Keyspace List for WPA on Default Routers
(12-12-2017, 09:14 AM)soxrok2212 Wrote: I would need to write a ton of code...

I quit coding long ago but I do have a basic understanding of BASH and, thanks to Mrfancypants, Python as well, so I'll take a closer look at that script you posted. In my opinion, they only left the script in that source code to confuse those of us brave enough to attempt cracking the WPA pass word. If the WPA pass word used the same method, they would have removed that script. And that script works totally differently from the key-gen I wrote. Still, it's worth a closer look.

The closest thing we have to a database is that list Mrfancypants left us. It seems people aren't too keen about sharing their personal stash of information around here.

[later...]

The script looks pretty simple. I thought it was a BASH script, but it doesn't want to run on my machine. Is it C?

I think if you just make a serial number file and change the character set it should run and produce some kind of a pass word. If the output matches the pass word you supplied, we have our answer. If not, I can tinker with the code a bit to see what I can get.

By the way... Thanks for the new password that came with that post. I forgot to add it to my list.
Reply
(12-13-2017, 12:28 AM)fart-box Wrote:
(12-12-2017, 09:14 AM)soxrok2212 Wrote: I would need to write a ton of code...

I quit coding long ago but I do have a basic understanding of BASH and, thanks to Mrfancypants, Python as well, so I'll take a closer look at that script you posted. In my opinion, they only left the script in that source code to confuse those of us brave enough to attempt cracking the WPA pass word. If the WPA pass word used the same method, they would have removed that script. And that script works totally differently from the key-gen I wrote. Still, it's worth a closer look.

The closest thing we have to a database is that list Mrfancypants left us. It seems people aren't too keen about sharing their personal stash of  information around here.

[later...]

The script looks pretty simple. I thought it was a BASH script, but it doesn't want to run on my machine. Is it C?

I think if you just make a serial number file and change the character set it should run and produce some kind of a pass word. If the output matches the pass word you supplied, we have our answer. If not, I can tinker with the code a bit to see what I can get.

By the way... Thanks for the new password that came with that post. I forgot to add it to my list.

It is pure bash. The thing is, mrfancypants' code could also generate the vATT network name so they much be somehow related. It probably won't execute because the path to the serial is not available on your system. Try hard coding a serial in. It is just a SHA1 of the serial then it picks characters from the charset base do on the hash.
Reply
(12-13-2017, 12:28 AM)fart-box Wrote: ... It seems people aren't too keen about sharing their personal stash of  information around here.
My personal stash was shared in its entirety a page back or so. If I had more, I'd share. 

Back on topic, I'm following this thread closely, cheering you on from afar!
Reply
(12-13-2017, 08:13 PM)soxrok2212 Wrote: It is pure bash...

That's exactly what I thought too, but my output says:

line 2: $'\r': command not found
line 4: $'\r': command not found
line 6: $'\r': command not found
gijTte7
line 52: $'\r': command not found
line 53: $'\r': command not found

As I re-read that, I think I've realized my mistake. I copied that script on a windows machine. All of those line numbers are blank lines. The errors are probably due to the unseen carriage returns DOS throws in.

I'm pretty sure I've got the path right. I've got the serial number file on my desktop, along with the script.

The capital 'T', as well as the other six characters that surround it have me puzzled though. If that's supposed to be the password, I'm wondering where the capital 'T' comes from, because it's not in my character set. And if I recall, the video password was thirteen characters long, not seven, or even twelve.

I haven't had much time to play with this this today, but I will keep at it when I can. I usually like to "step" through the code one line at a time so I can see what's going on, but that takes time. More time than I had to spare today.

And yes, Calexico, you've done your part, and I thank you again!
Reply
(12-14-2017, 12:51 AM)fart-box Wrote: The capital 'T', as well as the other six characters that surround it have me puzzled though. If that's supposed to be the password, I'm wondering where the capital 'T' comes from, because it's not in my character set. And if I recall, the video password was thirteen characters long, not seven, or even twelve.

Code:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!\"#\$%&'()*+,-./:;<=>?@[]_\`{|}~\\"


This is the charset... it generates the SSID only which is vATT + 7 characters, not the password. I think there was some statistical/mathematical for even distribution with modulo 37... or maybe it was 17. There was talk of it in a Diffie-Hellman exchange video somewhere online. Would start to make sense why they used it I guess, but it doesn't explain everything yet. I wish mrfancypant's had the serial posted for the sample he shared in the very early pages of this thread with the vATT SSID and PSK.
Reply
(12-14-2017, 01:56 AM)soxrok2212 Wrote: This is the charset...

Yes, in the BASH script, but I changed it to "our" character set, with no capital letters. That does explain the seven character output I got though. Thank you!

The 599 code Mrfancypants wrote that you mentioned earlier only checks to find approximately where (in his version of a generated pass word list) the characters you enter might exist. Then it finds the closest match, and prints it out.

After rewriting that BASH script on my Linux machine to eliminate DOS errors, I still get the exact same output. Perhaps you have a clue about what I'm doing wrong...?
Reply
I don't have a clue but perhaps you could try the code I linked you... I've only ran it on macOS (maybe linux? I don't remember) so I'm positive it works on a Unix system. Also one thing to note is I'm not sure whether there is a newline (or if it has any other information in it) at the end of the file containing the serial on an actual box... whether it has one or not changes the sha1 hash so this is something to consider as well. I would guess that it is possible that sha1 is used somewhere else to generate the keys but it doesn't explain (in some cases) the alternating ?d?1?d?1?d?1....
Reply