Two years ago I developed a small android project for recovering admin password on router with HTTP auth. It already had 250.000 downloads when Google decided that it was in violation with section 4.4 of the Developer Distribution Agreement. Because it’s no longer available on Google Play, I’m publishing it here with complete source code of the project.
The app should only be used on routers you own. It’s illegal to gain unauthorized access to any kind of device.
Router password recovery has two modes. You can brute force the password, or use a dictionary. Passwords length of 5 or less can be easily broken with brute force in less then a day. If you need to brake longer password, you can limit character set used in brute force or use a dictionary of most common passwords. You must provide your own dictionary in a simple text file with one password per line. You can find pre-build dictionaries online. App has ability to continue from any given password you input. This enables you to split work in multiple sessions.
Router needs to support HTTP auth. HTTPS is also supported, but slower. Routers with DD-wrt or Tomato do support this. Some routers with stock software also support it and some do not.
A lot of people have mistaken Router password recovery for a Wi-Fi hacking tool. It’s no such thing. It only helps you find lost password for router and not for Wi-Fi network. Access to Wi-Fi is a precondition to run this app.
App should be used to recover lost password, but in theory it could be used for next scenario or variations:
- Connect to open Wi-Fi network or secure Wi-Fi if you have required password.
- Recover admin password with brute force or dictionary.
- Do whatever you want. For example: open ports, change QOS and ultimately install your own software to intercept all traffic (tcpdump).
Router password recovery details:
- works on Android 1.6 and greater
- supoorts HTTP and HTTPS auth
- multithreading (user defined: 1-4 threads)
- brute force attack with custom character set and start password
- dictionary attack (txt file with one password per line) with start password
- speed indicator (passwords per second)