Results 1 to 10 of 10

Thread: HEX only wordlist generator? (WEP/WPA)

  1. #1
    Senior Member Talkie Toaster's Avatar
    Join Date
    Jun 2008
    Location
    Scotland
    Posts
    131

    Question HEX only wordlist generator? (WEP/WPA)

    i have recently been looking into the default WEP/WPA keys used on many modern wireless routers, and it seems that on quite a few (in the UK anyway) the default WEP/WPA key and the last 4 or 6 characters of the essid are produced by "padding" the serial number of the router up to a certain length,MD5 or SHA-1 hashing it and then using parts of the resulting hash string. Here is a example for the BTHomeHub, a Thomson router given away by the main isp in Britain.

    S/N: CP0647EH6DM(BF) (serial number)

    Remove CC and PP values: CP06476DM

    "XXX" values hex-encoded: CP064736444D (the last chars 3 changed to hex)

    SHA1-ed: 06f48a28eba1ab896a396077d772fd65503b8df3

    Default SSID: BTHomeHub-8DF3

    Default encryption key: 06f48a28eb

    Now the 10 digit key can either be used as a WEP 64 key or used as a seemingly ramdom looking 10 character WPA passphrase depending on what your router defaults too. Only its not as ramdom as it looks, as after it has been hashed it contains only Hex,so 0-9 and a-f, cutting a massive amount off the number of possible combinations.

    I have hunted and searched for a wordlist generator or bruteforcer that will work with JUST 0-9,a-f and maybe A-F too but i'm drawing a blank, every programme or script i find wants to use whole charsets and i can't find any easyily let you alter the characters being used.
    While searching the forum all unusual wordlist generator requests seem to get sent onto the programming sub-forum so i thought i'd try here first! Does anyone know of such a programme/script or one that can be easily modified(by a newbie)?

    Thanks in advance,

    Talkie Toaster

  2. #2
    Senior Member Talkie Toaster's Avatar
    Join Date
    Jun 2008
    Location
    Scotland
    Posts
    131

    Default

    *bump*

    anyone? A programme/script to make a hex (0-9,a-f) wordlist must be out there somewhere....

    p.s. thought i should say the process ^above^ is not my own, it came from Adrian Pastor at GNU citizen, was just using it as a example as its quite a simple one.

  3. #3
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default

    learn bash you can do it with a for i in loop

    set all yer vars and convert the numbers to hex IE 1=a 2=b etc ...

  4. #4
    Junior Member
    Join Date
    Dec 2007
    Posts
    44

    Default

    this sounds simple enough to do in C, but im too lazy now (its damn hot).. maybe in a few weeks.. cheers..

  5. #5
    Senior Member Talkie Toaster's Avatar
    Join Date
    Jun 2008
    Location
    Scotland
    Posts
    131

    Thumbs up Thanks....

    Thanks for your suggestion operat0r, i'm learning bash right now but hadn't thought of using it, i'll use this as my first 'proper' (not out a book) project, prepare for some bash related questions!!

    and karabaja4 quite a few people seem interested in default WPA codes in routers, which if they are easily predictable are just as bad as WEP..... A tool written in C which will output to a text file or to a pipe for handling by another programme would be a great addition to most peoples tools, and i'm sure other uses could be found for it.....

    TT

  6. #6
    Junior Member SWFu64's Avatar
    Join Date
    Jan 2010
    Posts
    97

    Default

    Thanks to reading bofh28's great password cracking guide this might be the very script you require:

    hxxp://freshmeat.net/projects/wg/

  7. #7
    Junior Member
    Join Date
    Dec 2007
    Posts
    44

    Default hex wordlist generator

    Toaster - i think i made what you are looking for.

    Here is the code:

    Code:
    //made by karabaja4
    
    #include <stdio.h>
    #include <stdlib.h>
    
    int main(int argc, char** argv)
    {
        char format[10];
    	
        unsigned long long last = 0;
        unsigned long long i;
    	
        if ((argc != 2) || (atoi(argv[1]) > 16)) {
            printf("\n hex wordlist generator - by karabaja4\n\n");
            printf(" usage: ./hwg n > wordlist.txt\n");
            printf(" n - number of digits (max 16)\n\n");
            exit(0);
        }
        
        sprintf(format, "%s%s%s", "%0", argv[1], "llx\n"); //linux (gcc)
        //sprintf(format, "%s%s%s", "%0", argv[1], "I64x\n"); //windows (mingw)
        
        for (i = 0; i < atoi(argv[1]); i++)
        	last = ((last + 1) * 16) - 1;
    	
        for (i = 0; i < last; i++) printf(format, i);
        printf(format, last);
    	
        return 0; //hooray!
    }
    save it as hwg.c and to compile it do:

    Code:
    gcc hwg.c -o hwg
    to run it do:

    Code:
    ./hwg n > wordlist.txt
    where n is the number of hex digits (maximum 16 digits, hope it's enough). to see the output on the screen remove the > wordlist.txt part.

    IMPORTANT! I didn't test the pipelinening password feed, test it and if it works please let me know (let me know if it doesn't work too )

    have phun

  8. #8
    Senior Member Talkie Toaster's Avatar
    Join Date
    Jun 2008
    Location
    Scotland
    Posts
    131

    Smile

    Many thanks karabaja4, I'll check it tomorrow night when i get time to get my lappy out i'm at a vista machine just now, I'm stuck learning microsh*te access just now....

    TT

  9. #9
    Member M1ck3y's Avatar
    Join Date
    Jul 2008
    Location
    Lost in the darkness
    Posts
    72

    Default

    Watch out for my script "Giga password Generat0r". It has 23 differents modes for generating almost everything, including hexadecimal and personnal charset. The script is using the crunch generator, which makes it really fast to generate. The script is still in dev, I will add more modes later so that it will cover all the possibilities, including special chars and blank spaces.

    The script is still in french yet, I will translate it when I will find some time.

    You can download the script here: Giga Password Generat0r v 1.2 (latest version with 23 generating modes)

    Here is the menu (in french for now):



    All the details about how the script works and how to use it:
    -Giga Password Generat0r little how to (in french)
    -Giga Password Generat0r little how to (translated in english with google translation)

    The 23 modes allows you to make almost every possible dictionary, I hope it will help
    Last edited by M1ck3y; 08-05-2010 at 10:06 PM.
    --~ Internet is in the air we are breathing, so it should be free for everyone. We'll get there, just wait and see... ~--

  10. #10
    Senior Member Talkie Toaster's Avatar
    Join Date
    Jun 2008
    Location
    Scotland
    Posts
    131

    Cool wow....

    I cant wait for final, shame i did German instead of French at school.....!

    many many thanks,

    TT
    Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •