NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - Wireless Cracking - Technicolor PIN Generator


104 Results - Page 1 of 4 -
1 2 3 4
Author Message
Avatar
unsuns06

Status: n/a
Joined: Fri, 07 Jun 2013
Posts: 2
Team:
Reputation: 2 Reputation
Offline
Fri, 07 Jun 2013 @ 10:35:32

Hello guys, I have a new CHALLENGE for you !

I have a new serie of Technicolor Routers data, and I would like to have a PIN generator if possible.

I know guys what you are capable of

Here is the link to data,
http://www.jheberg.net/captcha/MhwGyF-tncap-rar

And here is the list of the six last caracters of MAC address with their associated pin code.

938028;15061591
941A8D;79489515
948BE4;37017422
9388E8;90467912
96C99F;12456789
A4CAFF;71095837
936D45;90427145


Good Luck Guys


Avatar
blandyuk
Admin / Owner
Status: Trusted
Joined: Tue, 05 Jul 2011
Posts: 3186
Team: HashKiller
Reputation: 4152 Reputation
Offline
Wed, 12 Jun 2013 @ 15:59:49

Nice xD lots of pics for TNCAP routers although finding the correct algo will be difficult. If you can post all the Serial Numbers, MACs, SSID and WPA Keys in a list it would be a huge help.


Please read the forum rules | Please read the paid section rules
I accept private hash lists, with forum donations only.
BTC: 15qF9WUeFUD63ishxyAMiEgGqTcYzk4j9b
GPU Power: 9x GTX 1070 + 4x GTX 1080

Avatar
PiXEL

Status: Cracker
Joined: Sat, 09 Jun 2012
Posts: 149
Team:
Reputation: 273 Reputation
Offline
Wed, 12 Jun 2013 @ 16:29:56

I was having a look at this too but I'm not having any luck with it.

Here's a list of all the info off them pics that unsuns06 posted.


CPU: Intel Core i7 2600k
GPU: GeForce GTX 1060 6GB

Attachments: Login to view attachments.
Avatar
unsuns06

Status: n/a
Joined: Fri, 07 Jun 2013
Posts: 2
Team:
Reputation: 2 Reputation
Offline
Thu, 13 Jun 2013 @ 18:58:02

Thanks for your help !


Routor: TD5130
SSID: TNCAP9388E8
WPA-Key: 580C05A631
WPS-Pin:90467912
Admin-Pass: kcfx
MAC: 0018E79388E8
SN: 1150A1D05173
GW: DSLBE5130MAE1


Routor: TD5130
SSID: TNCAP948BE4
WPA-Key: 079A40DEFB
WPS-Pin: 37017422
Admin-Pass: et3p
MAC: 0018E7948BE4
SN: 1150A1D18433
GW: DSLBE5130MAE1


Routor: TD5130
SSID: TNCAP96C99F
WPA-Key: F3D70D3689
WPS-Pin: 12456789
Admin-Pass: 00jr
MAC: 0018E796C99F
SN: 1201A1D08658
GW: DSLBE5130MAE1


Routor: TD5130
SSID: TNCAPA4CAFF
WPA-Key: 5E00C7B723
WPS-Pin: 71095837
Admin-Pass: efop
MAC: 0018E7A4CAFF
SN: 1211A1D03863
GW: DSLBE5130MAE1


Routor: TD5130
SSID: TNCAP936D45
WPA-Key: 4E35E2A17A
WPS-Pin: 90427145
Admin-Pass: 2ggr
MAC: 0018E7936D45
SN: 1150A1D03750
GW: DSLBE5130MAE1


Routor: TD5130
SSID: TNCAP938028
WPA-Key: 3BC2B03785
WPS-Pin: 15061591
Admin-Pass: x0ym
MAC: 0018E7938028
SN: 1150A1D04725
GW: DSLBE5130MAE1

Routor: TD5130
SSID: TNCAP941A8D
WPA-Key: 842B159901
WPS-Pin: 79489515
Admin-Pass: sthh
MAC: 0018E7941A8D
SN: 1150A1D12630
GW: DSLBE5130MAE1
edited by unsuns06 on 13/06/2013


Avatar
hash-ire

Status: n/a
Joined: Mon, 19 Aug 2013
Posts: 257
Team:
Reputation: 307 Reputation
Offline
Mon, 19 Aug 2013 @ 13:21:28

I found this on the net. The model is different though.

