Faster ?! (Default) WPA Password Cracker

Printable View

11-18-2008, 11:19 AM
H.D.C.

Faster ?! (Default) WPA Password Cracker

The Idea:

Default WPA passwords are mostly 10 chars (HEXCHARS) -> 0123456789ABCDEF

oke,

if you want to make a wordlist, the size of the list will be more then 10Gb! so leave it..

now... if we grep the source of aircrack-ng and a wordlist maker...

Modified AirCrack-NG Description/Parameters.

aircrack-wpa-ng [handshake-file] [Start Password] [End Password]

and open it like 50 times / threads.

First .. -> 00000000000 - 1000000000
Sec .. -> 10000000001 - 2000000000

,,
,,
,,
,,
Last -> F0000000000 -> FFFFFFFFFF

If you have a fast comp. then we can break it in more threads..

Is this a solution for WPA cracking without wordlist?!, or does a bruteforcer exist? I didn't google it but don't think so..

If the password is found kill all active windows.. and store it in /tmp/WPA-FOUND.txt ..

:\ I think it's better then creating a 10char HEXDEC wordlist.. for the USB Drive

If you think it's usefull I gonna take a look this week.. And finish it
11-18-2008, 01:11 PM
purehate

Quote:

Default WPA passwords are mostly 10 chars (HEXCHARS) -> 0123456789ABCDEF

I'm not sure where your getting your information but this is highly incorrect. WPA passwords can be between 8 and 63 chars. and most routers (to my knowledge) dont have a default.
11-18-2008, 01:24 PM
Talkie Toaster

Most HOME routers i've come across use 10 digit default password, usually derived from some kind of algo applied to the serial number (10 digits can also be made into a 64bit WEP pass), and 26 digits is getting common too on newer routers.

Your best hope against these is research, if for example you know manufacturer A uses a MD5 hash of the serial number to produce the default password, then you would know to only target a-f and 0-9 (MD5 only outputs hex so a-f,0-9) or others use only capital letters in their default password.

This would all be defeated by the user simply changing their passphrase off the default one, sadly they'd probably change it to a dictionary word..... :)

google google google man!
also GNU citizen, check out Adrian Pastor's work with SOHO routers :D

TT
11-18-2008, 02:54 PM
marked

Quote:

Originally Posted by Talkie Toaster

Most HOME routers i've come across use 10 digit default password, usually derived from some kind of algo applied to the serial number (10 digits can also be made into a 64bit WEP pass), and 26 digits is getting common too on newer routers.

Your best hope against these is research, if for example you know manufacturer A uses a MD5 hash of the serial number to produce the default password, then you would know to only target a-f and 0-9 (MD5 only outputs hex so a-f,0-9) or others use only capital letters in their default password.

This would all be defeated by the user simply changing their passphrase off the default one, sadly they'd probably change it to a dictionary word..... :)

google google google man!
also GNU citizen, check out Adrian Pastor's work with SOHO routers :D

TT

I know i've spoken about this before but its one of my favourite subjects, the BTHomeHub.
I have a new V2.0, the 11n one. There was a rumor doing to rounds that the default WPA2 key doesn't uses 0 and 1. I can confirm that my default doesn't have those to numbers but I haven't used any other BTHH V2.0 to check this. This could mean that it uses 2-9 and a-f and its only 10 digits.

The other thing I have found is that most BT users don't even log into there routers as they face a page to change their admin login password and if the page appears then it means they haven't changed there key.

Its true about the serial number being used to generate to key and the s/n uses 0-9 and A-Z.

The the orignal poster, it may be worth doing a bit of research on the types of router that broadband supplies use and default password lenghs. AOL and SKY in the UK use Netgear and they have a defauly algorithm.