Keyspace List for WPA on Default Routers
(01-31-2018, 11:36 PM)fart-box Wrote: Long ago, someone contributing to this thread purchased an NVG router from E-bay to use for testing. Was that you, soxrok2212?

If so, would you (or anybody else who owns an NVG router) please post the entire contents of the serial number file referenced in that BASH script? It's location is at "/sys/module/board/parameters/serialnumber".

If security is a concern, you could just send it to me attached to a private message through this forum.

I've arrived at the conclusion that these passwords are selected at random, so they must be generated from some mystery input. Since the VSSID is generated from the serial number, I feel that's a good place to start looking for the password as well.

I want to be sure I've got the format correct, along with any other information contained in the serial number file, because just throwing a number into that BASH script isn't getting me anywhere close to the correct password.

Also, I've downloaded those binary's soxrok2212 pointed us to a few posts ago, but I haven't been able to unpack them using my normal tools. Any advice would help.

I do have an NVG589 or 599, don’t remember which one. I don’t have time to work with it right now but at the next opportunity I will get that information for you.
(02-01-2018, 05:14 PM)soxrok2212 Wrote: I do have an NVG589 or 599...

Thank you, soxrok2212. Any ATT router will do, and everybody is welcomed to send or post the serial number file from any ATT router in case soxrok2212 just can't find the time. Sometimes people get busy.

I'm reasonably certain that ATT passwords are not selected using any definitive multiplier or divisor. Therefore they must be derived much the same way as the video SSID is derived using that BASH script soxrok2212 posted, while using some "mysterious" input.

Since the SSID's and MAC's are so easy to obtain, it's only logical that they would use something like the serial number to generate the password.

So I've just been throwing numbers at that BASH script, which doesn't work. I suspect there's something else in that serial number file which will change the sha1 output. Maybe it's something as simple as "SN=", or maybe a line of text that's been commented out with a '#' symbol. I wont know until I can see a file and test it's contents.
Do you have any info on ASUS routers?
(02-06-2018, 10:22 AM)Codsworth Wrote: Do you have any info on ASUS routers?

I met one ASUS RT-N11P and it has WPA2-PSK that looks like this: ?l?l?l?d?d?d?l?l?l

(The characters involved are: 8,2,4,k,f,t,s,w and one letter shows up two times in a row). I guess the worst case keyspace is [0-9, a-z], 9 characters long...
Do you have any info on Pegatron routers?
Pegatron has 9 (nine) digits.
Thank You.
(02-13-2018, 11:23 AM)jurasjo Wrote: Do you have any info on Pegatron routers?

In my experience they are almost always 27?d?d?d?d?d?d?d or 28?d?d?d?d?d?d?d. But they definitely start with number 2, for the second number I've never seen anything but 7 or 8...