[UPDATED] PPC STKeys 1.4 - Get default key algorithm in Thomson (most popular DSL router in PT [Meo] and UK)!

Home » Post Item » [UPDATED] PPC STKeys 1.4 - Get default key algorithm in Thomson (most popular DSL router in PT [Meo...

[UPDATED] PPC STKeys 1.4 - Get default key algorithm in Thomson (most popular DSL router in PT [Meo] and UK)!

Saturday, September 12th, 2009

The Thomson Speedtouch default WEP/WPA algorithm

Unlike james67, Kevin’s strategy to crack default WEP/WPA algorithms involve debugging setup wizards shipped by some ISPs, as opposed to debugging the router which uses the default key algorithm. Kevin obtained a copy of such wizard (”stInstall.exe”) provided by Orange in Spain – which can be found on broadband customers’ installation CDs. Such setup utility allowed him to figure out the default key algorithm.

In short we have: S/N -> hash -> default SSID and encryption key which can be read as: a hashed version of the router’s serial number is generated which is then used to derive both, the default SSID and the default encryption key. This is just a high-level overview of the algorithm.

Take as example: “CP0615JT109 (53)”

Remove the CC and PP values: CP0615109

Convert the “XXX” values to hexadecimal: CP0615313039

Process with SHA-1: 742da831d2b657fa53d347301ec610e1ebf8a3d0

The last 3 bytes are converted to 6 byte string, and appended to the word “SpeedTouch” which becomes the default SSID: SpeedTouchF8A3D0

The first 5 bytes are converted to a 10 byte string which becomes the default WEP/WPA key: 742DA831D2

Original Article

I decided to create a tool for Windows Mobile (Pocket PC)!
Note that the process is a little slow, the tool works as background thread, and check about
1000 keys per 5 secund..
Tested with my HTC Touch Viva, processor @ 201 MHz.

Screen Shots:

System requirements: Windows Mobile 5 or 6
Microsoft .Net Compact Framework 2.0 (get here)

V.1.4

Changes:
[+] Add Listview to show all possible keys;
[+] Reorganized UI;
[+] Add ScrollBars to support all resolutions;
[+] Minor bugs fix.

Download CAB: http://rapidshare.com/files/280780531/PPC_STKeys_v.1.4.CAB
Download Source Code (VB.NET 2008): http://rapidshare.com/files/280340150/PPC_STKeys_V.1.4_Source.rar

V.1.2

Changes:
[+] Fix bug on hash checker, now after found possible key the thread will stop..
[+] Add new tab Advanced to set the weeks range..
[+] Fix some small bugs.

Download BIN + SRC: http://rapidshare.com/files/279243269/PPC_STKeys_V.1.2_BIN_SRC.rar

V.1.0

Download BIN + SRC: http://rapidshare.com/files/278680391/PPC_STKeys.rar

Enjoy and give your comment!

Share and Enjoy:

Posted by flash at 1:17 AM | permalink

Previous Comments

i can’t test it, but if you work further to this project, and if you can hack wep-networks anytime, you would be a GOD for me

GO ON youre a genius
Report this post

Posted by mare at September 12, 2009, 6:22 am

Hi fLaSh, i need help to find the algorithm for Alice ADSL modems. If you want please contact me @ stocastic81@gmail.com

Posted by stocastic at September 12, 2009, 7:00 am

can you make the aplication for a 320×240 resolution ?

Posted by pcout at September 13, 2009, 4:10 pm

That´s cool, i wonder if it is possible to make it work o the iphone/ipod touch

Posted by manuel at September 22, 2009, 8:06 pm

You really should make a Symbian version.
S60v5 is extremely popular.

Posted by Joaquim at October 6, 2009, 7:56 am

I don’t own an HTC but this looks fantastic, great work.

Posted by Edward P at October 14, 2009, 4:34 pm

manuel:
Apple seem intent on forcing me to buy a Mac before I’m able to use the SDK (unless I wan’t to fuck around with getting the toolchains working on linux/windows)

Anyways, I’m looking to start dev for iPhone very soon, do you know if the SDK provides adequte control over the wireless?

