Zum Inhalt wechseln

Als Gast hast du nur eingeschränkten Zugriff!


Benutzerkonto erstellen

Du bist nicht angemeldet und hast somit nur einen sehr eingeschränkten Zugriff auf die Features unserer Community.
Um vollen Zugriff zu erlangen musst du dir einen Account erstellen. Der Vorgang sollte nicht länger als 1 Minute dauern.

  • Antworte auf Themen oder erstelle deine eigenen.
  • Schalte dir alle Downloads mit Highspeed & ohne Wartezeit frei.
  • Erhalte Zugriff auf alle Bereiche und entdecke interessante Inhalte.
  • Tausche dich mich anderen Usern in der Shoutbox oder via PN aus.



UPC WPA2 key recovery tool!

- - - - -

  • Bitte melde dich an um zu Antworten
Keine Antworten in diesem Thema




  • Members
  • Likes
  • 6 Beiträge
  • 3 Bedankt
 * ----------------------------------------------------------------------------
 * <peter@Haxxor.in> wrote this file. As long as you retain this notice and don't
 * sell my work you can do whatever you want with this stuff. If we meet some 
 * day, and you think this stuff is worth it, you can intoxicate me in return.
 * ----------------------------------------------------------------------------
 * upc_keys.c -- WPA2 passphrase recovery tool for UPC%07d devices
 * ===============================================================
 * You'd think vendors would stop using weak algorithms that allow
 * people to recover the credentials for a WiFi network based on
 * purely the ESSID. Sadly, these days aren't over yet. We've seen
 * some excellent recent research by Novella/Meijer/Verdult [1][2]
 * lately which illustrates that these issues still exist in recent
 * devices/firmwares. I set out to dig up one of these algorithms 
 * and came up with this little tool. 
 * The attack is two-fold; in order to generate the single valid
 * WPA2 phrase for a given network we need to know the serialnumber
 * of the device.. which we don't have. Luckily there's a correlation
 * between the ESSID and serial number as well, so we can generate a
 * list of 'candidate' serial numbers (usually around ~20 or so) for 
 * a given ESSID and generate the corresponding WPA2 phrase for each
 * serial. (This should take under a second on a reasonable system)
 * Use at your own risk and responsibility. Do not complain if it
 * fails to recover some keys, there could very well be variations
 * out there I am not aware of. Do not contact me for support.
 * Cheerz to p00pf1ng3r for the code cleanup! *burp* ;-)
 * Hugs to all old & new friends who managed to make it down to 32c3! ykwya!
 * Happy haxxing in 2016! ;-]
 * Cya,
 * blasty <peter@Haxxor.in> // 20151231
 * UPDATE 20160108: I added support for 5GHz networks. Specifying network
 * type is mandatory now. But as a bonus you get less candidates. :-)
 * P.S. Reversing eCos and broadcom CFE sux
 * $ gcc -O2 -o upc_keys upc_keys.c -lcrypto 
 * References
 * [1] https://www.usenix.org/system/files/conference/woot15/woot15-paper-lorente.pdf
 * [2] http://archive.hack.lu/2015/hacklu15_enovella_reversing_routers.pdf


Please Login HERE or Register HERE to see this link!




  • NichtDiePolizei und tinarchin gefällt das

Thanked by 3 Members:
Siggisuper , tinarchin , NichtDiePolizei

  Thema Forum Themenstarter Statistik Letzter Beitrag

Besucher die dieses Thema lesen:

Mitglieder: , Gäste: , unsichtbare Mitglieder:

This topic has been visited by 56 user(s)

    , abuleyla, and6578, bangsder, blue_eyed_devil, Ch!ller, chick0n, Chuckmaster, cX., Cyber Tjak, cyraxx85, datr1xa, Dean36, fabi, Fliege*, Framerater, frechdax, funstyler, gutzuu, hackeris, hacky61, hardstyle1983, Haxlor, JackTheHerer, JohnR, KiiNGDeZz, len0, MDDD, mettbrot, Mr_NiceGuy, mrundercover, n1nja, NichtDiePolizei, nischke, old_panther, p0pc0rn, PaulaAbdul, peppi200, Rapt0r, ReBBeL, SavE1, seppsan, Siggisuper, Silasge, Silent0wn3r, Smokyjoe, Stanley, Subnet, Take1T, Terrafaux, TheMothafuckaa, tinarchin, vital, White-Warti, xBaka, xFAUSTx
Die besten Hacking Tools zum downloaden : Released, Leaked, Cracked. Größte deutschsprachige Hacker Sammlung.