Wi-Fi Master Key: How to crack it and whether it is dangerous

Why can this "key" crack Wi-Fi? Does it really "crack" Wi-Fi? I had this question two years ago. Forgive me for being curious about all unknown things. At that time, I racked my brains and searched for the answer through various channels, and finally understood a little bit.

How can this be called a crack? When I learned the principle behind it, I immediately felt disgusted. How could this be such a rogue software? This is just as disgusting as the 3721 browser plug-in back then!

How does a Wi-Fi VPN key work?

Now I will share what I learned with you. In fact, it has no cracking function at all. Many people installed this software with the mentality of giving it a try and happily cracked other people's Wi-Fi. In the early stage, they really couldn't crack it successfully, so they ignored the software. Later, I installed a new wireless LAN at home and happily connected it, but forgot the long-dormant "key" in my phone. It quietly uploaded the home Wi-Fi information to a database, and this database was already prepared by the Wi-Fi ***key team. Coincidentally, Lao Wang next door also installed this APP. He received a push notification saying that there was a crackable Wi-Fi nearby, so this "key" opened a "free Internet door" for Lao Wang next door, and also prompted Lao Wang next door to embark on the road of no return of An Li.

And there are such suckers and Mr. Wang next door everywhere in the country. What's worse, some people go to their friends' houses and connect to their Wi-Fi but share other people's Wi-Fi.

Yes, its cracking principle is not some exhaustive method or something like that. It is not cracking at all, it is clearly theft! Some people have suggested that the sharing function of Wi-Fi VPN keys is turned off by default, so please see the accompanying picture.

Obviously not.

And even if it says it is not shared, as an ordinary user who can't see the source code at all, how can I be sure whether it is shared?

How do Wi-Fi VPN keys collect data? - Internet

A user on Zhihu also had the same suspicion, so he decompiled the installation package of the Wi-Fi *** key. People used to say that it is slander and defamation to accuse someone of theft and invasion of privacy without evidence, but the source code will not lie. Do you know why the Wi-Fi *** key requires root privileges? Because the wireless account data of our Android phone is stored in a file, that is, /data/misc/wifi/wpa_supplicant.conf. This is a system file, which cannot be accessed without high permissions. This file is extremely important. If you get this file, or can see the content of this file, it means that you can get all the Wi-Fi hotspots that this phone has logged in, as well as their plaintext passwords! The Wi-Fi *** key needs the content in this file.

This Zhihu user decompiled the Wi-Fi VPN key and released the source code. The 1051st line of the source code reads:

const-string v3, "cat /data/misc/wifi/wpa_supplicant.conf>/data/data/com.snda.wifilocating/wifi.conf\n"

It can be seen that it not only accesses the wpa_supplicant.conf file, but also copies it to its own cache directory. Oh, there is an important point that I forgot to mention. This is version 1.0, and there was no hotspot backup function at the time, but this little trick was done in the source code.

Some people may not care about this, perhaps because they think their network is fast enough and they don't care if others use their network for free. However, freeloading is a minor issue, but security is a major issue. If your home wireless LAN information is made public, all kinds of hackers can access your computer without any obstacles. Isn't this an obvious security risk?

Don't ever take the chance that "I'm not worth being hacked" and don't think that hackers will hack BAT (Baidu, Alibaba, Tencent) companies at will. Three hundred yuan in Alipay is also money and is worth being hacked. In addition, a computer can be a springboard (it's a bit difficult to explain, please search if you want to know) and become a zombie (a controlled computer). When the time comes, others use your computer as a springboard to do something that should be investigated, and the police will come to find you across provinces.

Therefore, you must have basic network security knowledge, and never try to get something for nothing. When you connect to public Wi-Fi in public places, don’t shop online easily. Many people don’t realize that there are many security risks when sharing “Wi-Fi”.

There are many rogue products like Wi-Fi VPN keys in China, not to mention various Wi-Fi sharing software.

Then some suggestions:

1. Protect your own Wi-Fi and don’t share it with your neighbors out of kindness.

2. If a friend comes to your home and wants to use your Wi-Fi, please make sure that he does not have similar cracking software on his phone.

3. Change your Wi-Fi password regularly.

4. Mac address binding and various routing security settings are no longer repeated.

5. Turn off the ssid broadcast of your own router (see picture). This is what I did, hahahahahhhh~

6. Persuade others to uninstall Wi-Fi VPN keys.

7. Share this article to let more people know.

Add one mentioned by @Yuanming

According to me, create a public Guest SSID, isolate the intranet, set up QOS, and use it exclusively for guests. This will ensure that your SSID will not be accidentally shared. Hiding the SSID is just for novices.

------------

There is more complete content in Li Xixi's answer, I recommend you to take a look.

It took me nearly three hours to sort it out and I was so tired = = If it spreads, then everything will not be in vain. I never expected that the software that I thought was shameless two years ago would become even more shameless two years later. In the Internet world without privacy, I hope that this method can make more people realize that security risks are everywhere.

Why did I do such a boring thing?

= = Boring? Because I couldn't stand the scene at the beginning, so I had to say something.

by: CATT L