Keyspace List for WPA on Default Routers
(04-19-2018, 09:29 PM)taxil Wrote: Is it possible to identify which model is being used for a ATTXXXXXXX AP from a handshake? Specificlly NVG589 vs NVG599 vs neither?

----UPDATE I found my answer, I was able to search the packet bytes for strings = NVG589, NVG599

If it has digits at positions 4,6,8,10: probably NVG589
If it has a letter at the position 4: probably NVG599 or more recent
If it has a digit at 4 but at least one letter at 6, 8, and 10: probably 5268AC

You can also run the first 3 bytes of the MAC through OUI lookup; 5268AC will return as 'Pace' and NVGxxx will return as 'Arris'

