NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - Wireless Cracking - Thompson, BTHomeHub and BTHomeHub2 Router Algos


43 Results - Page 2 of 2 -
1 2
Author Message
Avatar
mariust5

Status: n/a
Joined: Tue, 26 Mar 2013
Posts: 52
Team:
Reputation: 1 Reputation
Offline
Sun, 15 Mar 2015 @ 08:54:48

These routers are as old as the hills but enter this key : 2fd817eb9b

Thanks Milzo , the key doesn't work .. if you have a string ... maybe 80 of them i wouldn't mind trying them .. PM me if you can .

But thanks a lot anyway .


Avatar
flyinghaggis

Status: Trusted
Joined: Wed, 19 Feb 2014
Posts: 536
Team:
Reputation: 622 Reputation
Offline
Mon, 16 Mar 2015 @ 06:41:19

Birdy_UK said:

Hey blandy,

My first WPA handshake was done today on a sky AP so i have converted this to hccap.
I would be willing to donate say £100, if you can help me crack the closest 3/4 WPA keys
Look forward to hearing from you. Thanks.

SKY725CA |L¥pT±0Y· ¨‚tŒÖH=Y¯<àšâbN¸.7Ð`†_ bQd{Zµ÷3ᾸŸïaa]ÚR!’L~â¡7·#™OÃç u
tŒÖH=Y¯<àšâbN¸.7Ð`†_ bQd{Zµ 0 ¬ ¬ ¬( y  ûSI_o͹ê=çÊ £â(«


Please post the .hccap and .cap file.


Rab.


BTC: 19b8m63qe2hMchz7BBgyGudNPpTycJcRAQ

Avatar
Birdy_UK

Status: Banned
Joined: Fri, 13 Mar 2015
Posts: 5
Team:
Reputation: 0 Reputation
Offline
Tue, 17 Mar 2015 @ 01:08:30

WARNING! User is BANNED and maybe a SCAMMER.

Hi Rab,

I have uploaded the CAP file the hccap file is on my portable usb drive and dont have it right this second. I have been working on getting better handshakes in a shorter period of time to provide smaller .cap files.

I have also got all of the routers cap and hccap files i am trying to pentest both BtHub-3/4/5 and SKY Routers.

All the files are all on my USB drive and can provide these tomorrow.

my current very first cap file from the quoted post i made above is attached.

Thanks,
Ronald

UPDATE:

The cap file will not upload for some reason so i have used Tinyupload:

http://s000.tinyupload.com/?file_id=11179398878883879936

Cheers.


Avatar
cheeseuk1989

Status: n/a
Joined: Sun, 03 May 2015
Posts: 39
Team:
Reputation: 10 Reputation
Offline
Sun, 03 May 2015 @ 19:34:45

I have 2 spare sky routers if this is any help?

SR101 - 2012 from the ISP around about

WiFi Name SKYF5262
WiFi password AFUWEDQF
PIN 32867763
MAC 7C 4C A5 AB (cant read the rest as is been rubbed off)
SERIAL A2101 (cant read the rest as is been rubbed off)

SR102
- 2014 about.

WiFi Name SKY9D9EC
WiFi password STD8DPTQ
PIN 22838766
MAC 7C 4C A5 E9 (cant read the rest as is been rubbed off)
SERIAL A502145 (cant read the rest as is been rubbed off)

SR101 WPS Pins (Found on various sites)
29945832
32621754

SR102 various WPS Pins (Found on various sites)
53530141


Avatar
fgt67

Status: n/a
Joined: Wed, 23 Sep 2015
Posts: 1
Team:
Reputation: 0 Reputation
Offline
Sat, 03 Oct 2015 @ 17:49:09

Anyone got any details for the more recent BTHubs such as 3, 4 and 5 along with the various revisions (A and B)? It seems there is only one real example on the entire Internet I can find. Without a healthy pool of accurate data there is no point in trying to look for patterns. I would need SSID, MAC, WPA Key and Serial as a minimum. Anything else link admin password, WPS PIN and WLAN MAC would be a bonus. Even just a photo of the sticker with the details would be perfect.

Also, has anyone ever gone through the source code released under GPL by BT? I doubt it has anything related to the algorithms used to generate the keys in plain text but the archives I attempt to download are never complete and thus corrupt.


