Forgot your home Wi-Fi password, and the sticker on your router has worn off? Or do you need to connect a new device, but the network owner is temporarily unavailable? Situations vary, but it's important to remember: Hacking into other people's networks without permission is illegal. (Article 272 of the Criminal Code of the Russian Federation). In this article we will consider legal ways to restore access to his own networks, as well as technical vulnerabilities that are sometimes exploited by attackers. If you're looking for a way to bypass someone else's access point security, be warned: doing so can result not only in fines but also criminal liability.
On AndroidThere are several ways to retrieve a saved password or connect to a network without it on devices. Some methods only work on rooted phones, while others require physical access to the router. We analyzed methods that are relevant as of 2026, taking into account security updates in the latest versions. Android 14/15 and router firmware from TP-Link, ASUS, Keenetic And Xiaomi.
Important: If you rent accommodation or use a corporate network, first confirm access rules with your administrator. In some cases (for example, in hotels or coworking spaces), the password may be linked to the room number or reservation—this can be legally requested through customer support.
1. View saved passwords on Android (without root)
If your phone has connected to the network before, the password may have been saved in the system settings. In the latest versions Android Access to this information is limited, but there are workarounds.
On devices with Android 10 and later (including Samsung One UI, Xiaomi MIUI, Oppo ColorOS) passwords are hidden by default. However, on some firmware versions (for example, Pixel or Stock Android) can be used ADB commands to extract data. Here are the step-by-step instructions:
- 📱 Turn on
Developer mode(Click 7 times onBuild numberVSettings → About phone). - 🔌 Connect your phone to your PC and allow it
USB debugging. - 💻 Enter in the command line:
adb shellsu -c "cat /data/misc/wifi/WifiConfigStore.xml" - 🔍 Find the line in the output
<string name="PreSharedKey">[PASSWORD]</string>.
⚠️ Attention: On Samsung And Xiaomi This method may not work due to additional manufacturer restrictions. In this case, you will need root access or alternative methods.
☑️ What do you need to extract the password via ADB?
2. Using root rights to access system files
If on yours Android-there is a device root access, you can directly read the file with saved passwords. This method works on 90% of firmware versions, but requires caution—incorrect actions can damage the system.
Instructions for rooted devices:
- Install any file manager with root support (For example, Root Explorer or FX File Explorer).
- Follow the path:
/data/misc/wifi/or (on newer versions of Android):
/data/vendor/wifi/ - Find the file
WifiConfigStore.xmland open it with a text editor. - In the block
<Network>there will be a line with a password:<string name="PreSharedKey">your_password_here</string>
On some devices (eg. OnePlus or Realme) passwords may be stored in encrypted form. In this case, the utility will help wpa_supplicant:
su
cat /data/misc/wifi/WifiConfigStore.xml | grep -E 'SSID|PreSharedKey'
⚠️ Attention: After the update Android 13+ Some manufacturers have started encrypting system files. If you see a character set like a1b2c3d4e5 — this is a hash, and to decrypt it you will need additional tools (for example, John the Ripper).
What to do if the WifiConfigStore.xml file is missing?
On some firmware versions (for example, LineageOS), passwords are stored in /data/misc/apexdata/com.android.wifi/WifiConfigStore.xml. Also check the /data/misc/wifi/WifiConfigStoreBackup.xml folder—there may be a backup there.
3. Password recovery via the router's web interface
The most reliable and legal way is to access your router settings through a browser. To do this, you'll need:
- 🌐 Any device already connected to this Wi-Fi network (or Ethernet cable).
- 🔑 Login and password for the router admin panel (usually
admin/adminor indicated on the sticker). - 📡 IP address of the router (for example,
192.168.0.1or192.168.1.1).
Step-by-step instructions:
- Open your browser and enter the router's IP address in the address bar.
- Log in (if you don’t know your login/password, try standard combinations or reset the router using the button)
Reset). - Go to the section
Wi-Fi(orWireless,Wireless network). - Find the field
Password(orPassword,Pre-Shared Key). In some routers (for example, ASUS RT-AX88U) the password may be hidden behind asterisks - use the "Show symbols" option.
