Keyspace List for WPA on Default Routers
Hi robertoakira1.

It is fixed.
Analyzing a few default pair of BSSID:KEY, you can see this relation. E.g:
BSSID                                 KEY

As you can see, every time the OUI is 6c198f the KEY start with 91E
That is valid for GVT ISP (Brazil).
If I can help with something more, just ask.

(09-09-2017, 04:06 AM)robertoakira1 Wrote: Hi Zarabatana,

thank you for the information.

Could you explain how did you get "91E" from "6c:19:8f"?


(09-07-2017, 08:36 PM)zarabatana Wrote: Hi all.

Thanks to a member of the forum, I have good news about the GVT network.
The task is not completed yet, but, we have a new informations to share.
1) the first 3 chars of the password come from OUI. E.g:
      OUI         Partial Pass    Router Brand
     6c:19:8f    91E             D-Link International
     84:c9:b2   N1B             D-Link International
     ec:22:80   S1E              D-Link International
So, if the router are a D-Link, we can get the 1st, 2nd and 3rd digts from from the OUI.
The last 6 chars are only numbers.
The 4th position can be number or letter.
The mask for hashcat is: <OUI - info>?1?d?d?d?d?d?d -1 ?u?d
The serial should be linked to the MAC, but i really lack the skill to analyze the firmware.
Any help will be more than welcome here.

A few pairs to analyse:
MAC                                     ESSID      WPA/WPA2

Thank you all!

Edit: link to download a firmware

(08-25-2017, 11:40 PM)zarabatana Wrote: Here in Brazil we have an ISP called GVT.
The default password is the Serial Number of the wireless router.
Here is an example:

PASS: N1B9027544
SERIAL: PJ2N1B9027544
MAC: 84:C9:B2:EB:8A:8A

Just count 10 chars from right to left, and that is the WPA/WPA2 Key.
My question is: there is a way to calculate the Serial Number?
D-link was used in this example, but, it can be Arcadyan, Sagemcom, etc. It always will be the Serial Number.
Using wireshark, the serial number received isn't the same in the stick on the bottom.
Thank you for your time.

Messages In This Thread
RE: Keyspace List for WPA on Default Routers - by zarabatana - 09-10-2017, 04:58 PM