NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - Wireless Cracking - Sky Q keyspace investigations


56 Results - Page 2 of 2 -
1 2
Author Message
Avatar
almondo

Status: n/a
Joined: Fri, 17 Feb 2017
Posts: 93
Team:
Reputation: 48 Reputation
Offline
Tue, 28 Feb 2017 @ 21:58:22

jHi6az3HB said:

Sorry if i have posted in the wrong place.
I think no. They are old hashes.

Nothing wrong here, we just want to break one of them or both if we can this topic is for both, you just need to specify which one you're talking about, to figure out what important information you add and understand it.

By the way what aircrack version did you use when you've got that kind of strange cap's?


Avatar
kratos

Status: n/a
Joined: Sat, 25 Feb 2017
Posts: 157
Team:
Reputation: 126 Reputation
Offline
Tue, 28 Feb 2017 @ 22:14:27

SKY3DE23:CDFSBTDMNS



Avatar
jHi6az3HB

Status: n/a
Joined: Fri, 24 Feb 2017
Posts: 9
Team:
Reputation: 0 Reputation
Offline
Tue, 28 Feb 2017 @ 22:42:56

almondo said:

jHi6az3HB said:

Sorry if i have posted in the wrong place.
I think no. They are old hashes.

Nothing wrong here, we just want to break one of them or both if we can this topic is for both, you just need to specify which one you're talking about, to figure out what important information you add and understand it.

By the way what aircrack version did you use when you've got that kind of strange cap's?

aircrack-ng-1.2-rc4-win


Avatar
kratos

Status: n/a
Joined: Sat, 25 Feb 2017
Posts: 157
Team:
Reputation: 126 Reputation
Offline
Wed, 01 Mar 2017 @ 22:25:18

SKY1F326:XLWRCRFMRQ



Avatar
kratos

Status: n/a
Joined: Sat, 25 Feb 2017
Posts: 157
Team:
Reputation: 126 Reputation
Offline
Thu, 02 Mar 2017 @ 21:51:42

SKY5EA85:VPDWTSPQWN



Avatar
kratos

Status: n/a
Joined: Sat, 25 Feb 2017
Posts: 157
Team:
Reputation: 126 Reputation
Offline
Thu, 02 Mar 2017 @ 22:00:31

SKY23B43:YSXMYNYTFR



Avatar
kratos

Status: n/a
Joined: Sat, 25 Feb 2017
Posts: 157
Team:
Reputation: 126 Reputation
Offline
Sun, 05 Mar 2017 @ 22:32:48

SKYA61E7 CLLFYWQSSL



Avatar
soxrok2212

Status: Cracker
Joined: Sat, 24 Oct 2015
Posts: 451
Team:
Reputation: 421 Reputation
Offline
Mon, 06 Mar 2017 @ 01:07:20

Updated
https://github.com/soxrok2212/Sky/blob/master/SkyQHub_ER100K



BTC: 1B4ZAbWYQ399p6QJm3VLbywiCWVSBAXYJ1

NVIDIA
1x GTX 1080 Founder’s Edition
1x GTX 980 Reference Design

Avatar
kratos

Status: n/a
Joined: Sat, 25 Feb 2017
Posts: 157
Team:
Reputation: 126 Reputation
Offline
Mon, 06 Mar 2017 @ 05:38:08

soxrok2212 said:

seem no new idea on data from anyone?
just collecting now with no reason?




Avatar
cvsi
Moderator
Status: Trusted
Joined: Fri, 23 May 2014
Posts: 2377
Team:
Reputation: 3523 Reputation
Offline
Mon, 06 Mar 2017 @ 05:54:32

The keyspace hasnt changed any. I have to look at the char per positions based on the updated list.
But there were certain positions in the passphrase that didnt use all 16 chars. But that was based on a week or 2 ago.

Ill have to rerun the analysis on it and see if it has changed any. Ill try and do that tomorrow and post up the results.



Please read the forum rules. | Please read the paid section rules.

GTX 1080 Ti , GTX 1080 , 1070 Ti , 2x GTX 1070 Everything watercooled

BTC - 1As13jsySvbN5wjcNJP3AASiazDX9pVdVw
ETH - 0xF35481E80a91ea8aB7D9E1E9c79f55390Cc00744

Avatar
kratos

Status: n/a
Joined: Sat, 25 Feb 2017
Posts: 157
Team:
Reputation: 126 Reputation
Offline
Mon, 06 Mar 2017 @ 06:10:03

cvsi said:


But there were certain positions in the passphrase that didnt use all 16 chars. But that was based on a week or 2 ago.

is that the blandyuk pattern of first ssid hex to last pass map?

cvsi said:


Ill have to rerun the analysis on it and see if it has changed any. Ill try and do that tomorrow and post up the results.

