Home » Post Item » [UPDATED] PPC STKeys 1.4 - Get default key algorithm in Thomson (most popular DSL router in PT [Meo...

[UPDATED] PPC STKeys 1.4 - Get default key algorithm in Thomson (most popular DSL router in PT [Meo] and UK)!

Saturday, September 12th, 2009

The Thomson Speedtouch default WEP/WPA algorithm

Unlike james67, Kevin’s strategy to crack default WEP/WPA algorithms involve debugging setup wizards shipped by some ISPs, as opposed to debugging the router which uses the default key algorithm. Kevin obtained a copy of such wizard (”stInstall.exe”) provided by Orange in Spain – which can be found on broadband customers’ installation CDs. Such setup utility allowed him to figure out the default key algorithm.

In short we have: S/N -> hash -> default SSID and encryption key which can be read as: a hashed version of the router’s serial number is generated which is then used to derive both, the default SSID and the default encryption key. This is just a high-level overview of the algorithm.

Take as example: “CP0615JT109 (53)”

Remove the CC and PP values: CP0615109

Convert the “XXX” values to hexadecimal: CP0615313039

Process with SHA-1: 742da831d2b657fa53d347301ec610e1ebf8a3d0

The last 3 bytes are converted to 6 byte string, and appended to the word “SpeedTouch” which becomes the default SSID: SpeedTouchF8A3D0

The first 5 bytes are converted to a 10 byte string which becomes the default WEP/WPA key: 742DA831D2

Original Article

I decided to create a tool for Windows Mobile (Pocket PC)!
Note that the process is a little slow, the tool works as background thread, and check about
1000 keys per 5 secund..
Tested with my HTC Touch Viva, processor @ 201 MHz.

Screen Shots:

System requirements: Windows Mobile 5 or 6
Microsoft .Net Compact Framework 2.0 (get here)

V.1.4

Changes:
[+] Add Listview to show all possible keys;
[+] Reorganized UI;
[+] Add ScrollBars to support all resolutions;
[+] Minor bugs fix.

Download CAB: http://rapidshare.com/files/280780531/PPC_STKeys_v.1.4.CAB
Download Source Code (VB.NET 2008): http://rapidshare.com/files/280340150/PPC_STKeys_V.1.4_Source.rar
 

V.1.2

Changes:
[+] Fix bug on hash checker, now after found possible key the thread will stop..
[+] Add new tab Advanced to set the weeks range..
[+] Fix some small bugs.

Download BIN + SRC: http://rapidshare.com/files/279243269/PPC_STKeys_V.1.2_BIN_SRC.rar

V.1.0

Download BIN + SRC: http://rapidshare.com/files/278680391/PPC_STKeys.rar

Enjoy and give your comment!



Share and Enjoy:
  • del.icio.us
Posted by flash at 1:17 AM | permalink

Previous Comments

i can’t test it, but if you work further to this project, and if you can hack wep-networks anytime, you would be a GOD for me :D

GO ON ;) youre a genius
Report this post

Posted by mare at September 12, 2009, 6:22 am

Hi fLaSh, i need help to find the algorithm for Alice ADSL modems. If you want please contact me @ stocastic81@gmail.com

Posted by stocastic at September 12, 2009, 7:00 am

can you make the aplication for a 320×240 resolution ?

Posted by pcout at September 13, 2009, 4:10 pm

That´s cool, i wonder if it is possible to make it work o the iphone/ipod touch

Posted by manuel at September 22, 2009, 8:06 pm

You really should make a Symbian version.
S60v5 is extremely popular.

Posted by Joaquim at October 6, 2009, 7:56 am

I don’t own an HTC but this looks fantastic, great work.

Posted by Edward P at October 14, 2009, 4:34 pm

manuel:
Apple seem intent on forcing me to buy a Mac before I’m able to use the SDK (unless I wan’t to fuck around with getting the toolchains working on linux/windows)

Anyways, I’m looking to start dev for iPhone very soon, do you know if the SDK provides adequte control over the wireless?

Posted by Edward P at October 15, 2009, 10:26 pm

@pcout, @Edward
Sorry but i dont have Ipod/iPhone

Posted by fLaSh at October 15, 2009, 10:39 pm

If you guys need some help with this just say :)

Posted by i0no at October 27, 2009, 12:52 am

would be gr8 a linux and windows version :)

Posted by m0rpheux at November 11, 2009, 2:16 am

Iphone??? Please. nunompfonseca@gmail.com

Posted by Nuno at November 26, 2009, 10:28 pm

It only goes to 2008 there are 2009 on the market now

Posted by Karlus at November 28, 2009, 6:07 am

Hi. Is there any way to adapt the code of this tool to run in Iphone? Thanks a lot

Posted by Miguel at February 5, 2010, 9:16 am

My friend this is a great app but it does not install on my HTC Touch pro 2 (480×800 resolution)
could you compile it for it???
Thank you!!

Posted by thanassis at February 6, 2010, 6:15 pm

Good work Flash, though it could be faster.

Take a look at http://fopina.co.cc/?page_id=18 and http://fopina.co.cc/?page_id=6

The guy implemented rainbow tables in SQLite to speed looking up the keys. He also put the source for the rainbow tables generator and the windoze prog.

I think it would be very nice if you could make a winMo version. I’d try but I’m a newb at VS :(

BTW, STkeys 1.4 work fine on a Touch Pro 2, so thanassis maybe you’re missing .Net framework?

Posted by kosmarnik at February 15, 2010, 4:41 am

Add a comment








     

September 2009
M T W T F S S
« Aug   Nov »
 123456
78910111213
14151617181920
21222324252627
282930  

About Me

I'm someone who thinks outside the box.
I'm someone who looks at the edge and wonders what’s beyond.
I'm someone who sees a set of rules and wonders what happens if you don’t follow them.
I'm someone who experiments with the limitations of systems for intellectual curiosity.

I've been developing software for win32 over 8 years both professionally and as a hobby.
In my job, i'm working basically in Internet softwares architecture and VoIP solutions
© 2007 Powered by Calliope. Design by Arcsin