Do you want to test the security of your network? Usually, to accomplish this task, you need a desktop operating system such as Windows, Linux, installed on your computer with a specific wireless network card. However, nowadays you can also use some Android devices to scan and hack wireless networks. These tools are available for free, as long as your device is compatible. Hacking into routers without permission is illegal. These steps are provided to test the security of your own network.
Steps
Method 1 of 2: Hack a WEP router

Step 1. Root a compatible device
Not all Android phones or tablets will be able to hack a WPS PIN. The device must have a Broadcom bcm4329 or bcm4330 wireless chipset and must be rooted. The Cyanogen ROM will offer a better chance of success. Some of the supported devices are:
- the Nexus 7
- the Galaxy S1 / S2 / S3 / S4 / S5
- the Galaxy Y
- the Nexus One
- the Desire HD
- the Micromax A67

Step 2. Download and install bcmon
This tool activates Monitor mode on your Broadcom chipset, which is essential for PIN hacking. The bcmon APK file is available for free on the bcmon page on the Google Code website.
- To install an APK file, you need to allow installation from unknown sources in your menu Security. See step 2 of this article for more information.

Step 3. Run bcmon
After installing the APK file, run the application. When prompted, install the firewall and tools. Tap the option Activate Monitor Mode. If the app crashes, open it and try again. If this fails for a third time, your device is probably not supported.
Your device must be rooted in order to run bcmon

Step 4. Tap Run bcon terminal
This will launch a terminal similar to most Linux terminals. Type airodump-ng and press the button Enter. AIrdump will load and you will be taken back to the prompt command. Type airodump-ng wlan0 and press the button Enter.

Step 5. Identify the access point you want to hack
You will see a list of available access points. You must select an access point using WEP encryption.

Step 6. Note the MAC address that appears
This is the MAC address for the router. Make sure you have the correct address, if there are multiple routers listed. Write down this MAC address.
Also note the channel broadcast by the access point

Step 7. Start the channel analysis
You will need to collect the information from the access point for several hours before you can hack the password. Type airodump-ng -c channel # --bssid the MAC address -w output ath0 and press Enter. Airodump will begin the scan. You can leave the device for a while while it analyzes the information. Make sure to charge it, if the battery is low.
- Replace channel # with the number of the channel from which the router is transmitting (example 6).
- Replace the MAC address with the MAC address of the router (example: 00: 0a: 95: 9d: 68: 16)
- Continue scanning until you reach at least 20,000 to 30,000 packets.

Step 8. Hack the password
Once you have a sizable number of packages, you can start the password cracker. Go back to the terminal and type aircrack-ng output *.cap and press Enter.

Step 9. Write down the hexadecimal password when you are finished
After the hacking process (which can take several hours), the message Key found! will appear, followed by the key in hexadecimal form. Make sure the "Probability" is 100% otherwise the key will not work.
When entering the key, enter it without the ":". For example if the key is 12: 34: 56: 78: 90, you must enter 1234567890
Method 2 of 2: Hack into WPA2 and WPS routers

Step 1. Root a compatible device
Not all Android phones or tablets will be able to hack a WPS PIN. The device must have a Broadcom bcm4329 or bcm4330 wireless chipset and must be "rooted". The Cyanogen ROM will offer a better chance of success. Some of the supported devices are:
- the Nexus 7
- the Galaxy Ace / S1 / S2 / S3
- the Nexus One
- the Desire HD

Step 2. Download and install bcmon
This tool activates Monitor mode on your Broadcom chipset, which is essential for PIN hacking. The bcmon APK file is available for free on the bcmon page on the Google Code website.
- To install an APK file, you need to allow installation from unknown sources in your menu Security. For more information, read step 2 of this article.

Step 3. Run bcmon
After installing the APK file, run the application. When prompted, install the firewall and tools. Tap the option Activate Monitor Mode. If the app bugs, open it and try again. If this fails for a third time, your device is probably not supported
Your device must be rooted in order to run bcmon

Step 4. Download and install Reaver
Reaver is a program developed to hack WPS PIN to be able to recover WPA2 password. The Reaver APK file can be downloaded from the XDA-developers developer forum.

Step 5. Start Reaver
Tap the Reaver for Android icon in your app gallery. After confirming that you are not using it for illegal purposes, Reaver will search for available hotspots. Tap the hotspot you want to hack to continue.
- You may need to check Monitor Mode before continuing. If so, bcmon will reopen.
- The access point you select must accept WPS authentication. Not all routers support this.

Step 6. Check your settings
In most cases, you can leave the settings that appear on the default options. Make sure that the box Automatic advanced settings is checked.

Step 7. Start the hacking process
Push the button Start the attack at the bottom of Reaver. The monitor will open and you will see the results of the current hack displayed.