OK, seeing nothing else here but flat random distribution
other patterns claimed in thread were all false



Avatar
soxrok2212

Status: Cracker
Joined: Sat, 24 Oct 2015
Posts: 451
Team:
Reputation: 421 Reputation
Offline
Mon, 08 May 2017 @ 22:49:59


Finally managed to get a probe response from a Sky Q, this is what it looks like in the WPS tag. Shows the exact model, ER110. SR102 will show Broadcom and 123456 for model name and model number.



BTC: 1B4ZAbWYQ399p6QJm3VLbywiCWVSBAXYJ1

NVIDIA
1x GTX 1080 Founder’s Edition
1x GTX 980 Reference Design

Avatar
cranky

Status: n/a
Joined: Sat, 16 Sep 2017
Posts: 25
Team:
Reputation: 10 Reputation
Offline
Thu, 21 Sep 2017 @ 19:36:43

Spent ages scraping the bay and looked at known keys here and noticed the 2nd from last char is never (haven’t seen yet) an ‘A’ so maybe using custom char sets -1 (known keyspace) -2 (known omitting ‘A’) -1?1?1?1?1?1?1?1?2?1 should speed thing up a little?


Avatar
mackinson

Status: n/a
Joined: Sun, 11 Jun 2017
Posts: 109
Team:
Reputation: 106 Reputation
Offline
Thu, 21 Sep 2017 @ 19:45:01

cranky said:

Spent ages scraping the bay and looked at known keys here and noticed the 2nd from last char is never (haven’t seen yet) an ‘A’ so maybe using custom char sets -1 (known keyspace) -2 (known omitting ‘A’) -1?1?1?1?1?1?1?1?2?1 should speed thing up a little?

That discovery is not particularly surprising, considering that A is not even in the Sky Q charset
in the first place


Avatar
cranky

Status: n/a
Joined: Sat, 16 Sep 2017
Posts: 25
Team:
Reputation: 10 Reputation
Offline
Thu, 21 Sep 2017 @ 19:47:58

Ahh shucks, back to the drawing board!!! I got mixed up with the standard charset and the q one *goes back and sits in the corner quietly*


Avatar
mackinson

Status: n/a
Joined: Sun, 11 Jun 2017
Posts: 109
Team:
Reputation: 106 Reputation
Offline
Thu, 21 Sep 2017 @ 20:08:47

cranky said:

Ahh shucks, back to the drawing board!!! I got mixed up with the standard charset and the q one *goes back and sits in the corner quietly*

I still commend you for trying to find something new.
This thread has gone pretty dead.

Noticed something that is quite amusing, but I am not sure there is any more to it

If you push the Sky Q charset through the SSID to final character mapping backwards,
the isolated LMN group maps to AE5, which immediately made me wonder if someone
had buried a hint to AES being used in the algorithm?

Anyway, all seems like a very odd coincidence?

Code:
ABCDEFGHIJKLMNOPQRSTUVWXYZ
 BCD F     LMN PQRST VWXY  Sky Q charset
 BCD F     AE5 01234 6789  Sky Q charset backwards through mapping


Avatar
Felis-Sapiens

Status: n/a
Joined: Thu, 07 Jul 2016
Posts: 158
Team:
Reputation: 340 Reputation
Offline
Fri, 22 Sep 2017 @ 08:01:14

mackinson said:

Noticed something that is quite amusing, but I am not sure there is any more to it

If you push the Sky Q charset through the SSID to final character mapping backwards,
the isolated LMN group maps to AE5, which immediately made me wonder if someone
had buried a hint to AES being used in the algorithm?

Anyway, all seems like a very odd coincidence?

Nice finding, but nope.

Character mapping is:
0123456789ABCDEF
PQRSTNVWXYLBCDMF

Or in hex:
30 31 32 33 34 35 36 37 38 39 41 42 43 44 45 46
50 51 52 53 54 4E 56 57 58 59 4C 42 43 44 4D 46

So, they add 0x20 to digits and replace vowels AEU with LMN


Avatar
mackinson

Status: n/a
Joined: Sun, 11 Jun 2017
Posts: 109
Team:
Reputation: 106 Reputation
Offline
Fri, 22 Sep 2017 @ 11:02:41

Felis-Sapiens said:


So, they add 0x20 to digits and replace vowels AEU with LMN

Well, OK, I guess that is more plausible than my AES conspiracy theory

I wonder if they replaced the vowels AEU with LMN to prevent potentially
offensive words from appearing randomly in the passphrases?


