|
Search Results
|
| Post |
Author |
Forum |
Replies |
Views |
Posted
[desc]
|
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| The following seems to be the format for most Ubee DVW326 routers (SSID DVW326.XXXXXX-2.4G):
-1 ?u?d -2 CDE ?2?H?14M1300?d?d?d?d |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
04-23-2017, 01:38 PM |
| |
|
Thread: Unknown salt
Post: Unknown salt
| I have a bunch of MD5 hashes created with an algorithm md5(md5($pass).$salt) where $salt is an unknown 3-character string (different for each hash.)
It seems that there's a semi-undocumented mode -... |
|
mrfancypants |
hashcat
|
5 |
5,390 |
05-21-2017, 02:35 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| All models I see on eBay have serial numbers ending on 4M1300****. It is possible that models with SNs ending on 3V100**** (as in the example given by the manual) also exist. |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
05-21-2017, 02:52 AM |
| |
|
Thread: Unknown salt
Post: RE: Unknown salt
| That would only work for a small number of hashes. Otherwise it'll slow down the attack a lot more than 95^3 (which is why I was hoping for an automated in-memory solution.)
Let's say I have a 100M w... |
|
mrfancypants |
hashcat
|
5 |
5,390 |
05-22-2017, 07:10 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| ATTxxxxxxx's bug me, they are up to 20% of all my uncracked handshakes and they seem to be invulnerable to all attacks.
I've collected more passwords from eBay, with associated SSIDs, MACs, SNs and... |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
06-05-2017, 12:06 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| Meanwhile I spent an unproductive day trying to reverse engineer the router firmware. It is not uncommon that the WPA key is generated internally by the router from the serial number (https://www.usen... |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
06-06-2017, 05:59 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| Said the guy named "epixoip" |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
06-06-2017, 07:20 PM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
|
soxrok2212 Wrote: (06-07-2017, 12:21 AM)
--
mrfancypants Wrote: (06-06-2017, 05:59 AM)
--
P.S. In case anyone ever wants to pick up where I left off, here are some pointers.
Firmwares are at http:/... |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
06-09-2017, 10:56 PM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
|
soxrok2212 Wrote: (06-10-2017, 05:33 AM)
--
I grabbed a few copies before they were removed. Unfortunately I don't have much time to work with this, but where did you get the firmware? Btw, you can t... |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
06-12-2017, 03:14 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
|
soxrok2212 Wrote: (06-17-2017, 05:13 PM)
--
I have the firmwares extracted and file systems mounted, but only /bin is populated. There are just common linux binaries. In the past, the only relevant b... |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
06-19-2017, 11:36 PM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
|
fart-box Wrote: (06-20-2017, 10:12 PM)
--
I'm afraid I have to agree with Mrfancypants when he said "it looks like these routers come with the 10-char SSID and the non-alphanumeric password burned di... |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
06-21-2017, 08:32 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| I've finally worked out part of the algorithm for 589/599. Not enough to crack it (in fact, with what I worked out, it's totally possible that it's [effectively] uncrackable because they feed it from ... |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
06-28-2017, 03:19 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| AHA!
Code:
--
>>> def gen_599_pw(x):
... x=int(float(x*(2**32+2)))
... pw=''
... for n in range(0,12):
... rem=x%37
... pw=pw_charset[rem... |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
06-30-2017, 12:01 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
|
fart-box Wrote: (06-29-2017, 09:24 PM)
--
I hope that you will explain this in great detail for the benefit of those of us who struggle with programing. I, for instance, got lost at your clue 'set bi... |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
06-30-2017, 12:38 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| That's Python (2.x) and no, you don't need an environment or an IDE, you can even do this
https://repl.it/JMbi/0
I go for MSVC++ for computationally expensive stuff, but, for basic analysis, command... |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
07-04-2017, 08:51 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
|
fart-box Wrote: (07-05-2017, 12:21 AM)
--
Thank you, Mrfancypants! Maybe I'm getting too old for this, but Python never even crossed my mind for some reason. Less than a minute after booting up Linux... |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
07-05-2017, 02:16 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| Alpha version of the keygen for NVG589:
Code:
--
pw_charset='abcdefghijkmnpqrstuvwxyz23456789#%+=?'
def pwgen589(x):
x=int(x*465661287.5245797)
pw=''
for n in range(0,6):
pw=p... |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
07-09-2017, 10:40 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| Give me the first 8 letters of the key from your 589. |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
07-10-2017, 12:07 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
| That's a 599-type password (my previous code snippet) (some 589s have these) and the complete password should be b=+#gc5qr9gt
https://repl.it/JMbi/4 |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
07-10-2017, 02:37 AM |
| |
|
Thread: Keyspace List for WPA on Default Routers
Post: RE: Keyspace List for WPA on Default Routers
|
devilsadvocate Wrote: (07-12-2017, 02:52 AM)
--
Regarding the 2 that were almost correctly calculated, the passphrase with the exception of the last 2 characters were guessed correctly, but the last ... |
|
mrfancypants |
User Contributions
|
182 |
305,379 |
07-13-2017, 08:54 PM |
