speedpwn 0.0.2 → 0.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5ed0341956c544675c2e9e48b67313bebb76cb81
-  data.tar.gz: ac0930e3267f6daab040a06e5148255ea0fadcec
+  metadata.gz: 3e572c6d9ed7860eba6ac8028c72f231df72829c
+  data.tar.gz: 4c6b960438ca7aedab06e027aa5883db135140f0
 SHA512:
-  metadata.gz: 2671833f6122748c558ba2d5f6557c4a03981d814392a0b34f4a299d595d712036421d6e22eec9aeba5f7558390d3f4f830984dc0b866c6a21e14e5a2ce2b557
-  data.tar.gz: 964a3384b967ccfe3003395dfdb7fdc27eb7a1ccbadb9642c215d8540dccfc5b09312059e6a5e35cbfa341fca2f173fd5a69b5eaaf63ffa42b3f20e9e6559dab
+  metadata.gz: 14456e0861ce92817d6b8e5c504111e3c30c9a7a65cc2766ba1da057b5f72d1acca9c499cd3010b9e5de49a786dadc35940f1f92d9124449fcbb6cc871600dab
+  data.tar.gz: 27b628c6c09cc57c74dc56b03025100c40fefaf35c409017d1bd03a21407b32941eeb4f0db70f36bcfe7dc589d524fa30b420ebe8f85aa3cd99ea449c20f4822

data/.gitignore

@@ -0,0 +1,5 @@
+yardoc
+coverage
+
+pkg
+Gemfile.lock

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org/'
+
+gemspec

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2013, Yorick Peterse
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/MANIFEST

@@ -0,0 +1,14 @@
+.gitignore
+Gemfile
+LICENSE
+MANIFEST
+README.md
+Rakefile
+bin/speedpwn
+lib/speedpwn.rb
+lib/speedpwn/generator.rb
+lib/speedpwn/version.rb
+nostalgia/speedpwn.py
+speedpwn.gemspec
+task/manifest.rake
+task/tag.rake

data/README.md

@@ -0,0 +1,49 @@
+# SpeedPwn
+
+SpeedPwn is a Ruby application that can generate a list of possible passwords
+for SpeedTouch/Thomson routers. BT Home hubs are not supported because they're
+not used here in The Netherlands.
+
+Originally I wrote a Python script (which can be found in
+`nostalgia/speedpwn.py`) some time back in early 2009 to do this and I've used
+it over the years. After using it for almost 4 years I decided it was time I'd
+rewrite it in a decent way.
+
+The algorithm used itself is nothing new and has been around since 2008. More
+information about this can be found on the following webpages:
+
+* <http://www.gnucitizen.org/blog/default-key-algorithm-in-thomson-and-bt-home-hub-routers/>
+* <http://www.mentalpitstop.com/touchspeedcalc/calculate_speedtouch_default_wep_wpa_wpa2_password_by_ssid.html>
+
+In plain English the algorithm for the default passwords can be described as
+"Very dumb".
+
+## Requirements
+
+* Ruby 1.9.3 or newer
+* OpenSSL
+
+## Installation
+
+Install it from RubyGems:
+
+    gem install speedpwn
+
+Unlike other projects this one is not signed in any way. I consider it more of
+a quick hobby/joke project and thus don't really want to bother with signing,
+checksums, etc. Install at your own risk.
+
+## Usage
+
+Once installed, run it and pass the last 6 characters of the SSID:
+
+    speedpwn C28B9B
+
+Generating the list of passwords can take a few minutes so go make some
+tea/coffee while you wait for it to complete.
+
+## License
+
+All source code in this repository is licensed under the MIT license unless
+specified otherwise. A copy of this license can be found in the file "LICENSE"
+in the root directory of this repository.

