NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - Wireless Cracking - Technicolor PIN Generator

WARNING!
Due to the number of SCAMS going on in the PAID forum, PLEASE ask an ADMIN or MODERATOR to verify ALL found passwords to ensure you are not being SCAMMED.
DO NOT PAY until an ADMIN or MOD has verified them for you!


104 Results - Page 1 of 4 -
1 2 3 4
Author Message
Avatar
unsuns06

Status: n/a
Joined: Fri, 07 Jun 2013
Posts: 2
Team:
Reputation: 2 Reputation
Offline
Fri, 07 Jun 2013 @ 10:35:32

Hello guys, I have a new CHALLENGE for you !

I have a new serie of Technicolor Routers data, and I would like to have a PIN generator if possible.

I know guys what you are capable of

Here is the link to data,
http://www.jheberg.net/captcha/MhwGyF-tncap-rar

And here is the list of the six last caracters of MAC address with their associated pin code.

938028;15061591
941A8D;79489515
948BE4;37017422
9388E8;90467912
96C99F;12456789
A4CAFF;71095837
936D45;90427145


Good Luck Guys


Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3057
Team: HashKiller
Reputation: 4081 Reputation
Offline
Wed, 12 Jun 2013 @ 15:59:49

Nice xD lots of pics for TNCAP routers although finding the correct algo will be difficult. If you can post all the Serial Numbers, MACs, SSID and WPA Keys in a list it would be a huge help.


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080

Avatar
PiXEL

Status: Cracker
Joined: Sat, 09 Jun 2012
Posts: 149
Team:
Reputation: 274 Reputation
Offline
Wed, 12 Jun 2013 @ 16:29:56

I was having a look at this too but I'm not having any luck with it.

Here's a list of all the info off them pics that unsuns06 posted.


CPU: Intel Core i7 2600k
GPU: GeForce GTX 1060 6GB

Attachments: Login to view attachments.
Avatar
unsuns06

Status: n/a
Joined: Fri, 07 Jun 2013
Posts: 2
Team:
Reputation: 2 Reputation
Offline
Thu, 13 Jun 2013 @ 18:58:02

Thanks for your help !


Routor: TD5130
SSID: TNCAP9388E8
WPA-Key: 580C05A631
WPS-Pin:90467912
Admin-Pass: kcfx
MAC: 0018E79388E8
SN: 1150A1D05173
GW: DSLBE5130MAE1


Routor: TD5130
SSID: TNCAP948BE4
WPA-Key: 079A40DEFB
WPS-Pin: 37017422
Admin-Pass: et3p
MAC: 0018E7948BE4
SN: 1150A1D18433
GW: DSLBE5130MAE1


Routor: TD5130
SSID: TNCAP96C99F
WPA-Key: F3D70D3689
WPS-Pin: 12456789
Admin-Pass: 00jr
MAC: 0018E796C99F
SN: 1201A1D08658
GW: DSLBE5130MAE1


Routor: TD5130
SSID: TNCAPA4CAFF
WPA-Key: 5E00C7B723
WPS-Pin: 71095837
Admin-Pass: efop
MAC: 0018E7A4CAFF
SN: 1211A1D03863
GW: DSLBE5130MAE1


Routor: TD5130
SSID: TNCAP936D45
WPA-Key: 4E35E2A17A
WPS-Pin: 90427145
Admin-Pass: 2ggr
MAC: 0018E7936D45
SN: 1150A1D03750
GW: DSLBE5130MAE1


Routor: TD5130
SSID: TNCAP938028
WPA-Key: 3BC2B03785
WPS-Pin: 15061591
Admin-Pass: x0ym
MAC: 0018E7938028
SN: 1150A1D04725
GW: DSLBE5130MAE1

Routor: TD5130
SSID: TNCAP941A8D
WPA-Key: 842B159901
WPS-Pin: 79489515
Admin-Pass: sthh
MAC: 0018E7941A8D
SN: 1150A1D12630
GW: DSLBE5130MAE1
edited by unsuns06 on 13/06/2013


Avatar
hash-ire

Status: n/a
Joined: Mon, 19 Aug 2013
Posts: 257
Team:
Reputation: 308 Reputation
Offline
Mon, 19 Aug 2013 @ 13:21:28

I found this on the net. The model is different though.

http://i.imgur.com/rp6aX0I.jpg

Model: TG582n
SSID: TNCAP38A74F
WPA-Key: 273F3492FF
WPS-Pin: 40127576
MAC: A4B1E938A74E
SN: CP1226VFDLL
GW: DSLWBC582PAE7
ACCESS KEY: 64HT6Z8P (login pass?)
edited by hash-ire on 19/08/2013


Avatar
hash-ire

Status: n/a
Joined: Mon, 19 Aug 2013
Posts: 257
Team:
Reputation: 308 Reputation
Offline
Sat, 09 Nov 2013 @ 13:12:36

I found this topic on a french forum: http://www.crack-wifi.com/forum/topic-9372-technicolor-td5130-0018e7.html

An user says: 'by multiplying the last 6 HEX digits of the BSSID by itself and dividing the result by the serial you'll get a costant (5).'