Posted by Edward P at October 15, 2009, 10:26 pm

@pcout, @Edward
Sorry but i dont have Ipod/iPhone

Posted by fLaSh at October 15, 2009, 10:39 pm

If you guys need some help with this just say

Posted by i0no at October 27, 2009, 12:52 am

would be gr8 a linux and windows version

Posted by m0rpheux at November 11, 2009, 2:16 am

Iphone??? Please. nunompfonseca@gmail.com

Posted by Nuno at November 26, 2009, 10:28 pm

It only goes to 2008 there are 2009 on the market now

Posted by Karlus at November 28, 2009, 6:07 am

Hi. Is there any way to adapt the code of this tool to run in Iphone? Thanks a lot

Posted by Miguel at February 5, 2010, 9:16 am

My friend this is a great app but it does not install on my HTC Touch pro 2 (480×800 resolution)
could you compile it for it???
Thank you!!

Posted by thanassis at February 6, 2010, 6:15 pm

Good work Flash, though it could be faster.

Take a look at http://fopina.co.cc/?page_id=18 and http://fopina.co.cc/?page_id=6

The guy implemented rainbow tables in SQLite to speed looking up the keys. He also put the source for the rainbow tables generator and the windoze prog.

I think it would be very nice if you could make a winMo version. I’d try but I’m a newb at VS

BTW, STkeys 1.4 work fine on a Touch Pro 2, so thanassis maybe you’re missing .Net framework?

Posted by kosmarnik at February 15, 2010, 4:41 am

Hi.

Is possible making this more faster, on Windows Mobile? This is very slow on my Xperia…
Is possible add the table already indexed?

Thanks

Posted by Kremlin at March 11, 2010, 9:52 pm

Hi fash!

If you want add

http://www.2shared.com/file/12013654/5b8d5972/dlink.html

Tested on dlink dva-g3170i (sapo isp) may also work with other but i dont known.

test it on other models.
leave a comment
thanks

Posted by xas at March 12, 2010, 6:30 am

rtuuhhkik

Posted by Savvas at May 11, 2010, 11:02 pm

hi flas..god jab..you help a lot…but!?can you do on update for it..to the last 2 year,..i”m found 7digits cood”s an thi and and i do not how hangyin an with thi…not working at all…can iou doo somethink with this information for me and the rest???!!..thankyou…

Posted by wic at September 10, 2010, 12:49 am

Christian Louboutin is very successful in the area of Louboutin Shoes
. The Christian Louboutin Pumps
which are designed by him are so special. Looking at the gorgeous Christian Louboutin Boots
, I smiled. Since then, Christian Louboutin Sandals
became a best friend of mine.

Posted by chanel at September 14, 2010, 3:22 pm

Life is an encyclopedia, all-encompassing

Posted by Air Jordans at March 5, 2011, 4:55 pm

Great post. It appears that most of the steps are relying on the creativeness factor….

Posted by GUCCI Sunglasses at April 19, 2011, 10:43 am

I’m someone who experiments with the limitations of systems for intellectual curiosity.

Posted by True Religion Jeans at May 5, 2011, 9:54 am

I have found a bug with this, it does’nt cater for collisions when they occur. Example:

O2wireless02B1D6
- Found: CP0822385332, 78eb82a84d75fe12cc49e5dd40d83641dd02b1d6
- Found: CP0838465044, 40b2072ba24e7183f85a8d9ef1827b409c02b1d6

Correct one is: CP0822385332

STKeys finds CP0838465044 which is wrong! I have written my own instead and its slightly faster and finds all collisions

Posted by BlandyUK at June 9, 2011, 5:54 pm

HOLA

Posted by jon antoni at October 24, 2011, 4:32 am

All comments are moderated. Your comments will not appear here unless approved by the blog owner. Thank you.

Add a comment

Search

September 2009
M	T	W	T	F	S	S
« Aug		Nov »
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30

Monthly Archives

Most Popular

Latest Comments

Anonymous: Hi thanks for open source....
dalsim: Hey reply me on msn...
jon antoni: HOLA...
paul: welcome back mate...
Donaire vs Narvaez: so very nice post...