💡 Helpful tip: If you have forgotten your router login details but have physical access to it, press and hold the button Reset (usually located on the back panel) for 10-15 seconds. This will reset the settings to factory defaults, and you will be able to use the default login/password (indicated on the sticker).
| Router manufacturer | Standard IP address | Default login/password |
|---|---|---|
| TP-Link | 192.168.0.1 or 192.168.1.1 |
admin/admin |
| ASUS | 192.168.1.1 |
admin/admin |
| Xiaomi/Redmi | 192.168.31.1 |
No login required, password is on the sticker |
| Keenetic | 192.168.1.1 |
admin/1234 (or indicated on the box) |
| Zyxel | 192.168.1.1 |
admin/1234 or admin/password |
⚠️ Attention: If the router belongs to the provider (for example, Rostelecom, Beeline, MTS), resetting the settings may disrupt your internet connection. In this case, it's best to call support and request access details.
4. Exploiting the WPS vulnerability (only for older routers)
WPS (Wi-Fi Protected Setup) — is a fast connection technology that was popular until 2018. Due to protocol vulnerabilities, its support is disabled in most modern routers, but it may be active on older models (manufactured before 2016).
If the indicator on the router is on WPS or there is an option in the settings QSS/PBC, you can try to guess the PIN code. To do this, you will need:
- 📱 Android device with root access.
- 🛠️ Application WPS Connect (removed from Google Play, but available on APKMirror).
- ⏳ Time - PIN code brute-force can take from 2 to 10 hours.
Algorithm of actions:
- Download and install WPS Connect (version not lower than 1.5.5).
- Run a network scan.
- If the network supports WPS, the app will show the status
Vulnerable. - Click
Connectand wait for the PIN code to be selected.
Important: Since 2020, most manufacturers have disabled WPS by default due to widespread attacks. If your router was manufactured after 2018, this method will not work.
⚠️ Attention: Usage WPS Connect Hacking into other people's networks is considered unauthorized access (Article 272 of the Russian Criminal Code). The app may be blocked by antivirus software—this is normal, as it is often used by criminals.
5. Handshake interception and brute force (for experienced users)
This method requires deep knowledge in network security and is used mainly for testing own networks for vulnerabilities. We describe it for educational purposes only.
To intercept handshake (authentication package) and subsequent password selection will require:
- 📱 Android device with root access and support
monitor mode(not all chipsets allow this). - 🛠️ Applications: Termux, aircrack-ng, rehashcat.
- 💾 Password dictionary (e.g. rockyou.txt).
Quick instructions (for testing your network only!):
- Install Termux and run the commands:
pkg update && pkg upgradepkg install aircrack-ng
pkg install termux-api - Turn on
monitor mode:airmon-ng start wlan0 - Grab a handshake:
airodump-ng wlan0mon --bssid [router MAC] -c [channel] -w capture - Choose a password:
aircrack-ng -w /sdcard/rockyou.txt capture-01.cap
⚠️ Attention: This method only works against legacy encryption types (WEP, WPA). Modern routers with WPA3 are resistant to such attacks. In addition, interception of traffic without the consent of the network owner is crime.
🔹 Interesting fact: In 2023, researchers from Kaspersky found that 12% of home routers in Russia are still using WEP- encryption that can be cracked in minutes. If your router was manufactured before 2015, be sure to update the firmware and enable WPA3.
6. Legal alternatives: how to connect without a password
If you urgently need Wi-Fi access but don't want to break the law, consider these options:
- 📶 Wi-Fi Direct: some routers (eg. ASUS AiMesh) support guest access via QR code. Ask the network owner to generate the code in the router settings.
- 🔄 WPS by button: if there is a physical button on the router
WPS, press it, and then select the network on your phone - the connection will occur without a password (works for 2 minutes). - 📱 Distribution from a phone: If you have access to another device that is already connected to the network, turn it on
Access pointand distribute the InternetBluetoothorUSB. - 🏢 Public networks: Cafes, airports, and shopping malls often have free Wi-Fi. Use official apps (e.g. WiFi Map) to search for legal access points.
