The other day I was away from home and had to ask someone for their wireless password. At the time of asking the only device I had open was my phone. I knew I’d need the password later for my laptop to get some work done, but I figured I’d bother with that when the time came. Unfortunately when the time came around it was 1AM and it was far too late to ask anyone the wireless password. That being said, I decided I’d dive into my Android’s file system and see if I couldn’t figure out how to harvest saved WiFi passwords from the device. It turns out it’s crazy easy–too easy. What you’ll need is a good file explorer. What I use personally is Root Explorer, but if you are just looking for a quick free solution you might want to check OI File Manager. If you have CyanogenMod installed you should have OI File Manager by default!

Either way once you have a file manager installed open it up on your device and navigate to the following location:

/data/misc/wifi

Once inside you should see a handful of files. Open the very last one labeled wpa_suppliciant.conf as shown below:

When prompted select Open With and then select one of the basic text editors from the list. Root Explorer has a few options, but depending on the file manager you are using this could be vastly different. In this example I am using Text Viewer.

Once the file opens up you should see very neatly the following saved lines of data (that oddly remind me of CSS!) for your network information:

network={

ssid="NETWORK_NAME_HERE"

psk="PASSWORD_HERE"

key_mgmt=WPA-PSK

priority=1

}

Each network you’ve saved on your device should have a network bracket that accounts for it. After ssid= you’ll find the network name and what follows psk= (or wep_key0= if the network is WEP based) is the password for the network you are looking at.

That’s that. You’ve successfully located where Android stores your Wireless passwords. Personally I didn’t expect it to be saved in plain text, but I suppose it’s not like this information is stored in the cloud–just your device locally. Either way it’s another good reminder to not use your website passwords as passwords for your Wireless network as anyone can easily discover it even if you enter it in for them.