Avatar
mackinson

Status: n/a
Joined: Sun, 11 Jun 2017
Posts: 109
Team:
Reputation: 106 Reputation
Offline
Fri, 22 Sep 2017 @ 12:28:34

mackinson said:


I wonder if they replaced the vowels AEU with LMN to prevent potentially
offensive words from appearing randomly in the passphrases?

Spending a bit too much time finding out how many rude words I can
make from the Sky Q charset using AEU instead of LMN

I can certainly see why they took those vowels out of the charset now


Avatar
migolando

Status: n/a
Joined: Wed, 27 Dec 2017
Posts: 4
Team:
Reputation: 0 Reputation
Offline
Thu, 28 Dec 2017 @ 12:12:56

Sorry for asking a newbie question, but what happened to https://github.com/soxrok2212/Sky/blob/master/SkyQHub_ER100K ?


Avatar
migolando

Status: n/a
Joined: Wed, 27 Dec 2017
Posts: 4
Team:
Reputation: 0 Reputation
Offline
Fri, 29 Dec 2017 @ 21:18:09

If anyone is still interested, here are my findings:

SKY###2#
SKY3DE23:CDFSBTDmNS
SKY1F326:XLWRCRFmRQ
SKY0F122:YYMXTFSmFP

SKY0F###
SKY0F122:YYMXTFsMFP
SKY0F091:XRPPWFsDLP
SKY0FA58:YFWWSCsCYP

SKY1F###
SKY1F6A6:xNBTVCDYFQ
SKY1F326:xLWRCRFMRQ

SKY##C6#
SKYD0C62 BCPNWbVLPD
SKYF6C6A NTRBNbWNTF
SKYE3C9A PSYLBPMYbM (b position is +3 to the right, hence c9-c6=3)


Avatar
John2222

Status: n/a
Joined: Mon, 09 Apr 2018
Posts: 54
Team:
Reputation: 20 Reputation
Offline
Mon, 09 Apr 2018 @ 01:08:08

Is this still ongoing? any progress with any of the keyspace?


Avatar
##Labster##

Status: n/a
Joined: Sat, 20 Jan 2018
Posts: 14
Team:
Reputation: 1 Reputation
Offline
Tue, 10 Apr 2018 @ 19:21:41

SSID PSK MAC
SKY43C92 PBPTCYMLLT 7050AF833328
SKYD1117 TDXQLNDVXD 24A7DC448EF8


Avatar
$cI$$0r$

Status: Elite
Joined: Thu, 24 Aug 2017
Posts: 596
Team:
Reputation: 7015 Reputation
Offline
Wed, 09 May 2018 @ 06:55:41

migolando said:

If anyone is still interested, here are my findings:

SKY0F###
SKY0F122:YYMXTFsMFP
SKY0F091:XRPPWFsDLP
SKY0FA58:YFWWSCsCYP

SKY0F058:XLNCDNQDYP

No s as you have. :|



BTC: 1QFsUY54JQDGpJf1UPV2YdcpQgcYKnyrpN
XMPP: WW1GamEyUnZiM0pBWTNKbFpYQXVhVzA9

Avatar
dipeperon

Status: n/a
Joined: Tue, 03 Apr 2018
Posts: 184
Team:
Reputation: 281 Reputation
Offline
Wed, 22 Aug 2018 @ 18:47:03

From 28 combinations in the OP.

I pulled the hex part from the SSID -> decimal.

Converted the passprase -> hex -> decimal.

Dropped them in excel. Calculated the pearson correlation between them: r = -0.155326556

i.e. The only relationship between those 2 is that one is always smaller than the other (obviously)

If anyone has more ideas to analyze relationships between I'll gladly do so



My haschat stuff (rules, scripts): https://github.com/theherp/Hashcat-stuff

Avatar
dipeperon

Status: n/a
Joined: Tue, 03 Apr 2018
Posts: 184
Team:
Reputation: 281 Reputation
Offline
Wed, 22 Aug 2018 @ 19:12:49

We need more data



My haschat stuff (rules, scripts): https://github.com/theherp/Hashcat-stuff


56 Results - Page 2 of 2 -
1 2

We have a total of 162986 messages in 20471 topics.
We have a total of 19226 registered users.
Our newest registered member is bi4picik.