AP: TD5130
SSID: TNCAP9388E8
WPA-Key: 580C05A631
WPS-Pin:90467912
Admin-Pass: kcfx
MAC: 0018E79388E8
SN: 1150A1D05173
GW: DSLBE5130MAE1

AP: TD5130
SSID: TNCAP948BE4
WPA-Key: 079A40DEFB
WPS-Pin: 37017422
Admin-Pass: et3p
MAC: 0018E7948BE4
SN: 1150A1D18433
GW: DSLBE5130MAE1

First:
9388E8 * 9388E8 = 550683A75240
550683A75240/1150A1D05173 = 5

Second:
948BE4 * 948BE4 = 56320C116310
56320C116310/1150A1D18433 = 5

His conclusion is that with the BSSID you can find the serial number: ESSID² = fct(BSSID) = 5 * S/N.


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Sat, 09 Nov 2013 @ 15:18:31

Thank you very much for this hash-ire +1

hash-ire said:

His conclusion is that with the BSSID you can find the serial number: ESSID² = fct(BSSID) = 5 * S/N.

When you say serial number in the quote above do you actually mean PIN ?


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
hash-ire

Status: n/a
Joined: Mon, 19 Aug 2013
Posts: 257
Team:
Reputation: 308 Reputation
Offline
Sat, 09 Nov 2013 @ 15:22:34

Hash-IT said:

When you say serial number in the quote above do you actually mean PIN ?


I mean the serial number:

SSID: TNCAP9388E8
SN: 1150A1D05173

SSID: TNCAP948BE4
SN: 1150A1D18433

Anyway your type of router is different your serial is something like: CPXXXXXXXXX. That's why I didn't post in the other thread.


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Sat, 09 Nov 2013 @ 16:07:53

Aw heck

I am sorry, I have removed my last post as I was so desperate to break this damn WPA I didn't read it all properly

Desperation can do funny things to a guy

Thanks hash-ire


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
miguelone

Status: n/a
Joined: Sun, 24 Nov 2013
Posts: 1
Team:
Reputation: 0 Reputation
Offline
Sun, 24 Nov 2013 @ 15:51:18

hi guys i have a router TNCAP5CF25D with mac A4:B1:E9:5C:F2:5D
can you found the key with a program ?
thnks


Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 139
Team:
Reputation: 27 Reputation
Offline
Wed, 04 Dec 2013 @ 20:39:43

I had a thought.

The password is 10 characters long (0123456789ABCDEF). But every password never contains more than 5 alphabetic characters (ABCDEF).

How can I create a dictionary with words 10 letters long (0123456789ABCDEF) and a maximum of 5 alpha characters?


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Wed, 04 Dec 2013 @ 22:12:11

eftecno said:

I had a thought.

The password is 10 characters long (0123456789ABCDEF). But every password never contains more than 5 alphabetic characters (ABCDEF).

How can I create a dictionary with words 10 letters long (0123456789ABCDEF) and a maximum of 5 alpha characters?

You would not normally make a dictionary as it would be enormous

Use this command with oclhashcat

-1 ABCDEF0123456789 ?1?1?1?1?1?1?1?1?1?1

It will takes months or years


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 139
Team:
Reputation: 27 Reputation
Offline
Wed, 04 Dec 2013 @ 22:21:59

I'm sorry, I think I wasn't clear. Your command is good to generate a COMPLETE dictionary, with password like 1234567890 or AAAAAAAABB. I suppose that this password doesn't exist in the TNCAP range!

mp64.exe -2 ABCDEF --output-file 10carhex.txt ?d?d?d?2?d?d?2?2?2?2 --combinations

the result is 777600000, at 30000 k/s I can try it in 7 hours!

I'd like to know how generate *all the password with max 5 ABCDEF*, not all the password with 6-7-8-9-10 alpha.


Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 139
Team:
Reputation: 27 Reputation
Offline
Fri, 06 Dec 2013 @ 12:28:03

mp64.bin -2 ABCDEF --output-file 10carhex.txt ?d?2?d?d?2?d?2?d?d?d -q 3

this command is correct to limit to 2 (two) sequential chars?

AAA --> NO
ABA --> YES
BBA --> YES


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Fri, 06 Dec 2013 @ 16:50:44

Yes thats right the -q option. This however does not solve your problem.

In fact I have wanted an intelligent brute force generator for quite sometime.

I haven't forgotten your posts, I am just looking for a way to do it

I do know someone who is very clever with this sort of thing, I will beg and plead with him to perhaps help us out.


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 139
Team:
Reputation: 27 Reputation
Offline
Fri, 06 Dec 2013 @ 17:00:02

Ok, many thanks for your effort!


Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 139
Team:
Reputation: 27 Reputation
Offline
Sat, 07 Dec 2013 @ 14:08:55

A few more info:

length: 10 characters from UPPER HEX (0123456789ABCDEF)
no more than 5 alpha chars in the password (yes ABCDE01234 no ABCDEF0123)
no more than 2 consecutive chars (yes AABCDEF012 no AAABCDEF01)
no more than 2 equal numbers in the password (yes A1A123456 no A1A123451)
no more than 3 equal alpha chars in the password (yes 8017C24CCF, no C017C24CCF)


Avatar
PiXEL

Status: Cracker
Joined: Sat, 09 Jun 2012
Posts: 149
Team:
Reputation: 274 Reputation
Offline
Sat, 07 Dec 2013 @ 18:04:52

eftecno said:

A few more info:

length: 10 characters from UPPER HEX (0123456789ABCDEF)
no more than 5 alpha chars in the password (yes ABCDE01234 no ABCDEF0123)
no more than 2 consecutive chars (yes AABCDEF012 no AAABCDEF01)
no more than 2 equal numbers in the password (yes A1A123456 no A1A123451)
no more than 3 equal alpha chars in the password (yes 8017C24CCF, no C017C24CCF)

I think you may find this Perl script helpful.

USAGE: perl wg.pl options

options are:
-a string: prefix
-c number: max consecutive letters (how many consecutive 'a' do you want?)
-e : submit the output string to the operating system
-h : help
-l number: min length of the word
-o number: max number of occurrencies of a letter
-n number: max number of n-ple (AA, BBB, CCC, DDDD)
-r number: max number of repeatitions (ABCABABBCDBCD has 5 repeatitions: 3 reps of AB and 2 of BCD)
-t : trace on
-u number: max length of the word
-v string: list of valid characters (es, "01" "abcdef"
-z string: postfix


ftp://ftp.mut.ac.th/pub/Security/wg.pl


CPU: Intel Core i7 2600k
GPU: GeForce GTX 1060 6GB

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Sun, 08 Dec 2013 @ 13:05:51

Nice find PiXEL


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 139
Team:
Reputation: 27 Reputation
Offline
Sun, 08 Dec 2013 @ 13:21:52

PiXEL said:

eftecno said:

A few more info:

length: 10 characters from UPPER HEX (0123456789ABCDEF)
no more than 5 alpha chars in the password (yes ABCDE01234 no ABCDEF0123)
no more than 2 consecutive chars (yes AABCDEF012 no AAABCDEF01)
no more than 2 equal numbers in the password (yes A1A123456 no A1A123451)
no more than 3 equal alpha chars in the password (yes 8017C24CCF, no C017C24CCF)

I think you may find this Perl script helpful.

USAGE: perl wg.pl options

options are:
-a string: prefix
-c number: max consecutive letters (how many consecutive 'a' do you want?)
-e : submit the output string to the operating system
-h : help
-l number: min length of the word
-o number: max number of occurrencies of a letter
-n number: max number of n-ple (AA, BBB, CCC, DDDD)
-r number: max number of repeatitions (ABCABABBCDBCD has 5 repeatitions: 3 reps of AB and 2 of BCD)
-t : trace on
-u number: max length of the word
-v string: list of valid characters (es, "01" "abcdef"
-z string: postfix


ftp://ftp.mut.ac.th/pub/Security/wg.pl

Nice, nice I'll give it a try! Many thanks!


Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 139
Team:
Reputation: 27 Reputation
Offline
Sun, 08 Dec 2013 @ 14:51:47

Works fine, thanks!

perl wg.pl -c 2 -l 10 -o 3 -n 1 -r 1 -u 10 -v "0123456789ABCDEF" | split -l 10000000 - diz-

creates

diz-aa
diz-ab



Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 139
Team:
Reputation: 27 Reputation
Offline
Mon, 09 Dec 2013 @ 16:37:31

The script is very good, but also very slow. Can someone please try it and tell me how many keys generates in one minute?

