Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python2.7
- # -*- coding: utf-8 -*-
- import os
- import random
- import sys
- # link between commercial fancy name and model name
- association = {
- "F9K1104v1":"N900",
- "F9K1105V2":"N450",
- "F7D2301v1":"N300"}
- class router():
- def __init__(self, lmac="", wmac="", passw="", wpin="", model="", serial=""):
- # WLAN MAC
- self.lmac = lmac
- # WAN MAC
- self.wmac = wmac
- # default password
- self.passw = passw
- # default WPS pin
- self.wpin = wpin
- # model name
- self.model = model
- # serial number
- self.serial = serial
- class finder():
- def __init__(self,routers, verbose = False):
- self.verbose = verbose
- self.routers = routers
- self.table = randomtable()
- self.ftable = [[], [], [], [], [], [], [], []]
- def check(self):
- yesvector = list(8*[True])
- for router in self.routers:
- # compute pass
- tmp_pass = friendship(router.wmac,self.table)
- # check pass
- for digit in xrange(8):
- if yesvector[digit] & (tmp_pass[digit] != router.passw[digit]):
- yesvector[digit] = False
- for valid_digit in xrange(8):
- if yesvector[valid_digit]:
- self.ftable[valid_digit].append(self.table[valid_digit])
- if self.verbose:
- print "Found one valid vector for",valid_digit
- def farm(self,times=30):
- for i in xrange(times):
- self.check()
- self.table = randomtable()
- def prftable(self):
- for i in xrange(8):
- print "Line",i
- for extracted in xrange(12):
- for line in self.ftable[i]:
- if line[0] == extracted:
- print hex(extracted)[2:], hp(line[1])
- def save(self,filename):
- with open(filename+".ftable",'w') as ofi:
- # prefix
- ofi.write("123456789FTABLE\n")
- # number of routers : 4 bytes
- ofi.write(str(len(self.routers))+'\n')
- # routers
- for router in self.routers:
- ofi.write(''.join([chr(int("0x"+i,16)) for i in router.lmac.split(":")])+"#")
- ofi.write(''.join([chr(int("0x"+i,16)) for i in router.wmac.split(":")])+"#")
- ofi.write(''.join([chr(int("0x"+router.passw[i:i+1],16)) for i in xrange(0,len(router.passw),2)])+"#")
- ofi.write(router.wpin+"#")
- ofi.write(router.model+chr(0))
- ofi.write(router.serial+"\n")
- # FTABLE \o/
- for i in xrange(8):
- for extracted in xrange(12):
- for line in self.ftable[i]:
- if line[0] == extracted:
- ofi.write(str(extracted)+chr(0xff))
- ofi.write(''.join([chr(int("0x"+line[1][a]+line[1][a+1],16)) for a in xrange(0,len(line[1]),2)])+chr(0xff))
- ofi.close()
- def randomtable():
- # Each of the eight characters of the default passphrase are created by substituting a corresponding hex-digit of the wan mac address using a static substitution table.
- substitution_table = []
- for index_caractere_pass in xrange(8): # 8 digits password
- caractere_extrait = random.randrange(12)
- dictionnary = []
- for lettre in xrange(0x10): # 16 possible digits
- decalage = random.randrange(0x10)
- dictionnary.append(hex((lettre+decalage)%0x10)[2:])
- substitution_table.append([caractere_extrait,dictionnary])
- return substitution_table
- def friendship(mac,table):
- """ Friendship is magic"""
- #return ''.join([substitution[l.lower()] for l in ''.join([i for i in mac.split(":")])])
- mac = ''.join([i for i in mac.split(":")])
- #r = ' '.join([substitution[mac[table[i]].lower()]+"\033[31m"+str(mac[table[i]])+"\033[32m"+str(table[i])+"\033[0m" for i in xrange(len(table))])
- r = ''.join([ table[i][1][int("0x"+mac[table[i][0]].lower(),16)] for i in xrange(len(table)) ])
- return r
- # Belkin N300 Model F7D2301v1
- # the first 5 digits of the password are calculated correctly. It is likely that the algorithm differs only in the tables used.
- def hp(l):
- r = ''
- for i in l:
- r += "\033[3"+str(int("0x"+i,16)%10)+"m"+i+"\033[0m"
- return r
- if __name__ == "__main__":
- os.system("clear")
- a = router("08:86:3B:51:99:0C", "08:86:3B:51:99:0E", "ae6da694", "53475961", "F9K1104v1", "321202GH102606")
- b = router("08:86:3B:C2:07:F4", "08:86:3B:C2:07:F5", "7e9697f4", "37932640", "F9K1105V2", "20214GE5200059")
- c = router("94:44:52:76:7A:CA", "94:44:52:76:7A:CA", "c47c7395", "61599130", "F7D2301v1", "121021G2101136")
- # c = router("94:44:52:76:7A:CA", "94:44:52:76:7A:CA", "C47C7395", "61599130", "F7D2301v1", "121021G2101136")
- # d = router("00:1C:DF:DA:FA:F9", "00:1C:DF:DA:FA:FA", "" , "43510979", "F5D8231-4", "150831R8501045")
- # e = router("00:22:75:CE:DB:6E", "00:22:75:CE:DB:6E", "" , "51478575", "F5D8232-4", "20006823200146")
- f = finder([a,b,c])
- f.farm(30000)
- f.prftable()
- f.save("azertyu")
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement