Creating a password list for the BTHomehub2 for PSK cracking

[TAPE]

Hey Scamentology,

Just out of interest, I note you are not using the -u switch to supress the info
on wordlist size and line(word) count.

In my tests it has not negatively affected the results (not using the -u switch that is),
however interested to hear whether you have experienced the same on a continuous basis ?

It works great

Here is how I would run it in OPs situation

Code:

./crunch 10 10 1234567890abcdefg | pyrit -e ssid -r ssid.cap -i - attack_passthrough

[stdape77]

Well if someone makes a complete database. would be good. Wish i could run 4 cards and afford them. Mind u database would be so big !!.
Be good to crack the algorithm, but aint going to be easy.

[Scamentology]

I have had no issues without the -u switch. I usually never do more than 2 billion guesses though. just stick to the zip codes of the area - my typical command is below

Code:

./crunch 10 10 -t 213%%%%%%% | pyrit -e ssid -r ssid.cap -o /root/pass.lst -i - attack_passthrough

and caught a couple this way

Code:

./crunch 12 12 -t 650-%%%-%%%% | pyrit -e ssid -r ssid.cap -o /root/pass.lst -i - attack_passthrough

I assumed pyrit just hashed the wordcount output

Hey Scamentology,

Just out of interest, I note you are not using the -u switch to supress the info
on wordlist size and line(word) count.

In my tests it has not negatively affected the results (not using the -u switch that is),
however interested to hear whether you have experienced the same on a continuous basis ?

[burpsmirk]

Just wondering if anyone got anywhere with this?

Seems there's still no BTHomeHub2 algorythm publically available, and have been doing some figures on brute forcing the default key... A trillion possible combinations (16¹⁰) at 13,000 keys/s would to take (me) 2.5 years, and even removing all keys that contain repeating/incrementing sequences (eg 7777a1b2c3 or a1b12342c3) saves a valiant 3.6 billion combinations, but that only equates to about 0.36% (3.5 days).

No one had any other ideas/come across anything useful? Given the inherent tenacity of a pentester, I can't believe this isn't driving anyone else nuts!