Keyspace List for WPA on Default Routers - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Misc (https://hashcat.net/forum/forum-15.html) +--- Forum: User Contributions (https://hashcat.net/forum/forum-25.html) +--- Thread: Keyspace List for WPA on Default Routers (/thread-6170.html) |
RE: Keyspace List for WPA on Default Routers - landsome - 08-13-2018 anyone have the default keyspace for honhaipr routers? RE: Keyspace List for WPA on Default Routers - FelisaLDore - 08-16-2018 The password appearing on wireless router is default but seems secure. Due to various reasons, ISPs restrict the password’s keyspace that are present on the routers. Google cache is helpful to you as most of the info was borrowed from the routerkeygenPC github project. One can go for wireless-modem and can get help from key generator sites like allkeysgenerator.com for hassle-free solutions. RE: Keyspace List for WPA on Default Routers - JCas - 08-16-2018 Sapphire_XXXXX [0-9][len8] Also most users can't seem to figure out how to change the default PSK as the process isn't very intuitive. FYI these are 4G pucks that are popular throughout the middle east. RE: Keyspace List for WPA on Default Routers - soxrok2212 - 08-23-2018 In regards to the ATT Pace algorithm, I’ve found some leads in the firmware here: https://mirrors.napshome.net/ATTGatewayFirmware/5268ac/10.6.0.530094-PROD/5268.install.pkgstream I’ve only had a few minutes to look but do a quick Greg for “default_key” and you may be able to catch onto my drift. I’ll try to look at it more ASAP. RE: Keyspace List for WPA on Default Routers - ZerBea - 08-24-2018 Hi soxrok2212. Did a quick binwalk, unsquashfs and radare2 on some files and noticed that the values are retrieved from the board: ls /sys/module/board/parameters/*.* or by debugsys --info squashfs-root/usr/lib/libwifi.so will use/print that values. squashfs-root/usr/bin/get_diags_tar.sh retrieve s/n for example. squashfs-root/etc/rm.conf contains possible dummy values: [post] enabled=no url=https://192.168.2.50/req-new.php agent=AirTies Remote Monitor/0.01 bootcounter=2134 mac=aa:4d:23:54:cf:16 productID=215322134 serial=at2241507000102 period=60000 There are also some certs inside the pkgstream. RE: Keyspace List for WPA on Default Routers - soxrok2212 - 08-24-2018 (06-28-2017, 03:19 AM)mrfancypants Wrote: I've finally worked out part of the algorithm for 589/599. Not enough to crack it (in fact, with what I worked out, it's totally possible that it's [effectively] uncrackable because they feed it from a RNG), but enough to understand how passwords are being constructed. Given that the sha1 of the serial number is used to generate the vATT SSID, there has to be a correllation if mrfancypants was able to recover everything here. The script I found is useful somehow, and sha1 with the serial HAS to be used to generate the keys. If only we had the serial number from that eBay sticker... I *might* have a way to recover it. RE: Keyspace List for WPA on Default Routers - soxrok2212 - 09-06-2018 (09-06-2018, 02:04 AM)fart-box Wrote: Regarding the 5268ac... The other bad news is it seems that I've lost my 599... I can't, for the life of me, remember where I put it so for now, it's not likely that I can even examine that file. RE: Keyspace List for WPA on Default Routers - ApJack - 11-05-2018 I collected about 40 PACE 5268AC router serials, mac addresses, SSIDs, and passwords from different sources online. I havent been able to come up with any correlation. Following this thread I thought this might help. I have been trying to figure out where the default passwords are coming from. I will keep working on this there has to be some type of algorithm or something that selects the password, this can not be randomly selected. Using only these characters 23456789 abcdefghijkmnpqrstuvwxyz +=%?# RE: Keyspace List for WPA on Default Routers - royce - 05-05-2020 See also: ALU/Nokia GPON Admin and WIFI keygen https://git.lsd.cat/g/nokia-keygen Hak5 forums Table of WiFi Password Standards (2016) https://forums.hak5.org/topic/39403-table-of-wifi-password-standards/ RE: Keyspace List for WPA on Default Routers - ZerBea - 05-16-2020 ...and if you don't have the default ESSID (with the 4 xdigits, required by the WIFI keygen), $ hcxpsktool --digit10 will calculate the whole key space , based on wpa-sec analyses (known SEEDs): $ hcxpsktool --digit10 | wc no hashes loaded 7077888 7077888 77856768 Please notice: The SEED not identical to the 4 xdigits within the ESSID. If you need to calculate the SEED: [attachment=734] $ gcc -o calcseed calcseed.c -l crypto $ ./calcseed xxxx dddddddd result: ssss xxxx dddddddddd ssss = calculated SEED xxxx = 4 digit of the ESSID ddddddddddd = valid PSK |