Fetching default wpa2 keys for speedtouch + thomson routers

This is where members can submit tutorials that they have created on any computing related subject.
Post Reply
User avatar
vegeta
Hacker in Training
Posts: 71
Joined: Mon Jul 21, 2003 9:04 am
Location: 000353B1h Hostname: n/a
Contact:

Fetching default wpa2 keys for speedtouch + thomson routers

Post by vegeta » Sat Mar 19, 2011 7:59 am

Hacking Thomson and Speedtouch routers with THC HackSuite

In this tutorial we're going to get access to a WLAN and get free internet access.

Ingredients:
- wamp server(or any other webserver): http://www.wampserver.com/en/download.php
- CSS3 compatible browser: don't use crap like IE, instead try Firefox, Safari or RockMelt.
- THC_HS 0.1.3: http://www.hacksuite.com/downloads/cmse ... suite.html
- THC_SB 0.0.6: http://www.hacksuite.com/downloads/modu ... brute.html

STEP 1:
Run the server and extract the zip files, so you will have:
- thc_hacksuite
- thc_sb

STEP 2:
Put the thc_hacksuite folder in a webdirectory of your server eg C:\WAMP\www, in the thc_hacksuite folder you place the THC_SB folder.

STEP 3:
Open the suite in your browser eg 127.0.01/thc_hacksuite/index.php
This should give you the program.

STEP 4:
Navigate to the top right where you see a dropdown menu, click on it and select "THC Speedtouch Brute".

STEP 5:
This will show the module's web interface, now check out your available wireless networks to see whether you have a speedtouch or thomson router eg ThomsonBA9713
or SpeedtouchBA9713, waiting to be exploited. ;)

STEP 6:
You need to pick the hex part that comes right after Thomson or Speedtouch, so in the case above that would be BA9713, enter this value in the bssid field.

STEP 7:
Select the years(of course this is a guess) in which the router may have been produced, your best bet is to start around the last 3 or 4 years.

STEP 8:
Start brute forcing. :)

NOTES:
- The WPA key might not be found
- There maybe collisions with the algorithm, so there are more than one WPA key possible, try them all
- The generated WPA key may be incorrect, the admin of the network may have changed the key.

MEDIA:
This video shows you how the thing is done and will start at step 3, also it will show you a neat trick of the THC Hacksuite, it will allow you to run tasks in the background.
http://www.youtube.com/watch?v=9dyVCExsxdY

Enjoy and feel free to comment.
lda #<text>text
jsr $ab1e ;
rts
text .text "LET ME OUT!"
.byte $0d,$00

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Fetching default wpa2 keys for speedtouch + thomson rout

Post by Cool_Fire » Mon Mar 21, 2011 6:03 am

It's a pretty webinterface for sure, but I thought there were standalone tools that could calculate the possible WPA keys for these routers in a few seconds, and that they've existed for years now?
Or am I thinking of a different device?
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

Post Reply