Avatar
m4cc48100

Status: n/a
Joined: Thu, 29 Oct 2015
Posts: 13
Team:
Reputation: -10 Reputation
Offline
Thu, 26 Nov 2015 @ 01:58:41

pixiedust attack seems to work quite well on TalkTalk routers for me.. Ive had a few sky ones that will run through pixie but always return with WPA key not found.. But overall the hardest ive found are BTHubs 4 and 5.. They are 10 chars long as default in lalpha (a-f 2-9) hope it helps.. usually ive noticed BTHubs 4+ start with letter then numbers c9@@@@@@@@ .. etc, but i have seena hub5 that started with a number and then a letter.. But always a single letter or single number at the begining.. My BTHub 4 was letter, 3 numbers, letter, 2 numbers , letter, 1 number, letter.. ( d896a35b8f )


Avatar
cvsi
Moderator
Status: Trusted
Joined: Fri, 23 May 2014
Posts: 2377
Team:
Reputation: 3523 Reputation
Offline
Thu, 26 Nov 2015 @ 02:29:58

The BTHub4 does change. It wont always have like you posted yours. But I have noticed with them.
If the 1st character is a letter, the last is also a letter.
If the 1st character is a number, the last is also a number.


Those are the only 2 things that I have seen hold true, at least up to this point and on any that I have seen or cracked.
But the rest of it can vary.


Please read the forum rules. | Please read the paid section rules.

GTX 1080 Ti , GTX 1080 , 1070 Ti , 2x GTX 1070 Everything watercooled

BTC - 1As13jsySvbN5wjcNJP3AASiazDX9pVdVw
ETH - 0xF35481E80a91ea8aB7D9E1E9c79f55390Cc00744

Avatar
YssDiamond

Status: n/a
Joined: Tue, 21 Jun 2016
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Fri, 24 Jun 2016 @ 05:01:02

what about this one ? any idea someone ? ssid Thomson-3BE801 Mac Adress 58-98-35-3B-E8-01

i believe its i thomson tg 784 from 2010 the ssid is the same ass the the mac adress


Avatar
frenchy1

Status: Cracker
Joined: Tue, 28 Jul 2015
Posts: 631
Team:
Reputation: 396 Reputation
Offline
Fri, 24 Jun 2016 @ 07:29:42

YssDiamond said:

what about this one ? any idea someone ? ssid Thomson-3BE801 Mac Adress 58-98-35-3B-E8-01

i believe its i thomson tg 784 from 2010 the ssid is the same ass the the mac adress

try this 9268FE4BFF



Just a hobbyist

Avatar
YssDiamond

Status: n/a
Joined: Tue, 21 Jun 2016
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Fri, 24 Jun 2016 @ 08:25:16

thanks for the reply and the help realy apreciate it unfortunately i already tried that one wich i found on NICKSS website but doesnt apply for this model since its 2010 or 2011 not sure though


Avatar
frenchy1

Status: Cracker
Joined: Tue, 28 Jul 2015
Posts: 631
Team:
Reputation: 396 Reputation
Offline
Fri, 24 Jun 2016 @ 08:38:10

YssDiamond said:

thanks for the reply and the help realy apreciate it unfortunately i already tried that one wich i found on NICKSS website but doesnt apply for this model since its 2010 or 2011 not sure though

Capture a handshake or use reaver



Just a hobbyist

Avatar
YssDiamond

Status: n/a
Joined: Tue, 21 Jun 2016
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Fri, 24 Jun 2016 @ 09:10:08

reaver is useless since it has no wps enabled and i already posted the handshake on the
wpa cracking section thanks for the reply merci !


Avatar
Andycapp

Status: n/a
Joined: Wed, 28 Feb 2018
Posts: 2
Team:
Reputation: 0 Reputation
Offline
Thu, 01 Mar 2018 @ 19:52:59

Hello friends,
as you see this is my first post
the reason that i am writing is that
i am trying to build or to find an algorithm for the Speedport 2i of OTE (greek)
something similar to this:
https://www.wardriving-forum.de/wiki/Standardpassw%C3%B6rter
the essid is COSMOTE-XXXXXX

I have a few data from some routers already but still did not found a solution
any ideas or help would be much appreciated



43 Results - Page 2 of 2 -
1 2

We have a total of 162983 messages in 20470 topics.
We have a total of 19225 registered users.
Our newest registered member is evsteeva.