💡 Travel Tip: If you often stay in hotels, install the app Hotel WiFi Test — it shows passwords from popular hotel chains (if they are provided legally).
⚠️ Attention: Avoid connecting to networks with suspicious names (eg. Free_WiFi_Hack or Starbucks_Free). These could be traps To steal data. Always confirm the name of the official network with the staff.
7. How to protect your network from hacking
If you are a Wi-Fi network administrator, follow these guidelines to minimize risks:
- 🔒 Use
WPA3-Personal(or at leastWPA2-AES). Give upWEPAndWPA-TKIP. - 🔄 Change your password every 3-6 months. Use a combination of 12+ characters, including numbers and special characters.
- 🚫 Turn it off
WPSAndUPnPin the router settings. - 📡 Hide
SSID(network name) or use a random name without personal information. - 🛡️ Turn on
MAC filtering(Allow only trusted devices to connect). - 🔄 Update your router firmware regularly (especially important for TP-Link, D-Link And Tenda, where vulnerabilities are often found).
📌 Check your network: Run a scan using Fing or NetCut — these apps will show all connected devices. If you see any unfamiliar ones MAC addresses, change your password.
| Type of protection | Security level | Recommendations |
|---|---|---|
WEP |
❌ Very low | Do not use. Hacked in minutes. |
WPA-TKIP |
⚠️ Low | Replace with WPA2-AES or WPA3. |
WPA2-AES |
✅ High | The optimal choice for most routers. |
WPA3 |
✅✅ Very high | Best option, but requires compatible devices. |
⚠️ Attention: If your router supports WPA3, but some devices (for example, old ones) Smart TV or printers) cannot connect, turn on compatibility mode (WPA2/WPA3 Transition Mode).
FAQ: Frequently Asked Questions About Wi-Fi Passwords on Android
❓ Is it possible to find out the Wi-Fi password without root access?
Yes, but only if:
- You have access to the router's web interface (via a browser).
- You are using Android 9 or older and apply
ADB commands(does not work on all firmware versions). - Password saved in Google Account (if synchronization is enabled).
On Android 10+ Without root rights, the chances are minimal.
❓ Why isn't WPS Connect working on my phone?
Possible reasons:
- The router is new (manufactured after 2018) and does not support vulnerable WPS.
- You don't have root rights (the application requires
SUfor some functions). - The router manufacturer has disabled WPS by default (for example, MikroTik or Ubiquiti).
- You are trying to connect to someone else's network - this is illegal.
❓ How do I reset my router password if I forgot my login information?
Reset methods:
- Hard reset: Press and hold the button
ResetWait 10-15 seconds on the router. The settings will be reset to factory defaults. - Via mobile app: Manufacturers like TP-Link (Tether) or Xiaomi (Mi WiFi) allow you to reset your password through the app if you have linked your account.
- Calling provider support: If the router is from Rostelecom, MTS or Beeline, they can reset the settings remotely.
⚠️ After the reset, you will need to reconfigure your internet connection (enter your provider information).
❓ Is it possible to hack Wi-Fi with WPA3?
Theoretically WPA3 Resistant to most attacks, but there are some nuances:
- 🔹 Dragonblood: Protocol vulnerability
WPA3, discovered in 2019. Fixed in firmware updates. - 🔹 Dictionary attacks: If the password is weak (for example,
12345678), it can be picked up, but it will take years. - 🔹 Phishing: Attackers can create a fake network with the same name and intercept the connection.
In practice WPA3 reliable if you use a complex password and updated router firmware.
❓ Is it legal to use other people's open Wi-Fi networks?
Legal nuances:
- ✅ Allowed: Connecting to public networks (in cafes, airports), if there are no prohibiting signs.
- ⚠️ Gray areas: Neighbors' networks are openly accessible (without a password). Technically, this isn't hacking, but the owner can file a complaint for unauthorized use of traffic.
- ❌ Forbidden: Connecting to encrypted networks (
WPA2), if you do not have permission.
💡 Tip: If you frequently use open networks, install VPN (For example, ProtonVPN or Windscribe) to protect your data from interception.