+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: General Talk (https://hashcat.net/forum/forum-33.html)
+--- Thread: Not so random 11 digits? H112-370 (/thread-10232.html)
Not so random 11 digits? H112-370 - doraimon0 - 07-27-2021
Hello everyone.
Nice to be here with the HC community
I have a huawei router 5GCPE H112-370
This device have a [0-9][A-Z]
or from what i see it..
I was thinking that modern routers have gotten better in terms of security.
in the past there was routers that had 8 digits default password which is really dumb..
But right now this 11 digit password seems unbreakable, or at least this is how i see it.
But there is something that made me think again about this one !
After some digging on google i found out that this model "H112-370"
Have the same first 8 digits of IMEI number
and the first 11 digits of S/N
the last 7 digits of imei is dynamic.
same thing with S/N the last 5 digits are also dynamic.
here is example:
SSID:Zain_H112-7FFA
S/N: 1123700800035334
IMEI: 867206042032305
WPA: FAMGJ2YQNFM
WPS: 32630534
_____________________
SSID:Zain_H112-F4CF
S/N: 1123700800005629
IMEI: 867206040998028
WPA: J65TFH1N8QH
WPS: 39100238
End of example..
maybe it's some how generates the WPA from the serial number or imei?
i have a firmware if anyone is interested, but sadly it's encrypted binary file
If anyone has encountered a similar situation i would really like to hear from you.
Thanks...
RE: Not so random 11 digits? H112-370 - drsnooker - 07-27-2021
Look at the evolution of the pskracker algorithm for nvg589 and nvg599! It's in the user contribution / default keyspace
RE: Not so random 11 digits? H112-370 - doraimon0 - 07-29-2021
(07-27-2021, 10:06 PM)drsnooker Wrote: Look at the evolution of the pskracker algorithm for nvg589 and nvg599! It's in the user contribution / default keyspace
Thanks i will see it !
RE: Not so random 11 digits? H112-370 - doraimon0 - 07-31-2021
(07-27-2021, 10:06 PM)drsnooker Wrote: Look at the evolution of the pskracker algorithm for nvg589 and nvg599! It's in the user contribution / default keyspace
Well i feel dumb.
tried to understand that algorithm but i didn't get it.
i will try to extract the firmware with binwalk and see what information i can get
RE: Not so random 11 digits? H112-370 - drsnooker - 08-01-2021
This was pulled from the firmware from one of the routers. I'm sure SoxRok2212 doesn't mind me sharing, but the algo you're looking for is likely similar
#!/bin/sh
# Generate a unique video SSID from the box's serial number
charset="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!\"#\$%&'()*+,-./:;<=>?@[]_\`{|}~\\"
cat /sys/module/board/parameters/serialnumber | openssl sha1 | awk '
{
hash = $2;
sizeof_charset=split( chars, charset, "" );
hex[0] = "0";
hex[1] = "1";
hex[2] = "2";
hex[3] = "3";
hex[4] = "4";
hex[5] = "5";
hex[6] = "6";
hex[7] = "7";
hex[8] = "8";
hex[9] = "9";
hex[10] = "a";
hex[11] = "b";
hex[12] = "c";
hex[13] = "d";
hex[14] = "e";
hex[15] = "f";
for(a=0; a<16; a++)
{
for(b=0; b<16; b++)
{
idx = 16*a + b;
str = sprintf( "%s%s", hex[a], hex[b] );
bighex[ str ] = idx;
}
}
resultstr = "";
for(i=1; i<= length(hash) && i <= 14; i += 2)
{
str = substr(hash, i, 2);
idx = bighex[ str ];
idx = idx % sizeof_charset;
resultstr = resultstr charset[idx];
}
print "vATT" resultstr;
}' chars=$charset