data/Rakefile

@@ -0,0 +1,7 @@
+require 'bundler/gem_tasks'
+
+require_relative 'lib/speedpwn/version'
+
+Dir['./task/*.rake'].each do |task|
+  import(task)
+end

data/lib/speedpwn.rb

@@ -0,0 +1,6 @@
+require 'openssl'
+require 'progress_bar'
+require 'slop'
+
+require_relative 'speedpwn/version'
+require_relative 'speedpwn/generator'

data/lib/speedpwn/generator.rb

@@ -0,0 +1,117 @@
+module SpeedPwn
+  ##
+  # The Generator class takes a SpeedTouch SSID part (the last 6 characters)
+  # and returns an Array containing the possible default passwords for it. This
+  # code is based on the following resources:
+  #
+  # * http://www.gnucitizen.org/blog/default-key-algorithm-in-thomson-and-bt-home-hub-routers/
+  # * http://www.mentalpitstop.com/touchspeedcalc/calculate_speedtouch_default_wep_wpa_wpa2_password_by_ssid.html
+  #
+  # Note that unlike other tools this particular one *only* supports SpeedTouch
+  # routers since BT Home hubs are not used in The Netherlands.
+  #
+  # @!attribute [r] identifier
+  #  @return [String]
+  #
+  class Generator
+    attr_reader :identifier
+
+    ##
+    # @return [Array]
+    #
+    YEARS = ('04'..(Time.now.strftime('%y'))).to_a
+
+    ##
+    # @return [Array]
+    #
+    WEEKS = ('1'..'52').to_a
+
+    ##
+    # @return [Array]
+    #
+    CHARACTERS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'.chars.to_a
+
+    ##
+    # @param [String] identifier The last 6 characters of the SSID.
+    #
+    def initialize(identifier)
+      @identifier = identifier
+      @digest     = OpenSSL::Digest::SHA1.new
+    end
+
+    ##
+    # Sets the block to call whenever a week (= batch) has been processed.
+    #
+    # @param [Proc] block
+    #
+    def finish_batch(&block)
+      @finish_batch = block
+    end
+
+    ##
+    # Generates the passwords and returns them as an Array of Strings.
+    #
+    # @return [Array]
+    #
+    def generate
+      passwords  = []
+      batch_size = character_combinations.size
+
+      YEARS.each do |year|
+        WEEKS.each do |week|
+          character_combinations.each do |combo|
+            found = generate_password(year, week, combo)
+
+            passwords << found if found
+          end
+
+          @finish_batch.call(batch_size) if @finish_batch
+        end
+      end
+
+      return passwords
+    end
+
+    ##
+    # Returns the amount of iterations to run.
+    #
+    # @return [Numeric]
+    #
+    def size
+      return YEARS.size * WEEKS.size * character_combinations.size
+    end
+
+    alias_method :count, :size
+
+    private
+
+    ##
+    # @param [String] year
+    # @param [String] week
+    # @param [String] combo
+    # @return [String]
+    #
+    def generate_password(year, week, combo)
+      found  = nil
+      serial = "CP#{year}#{week}#{combo}".upcase
+      hash   = @digest.hexdigest(serial).upcase
+
+      if hash[-6..-1] == identifier
+        found = hash[0..9]
+      end
+
+      return found
+    end
+
+    ##
+    # @return [Array]
+    #
+    def character_combinations
+      @combinations ||= CHARACTERS.permutation(3).map do |group|
+        group.map { |char| char.ord.to_s(16) }.join('')
+      end
+
+      return @combinations
+    end
+  end # Generator
+end # SpeedPwn

