WPA2 WPS Routers
Roots a compatible device. Not all Android phones or tablets can use a WPS PIN. The device must have a Broadcom wireless chipset bcm4329 or bcm4330 and must be rooted. The Cyanogen ROM will provide the best chance of success. Some of the supported supported devices are:
* Nexus 7
* Galaxy Ace / S1 / S2 / S3
* Nexus One
* Desire HD
Download and install bcmon. This tool activates the monitor mode on your Broadcom chipset, which is essential for decrypting the PIN. The bcmon APK file is available for free from the bcmon page on the Google Code website.
* To install an APK, you will need to allow the installation of unknown sources in your Security menu.
Run bcmon. After installing the APK file, run the application. If prompted, install the firmware and tools. Tap the "Enable monitor mode" option. If the app crashes, open it and try again. If it fails for the third time, your device is probably not supported.
* Your device must be rooted in order to run bcmon.
Download and install Reaver. Reaver is a program developed to decrypt the WPS PIN to retrieve the WPA 2 passphrase.
Launch Reaver. Tap the Reaver for Android icon in your application drawer. After confirming that you are not using it for illegal purposes, Reaver will look for available access points. Tap the access point you want to crack to continue.
* You may need to check the Watch Mode before continuing. If that is the case, bcmon will open again.
The access point you select must accept WPS authentication. Not all routers support this.
Check your settings. In most cases, you can leave the settings that appear at their default value. Make sure that the box "Automatic advanced settings" is checked
Start the cracking process. Press the "Start Attack" button at the bottom of the Reaver Settings menu. The monitor will open and you will see the results of the crack being displayed.
* The cracking of the WPS can last between 2 and 10 hours, and it is not always successful