.