data/lib/speedpwn/version.rb

@@ -0,0 +1,3 @@
+module SpeedPwn
+  VERSION = '0.0.3'
+end # SpeedPwn

data/nostalgia/speedpwn.py

@@ -0,0 +1,107 @@
+#!/usr/bin/env python
+##
+# Author:      Yorick Peterse
+# Website:     http://www.yorickpeterse.com/
+# Description: SpeedTouch Key is a Python script that generates (possible) keys
+# for a SpeedTouch Wireless network that uses the default SSID/password
+# combination based on the serial number.
+#
+# Imports
+from hashlib             import sha1
+from multiprocessing     import Process
+import sys
+import os
+import itertools
+
+# =============================================
+# ============= 1: Initialization =============
+# =============================================
+
+# Fancy boot screen
+print "==================================\n==== SpeedTouch Key Generator ====\n==================================\n"
+
+# SSID part
+ssid_part = raw_input("Enter the last 6 characters of the SSID: ")
+ssid_part = ssid_part.upper().strip()
+
+# Validate the SSID part
+if len(ssid_part) <> 6:
+    print "ERROR: The specified part of the SSID is invalid, it should be exactly 6 characters long"
+    sys.exit()
+else:
+    pass
+
+# Required variables in order to generate the serial number
+production_years = ['04', '05','06','07','08','09','10', '11']
+production_weeks = range(1,53)
+
+# Required in order to generate the unit number
+chars_string  = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
+list_items    = []
+unit_numbers  = []
+
+# Convert the string to a list
+for char in chars_string:
+    list_items.append(char)
+
+# Dict containing the final results
+processed_years = []
+password_dict   = {}
+
+# Get all possible combinations
+combinations    = itertools.permutations(list_items,3)
+
+# =============================================
+# ========= 2: Combination generation =========
+# =============================================
+
+# Loop through each combination, convert it to a string and add it to the list
+for combination in combinations:
+    # Convert to string and to hex
+    to_append = '%s%s%s' % (combination[0],combination[1],combination[2])
+    to_append = to_append.encode('hex')
+
+    # Append to the list, but only if it isn't already in there
+    unit_numbers.append(to_append)
+
+# =============================================
+# ============ 3: Main application ============
+# =============================================
+
+# Generator function
+def generator(year,weeks,units):
+    # Loop through each week
+    for week in weeks:
+
+        # Loop through each possible unit number
+        for unit in units:
+            # Create the serial number
+            serial  = 'CP%s%s%s' % (year,week,unit)
+            serial  = serial.upper()
+
+            # Hash the serial using SHA-1
+            serial_hash = sha1(serial).hexdigest().upper()
+
+            # Get the last bit and compare it to the input, print the key if it matches
+            last_bit = serial_hash[-6:]
+            password = serial_hash[:10]
+
+            if last_bit == ssid_part:
+                # Add the password to the dictionary
+                print
+                print "    * Possible password: %s" % (password)
+                print "      Year:   %s" % (year)
+                print "      Week:   %s" % (week)
+                print "      Combo:  %s" % (unit)
+                print "      Serial: %s" % (serial)
+
+    sys.exit()
+
+# Main part, this is where most of the work is done
+# Loop through each year and create a new process
+if __name__ == '__main__':
+    print "Generating possible passwords..."
+
+    for year in production_years:
+        p = Process(target=generator, args=(year,production_weeks,unit_numbers))
+        p.start()

data/speedpwn.gemspec

@@ -0,0 +1,20 @@
+require File.expand_path('../lib/speedpwn/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.name        = 'speedpwn'
+  gem.version     = SpeedPwn::VERSION
+  gem.author      = 'Yorick Peterse'
+  gem.email       = 'yorickpeterse@gmail.com'
+  gem.summary     = 'Generates possible passwords for SpeedTouch/Thomson routers.'
+  gem.description = gem.summary
+  gem.executables = ['speedpwn']
+  gem.license     = 'MIT'
+  gem.has_rdoc    = 'yard'
+
+  gem.required_ruby_version = '>= 1.9.3'
+
+  gem.files = File.read(File.expand_path('../MANIFEST', __FILE__)).split("\n")
+
+  gem.add_dependency 'slop'
+  gem.add_dependency 'progress_bar'
+end

data/task/manifest.rake

@@ -0,0 +1,8 @@
+desc 'Generates the MANIFEST file'
+task :manifest do
+  files  = `git ls-files`.split("\n").sort
+  handle = File.open(File.expand_path('../../MANIFEST', __FILE__), 'w')
+
+  handle.write(files.join("\n"))
+  handle.close
+end

data/task/tag.rake

@@ -0,0 +1,6 @@
+desc 'Creates a Git tag for the current version'
+task :tag do
+  version = SpeedPwn::VERSION
+
+  sh %Q{git tag -a -m "Version #{version}" -s #{version}}
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: speedpwn
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
 platform: ruby
 authors:
 - Yorick Peterse
@@ -45,7 +45,20 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- .gitignore
+- Gemfile
+- LICENSE
+- MANIFEST
+- README.md
+- Rakefile
 - bin/speedpwn
+- lib/speedpwn.rb
+- lib/speedpwn/generator.rb
+- lib/speedpwn/version.rb
+- nostalgia/speedpwn.py
+- speedpwn.gemspec
+- task/manifest.rake
+- task/tag.rake
 homepage: 
 licenses:
 - MIT