WINDOWS/LINUX

perl wg.pl -c 2 -l 10 -o 3 -n 1 -r 1 -u 10 -v "0123456789ABCDEF" > dictionary.txt


Avatar
PiXEL

Status: Cracker
Joined: Sat, 09 Jun 2012
Posts: 149
Team:
Reputation: 274 Reputation
Offline
Mon, 09 Dec 2013 @ 16:52:54

eftecno said:

The script is very good, but also very slow. Can someone please try it and tell me how many keys generates in one minute?

WINDOWS/LINUX

perl wg.pl -c 2 -l 10 -o 3 -n 1 -r 1 -u 10 -v "0123456789ABCDEF" > dictionary.txt

With the line above I do about 360,448 a minute.


CPU: Intel Core i7 2600k
GPU: GeForce GTX 1060 6GB

Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 139
Team:
Reputation: 27 Reputation
Offline
Mon, 09 Dec 2013 @ 17:01:38

many thanks!


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 3003 Reputation
Offline
Mon, 09 Dec 2013 @ 17:09:44

You could probably pipe that into gzip.exe to save space.

When you want to run it using oclhashcat do this...

gzip.exe -d -c passlist.txt.gz | oclHashcat-plus64.exe -m 0 --force "your-MD5-hash-here"


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 139
Team:
Reputation: 27 Reputation
Offline
Mon, 09 Dec 2013 @ 22:19:48

Ok, I splitted the dictionary in 4000 pieces. I hope the password is in the first half

Hash-IT said:

You could probably pipe that into gzip.exe to save space.

When you want to run it using oclhashcat do this...

gzip.exe -d -c passlist.txt.gz | oclHashcat-plus64.exe -m 0 --force "your-MD5-hash-here"

Nice command! +1 reputation

----

I used lzma instead of zip. Lzma shrinked 1 GB file to 15 MB!

-----

Another program in C for TNCAP

http://pastebin.com/V8pMYS5S

-----

A windows password generator for TNCAP

http://www39.zippyshare.com/v/47072336/file.html

---

I compared a specific generator like technicolor.exe and maskprocessor with the switch -q 3.
technicolor.exe 750849753 KB 716 GB
maskprocessor.exe 781682234 KB 745 GB


Avatar
snowysheep

Status: n/a
Joined: Sat, 01 Feb 2014
Posts: 3
Team:
Reputation: 0 Reputation
Offline
Sat, 01 Feb 2014 @ 09:18:28

hi everyone i'm new at this forum !

i've read all these posts since i'm interested to find a way to break this tough router :ss !

i'd like first to thanks everyone for their efforts

i have some questions , how did you know that the password respect these rules :

no more than 5 alpha chars in the password (yes ABCDE01234 no ABCDEF0123)
no more than 2 consecutive chars (yes AABCDEF012 no AAABCDEF01)
no more than 2 equal numbers in the password (yes A1A123456 no A1A123451)
no more than 3 equal alpha chars in the password (yes 8017C24CCF, no C017C24CCF)

@eftecno : what is the size of wordlist did you succeed to create ?


Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 139
Team:
Reputation: 27 Reputation
Offline
Sat, 01 Feb 2014 @ 14:10:48

snowysheep said:

i have some questions , how did you know that the password respect these rules :

no more than 5 alpha chars in the password (yes ABCDE01234 no ABCDEF0123)
no more than 2 consecutive chars (yes AABCDEF012 no AAABCDEF01)
no more than 2 equal numbers in the password (yes A1A123456 no A1A123451)
no more than 3 equal alpha chars in the password (yes 8017C24CCF, no C017C24CCF)

From known passwords

snowysheep said:


@eftecno : what is the size of wordlist did you succeed to create ?

16^10 = 1099511627776 combination, 11TB


Avatar
abdelhaq baallal

Status: n/a
Joined: Thu, 03 Jul 2014
Posts: 7
Team:
Reputation: 0 Reputation
Offline
Mon, 07 Jul 2014 @ 15:43:49

hi can any one help me i want pin of tncap2c57c2 and tncap694069 and tncap2c7248 ?????????? how can i hack tncap ?????? i am from morocco plz help me



Avatar
kikothebest94

Status: n/a
Joined: Wed, 09 Jul 2014
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Wed, 09 Jul 2014 @ 12:18:18

I i'm trying tohack my tncap, can someone help me please? It's TNAP99C73D the mac address should be a4:b1:e9:99:c7:3d thanks a lot.



104 Results - Page 1 of 4 -
1 2 3 4

67 users online in the last hour
capric0rnu$, dipeperon, Mexx666666, Szul, str0nGh0ld, ras31n, ukris, FineCut, Espira, RazzaR,

We have a total of 167021 messages in 20896 topics.
We have a total of 18748 registered users.
Our newest registered member is behuro.