BTHomeHub2 Default Router Algorithm
I have been following previous work conducted by several forum members exposing the default network key algorithms of various routers (i.e. Sky V1/V2, BTHomeHub V1, Tiscali etc).
I have recently noticed that the BTHomeHub2 is becoming increasingly popular here in the UK and would like to try and secure some interest to assist in reverse engineering the algorithm in this baby. With such a large consumer base, any potential security defects should be explored in order to raise awareness of any exploitable problems.
If anyone has done any work on this, is willing to contribute, or has any decent suggestions then please reply!
At the time of writing there are 2 versions of the BT Home Hub 2.0. The A and the B model The hardware contained within the HomeHub v2.0A was manufactured by Thomson Speedtouch whom bought up Inventel and all their hardware and software rights. This model is electronically identical to the Thomson Speedtouch TG797n.
The hardware contained within the HomeHub v2.0B was manufactured by Siemens's Gigaset division in Germany. The middleware was developed by Jungo a subsidiary of NDS, and is based on their openRGTM product. The product is very similar to the smartBox sold by Orange Israel.
Also, source code can be found at http://www.btyahoo.com/broadband/adh...s/gplcode.html which has been released under the GNU public licence. Hopefully someone has the expertise to pick through this and find the algorithm steps to encode SSID and network key.