http://i.imgur.com/rp6aX0I.jpg

Model: TG582n
SSID: TNCAP38A74F
WPA-Key: 273F3492FF
WPS-Pin: 40127576
MAC: A4B1E938A74E
SN: CP1226VFDLL
GW: DSLWBC582PAE7
ACCESS KEY: 64HT6Z8P (login pass?)
edited by hash-ire on 19/08/2013


Avatar
hash-ire

Status: n/a
Joined: Mon, 19 Aug 2013
Posts: 257
Team:
Reputation: 307 Reputation
Offline
Sat, 09 Nov 2013 @ 13:12:36

I found this topic on a french forum: http://www.crack-wifi.com/forum/topic-9372-technicolor-td5130-0018e7.html

An user says: 'by multiplying the last 6 HEX digits of the BSSID by itself and dividing the result by the serial you'll get a costant (5).'

AP: TD5130
SSID: TNCAP9388E8
WPA-Key: 580C05A631
WPS-Pin:90467912
Admin-Pass: kcfx
MAC: 0018E79388E8
SN: 1150A1D05173
GW: DSLBE5130MAE1

AP: TD5130
SSID: TNCAP948BE4
WPA-Key: 079A40DEFB
WPS-Pin: 37017422
Admin-Pass: et3p
MAC: 0018E7948BE4
SN: 1150A1D18433
GW: DSLBE5130MAE1

First:
9388E8 * 9388E8 = 550683A75240
550683A75240/1150A1D05173 = 5

Second:
948BE4 * 948BE4 = 56320C116310
56320C116310/1150A1D18433 = 5

His conclusion is that with the BSSID you can find the serial number: ESSID² = fct(BSSID) = 5 * S/N.


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Sat, 09 Nov 2013 @ 15:18:31

Thank you very much for this hash-ire +1

hash-ire said:

His conclusion is that with the BSSID you can find the serial number: ESSID² = fct(BSSID) = 5 * S/N.

When you say serial number in the quote above do you actually mean PIN ?


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
hash-ire

Status: n/a
Joined: Mon, 19 Aug 2013
Posts: 257
Team:
Reputation: 307 Reputation
Offline
Sat, 09 Nov 2013 @ 15:22:34

Hash-IT said:

When you say serial number in the quote above do you actually mean PIN ?


I mean the serial number:

SSID: TNCAP9388E8
SN: 1150A1D05173

SSID: TNCAP948BE4
SN: 1150A1D18433

Anyway your type of router is different your serial is something like: CPXXXXXXXXX. That's why I didn't post in the other thread.


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Sat, 09 Nov 2013 @ 16:07:53

Aw heck

I am sorry, I have removed my last post as I was so desperate to break this damn WPA I didn't read it all properly

Desperation can do funny things to a guy

Thanks hash-ire


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
miguelone

Status: n/a
Joined: Sun, 24 Nov 2013
Posts: 1
Team:
Reputation: 0 Reputation
Offline
Sun, 24 Nov 2013 @ 15:51:18

hi guys i have a router TNCAP5CF25D with mac A4:B1:E9:5C:F2:5D
can you found the key with a program ?
thnks


Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 139
Team:
Reputation: 27 Reputation
Offline
Wed, 04 Dec 2013 @ 20:39:43

I had a thought.

The password is 10 characters long (0123456789ABCDEF). But every password never contains more than 5 alphabetic characters (ABCDEF).

How can I create a dictionary with words 10 letters long (0123456789ABCDEF) and a maximum of 5 alpha characters?


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Wed, 04 Dec 2013 @ 22:12:11

eftecno said:

I had a thought.

The password is 10 characters long (0123456789ABCDEF). But every password never contains more than 5 alphabetic characters (ABCDEF).

How can I create a dictionary with words 10 letters long (0123456789ABCDEF) and a maximum of 5 alpha characters?

You would not normally make a dictionary as it would be enormous

Use this command with oclhashcat

-1 ABCDEF0123456789 ?1?1?1?1?1?1?1?1?1?1

It will takes months or years


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 139
Team:
Reputation: 27 Reputation
Offline
Wed, 04 Dec 2013 @ 22:21:59

I'm sorry, I think I wasn't clear. Your command is good to generate a COMPLETE dictionary, with password like 1234567890 or AAAAAAAABB. I suppose that this password doesn't exist in the TNCAP range!

mp64.exe -2 ABCDEF --output-file 10carhex.txt ?d?d?d?2?d?d?2?2?2?2 --combinations

the result is 777600000, at 30000 k/s I can try it in 7 hours!

I'd like to know how generate *all the password with max 5 ABCDEF*, not all the password with 6-7-8-9-10 alpha.


Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 139
Team:
Reputation: 27 Reputation
Offline
Fri, 06 Dec 2013 @ 12:28:03

mp64.bin -2 ABCDEF --output-file 10carhex.txt ?d?2?d?d?2?d?2?d?d?d -q 3

this command is correct to limit to 2 (two) sequential chars?

AAA --> NO
ABA --> YES
BBA --> YES


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Fri, 06 Dec 2013 @ 16:50:44

Yes thats right the -q option. This however does not solve your problem.

In fact I have wanted an intelligent brute force generator for quite sometime.

I haven't forgotten your posts, I am just looking for a way to do it

I do know someone who is very clever with this sort of thing, I will beg and plead with him to perhaps help us out.


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 139
Team:
Reputation: 27 Reputation
Offline
Fri, 06 Dec 2013 @ 17:00:02

Ok, many thanks for your effort!


Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 139
Team:
Reputation: 27 Reputation
Offline
Sat, 07 Dec 2013 @ 14:08:55

A few more info:

length: 10 characters from UPPER HEX (0123456789ABCDEF)
no more than 5 alpha chars in the password (yes ABCDE01234 no ABCDEF0123)
no more than 2 consecutive chars (yes AABCDEF012 no AAABCDEF01)
no more than 2 equal numbers in the password (yes A1A123456 no A1A123451)
no more than 3 equal alpha chars in the password (yes 8017C24CCF, no C017C24CCF)


Avatar
PiXEL

Status: Cracker
Joined: Sat, 09 Jun 2012
Posts: 149
Team:
Reputation: 273 Reputation
Offline
Sat, 07 Dec 2013 @ 18:04:52

eftecno said:

A few more info:

length: 10 characters from UPPER HEX (0123456789ABCDEF)
no more than 5 alpha chars in the password (yes ABCDE01234 no ABCDEF0123)
no more than 2 consecutive chars (yes AABCDEF012 no AAABCDEF01)
no more than 2 equal numbers in the password (yes A1A123456 no A1A123451)
no more than 3 equal alpha chars in the password (yes 8017C24CCF, no C017C24CCF)

I think you may find this Perl script helpful.

USAGE: perl wg.pl options

options are:
-a string: prefix
-c number: max consecutive letters (how many consecutive 'a' do you want?)
-e : submit the output string to the operating system
-h : help
-l number: min length of the word
-o number: max number of occurrencies of a letter
-n number: max number of n-ple (AA, BBB, CCC, DDDD)
-r number: max number of repeatitions (ABCABABBCDBCD has 5 repeatitions: 3 reps of AB and 2 of BCD)
-t : trace on
-u number: max length of the word
-v string: list of valid characters (es, "01" "abcdef"
-z string: postfix


ftp://ftp.mut.ac.th/pub/Security/wg.pl


CPU: Intel Core i7 2600k
GPU: GeForce GTX 1060 6GB

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Sun, 08 Dec 2013 @ 13:05:51

Nice find PiXEL


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 139
Team:
Reputation: 27 Reputation
Offline
Sun, 08 Dec 2013 @ 13:21:52

PiXEL said:

eftecno said:

A few more info:

length: 10 characters from UPPER HEX (0123456789ABCDEF)
no more than 5 alpha chars in the password (yes ABCDE01234 no ABCDEF0123)
no more than 2 consecutive chars (yes AABCDEF012 no AAABCDEF01)
no more than 2 equal numbers in the password (yes A1A123456 no A1A123451)
no more than 3 equal alpha chars in the password (yes 8017C24CCF, no C017C24CCF)

I think you may find this Perl script helpful.

USAGE: perl wg.pl options

options are:
-a string: prefix
-c number: max consecutive letters (how many consecutive 'a' do you want?)
-e : submit the output string to the operating system
-h : help
-l number: min length of the word
-o number: max number of occurrencies of a letter
-n number: max number of n-ple (AA, BBB, CCC, DDDD)
-r number: max number of repeatitions (ABCABABBCDBCD has 5 repeatitions: 3 reps of AB and 2 of BCD)
-t : trace on
-u number: max length of the word
-v string: list of valid characters (es, "01" "abcdef"
-z string: postfix


ftp://ftp.mut.ac.th/pub/Security/wg.pl

Nice, nice I'll give it a try! Many thanks!


Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 139
Team:
Reputation: 27 Reputation
Offline
Sun, 08 Dec 2013 @ 14:51:47

Works fine, thanks!

perl wg.pl -c 2 -l 10 -o 3 -n 1 -r 1 -u 10 -v "0123456789ABCDEF" | split -l 10000000 - diz-

creates

diz-aa
diz-ab



Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 139
Team:
Reputation: 27 Reputation
Offline
Mon, 09 Dec 2013 @ 16:37:31

The script is very good, but also very slow. Can someone please try it and tell me how many keys generates in one minute?

WINDOWS/LINUX

perl wg.pl -c 2 -l 10 -o 3 -n 1 -r 1 -u 10 -v "0123456789ABCDEF" > dictionary.txt


Avatar
PiXEL

Status: Cracker
Joined: Sat, 09 Jun 2012
Posts: 149
Team:
Reputation: 273 Reputation
Offline
Mon, 09 Dec 2013 @ 16:52:54

eftecno said:

The script is very good, but also very slow. Can someone please try it and tell me how many keys generates in one minute?

WINDOWS/LINUX

perl wg.pl -c 2 -l 10 -o 3 -n 1 -r 1 -u 10 -v "0123456789ABCDEF" > dictionary.txt

With the line above I do about 360,448 a minute.


CPU: Intel Core i7 2600k
GPU: GeForce GTX 1060 6GB

Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 139
Team:
Reputation: 27 Reputation
Offline
Mon, 09 Dec 2013 @ 17:01:38

many thanks!


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Mon, 09 Dec 2013 @ 17:09:44

You could probably pipe that into gzip.exe to save space.

When you want to run it using oclhashcat do this...

gzip.exe -d -c passlist.txt.gz | oclHashcat-plus64.exe -m 0 --force "your-MD5-hash-here"


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 139
Team:
Reputation: 27 Reputation
Offline
Mon, 09 Dec 2013 @ 22:19:48

Ok, I splitted the dictionary in 4000 pieces. I hope the password is in the first half

Hash-IT said:

You could probably pipe that into gzip.exe to save space.

When you want to run it using oclhashcat do this...

gzip.exe -d -c passlist.txt.gz | oclHashcat-plus64.exe -m 0 --force "your-MD5-hash-here"

Nice command! +1 reputation

----

I used lzma instead of zip. Lzma shrinked 1 GB file to 15 MB!

-----

Another program in C for TNCAP

http://pastebin.com/V8pMYS5S

-----

A windows password generator for TNCAP

http://www39.zippyshare.com/v/47072336/file.html

---

I compared a specific generator like technicolor.exe and maskprocessor with the switch -q 3.
technicolor.exe 750849753 KB 716 GB
maskprocessor.exe 781682234 KB 745 GB


Avatar
snowysheep

Status: n/a
Joined: Sat, 01 Feb 2014
Posts: 3
Team:
Reputation: 0 Reputation
Offline
Sat, 01 Feb 2014 @ 09:18:28

hi everyone i'm new at this forum !

i've read all these posts since i'm interested to find a way to break this tough router :ss !

i'd like first to thanks everyone for their efforts

i have some questions , how did you know that the password respect these rules :

no more than 5 alpha chars in the password (yes ABCDE01234 no ABCDEF0123)
no more than 2 consecutive chars (yes AABCDEF012 no AAABCDEF01)
no more than 2 equal numbers in the password (yes A1A123456 no A1A123451)
no more than 3 equal alpha chars in the password (yes 8017C24CCF, no C017C24CCF)

@eftecno : what is the size of wordlist did you succeed to create ?


Avatar
eftecno

Status: n/a
Joined: Mon, 02 Sep 2013
Posts: 139
Team:
Reputation: 27 Reputation
Offline
Sat, 01 Feb 2014 @ 14:10:48

snowysheep said:

i have some questions , how did you know that the password respect these rules :

no more than 5 alpha chars in the password (yes ABCDE01234 no ABCDEF0123)
no more than 2 consecutive chars (yes AABCDEF012 no AAABCDEF01)
no more than 2 equal numbers in the password (yes A1A123456 no A1A123451)
no more than 3 equal alpha chars in the password (yes 8017C24CCF, no C017C24CCF)

From known passwords

snowysheep said:


@eftecno : what is the size of wordlist did you succeed to create ?

16^10 = 1099511627776 combination, 11TB


Avatar
abdelhaq baallal

Status: n/a
Joined: Thu, 03 Jul 2014
Posts: 7
Team:
Reputation: 0 Reputation
Offline
Mon, 07 Jul 2014 @ 15:43:49

hi can any one help me i want pin of tncap2c57c2 and tncap694069 and tncap2c7248 ?????????? how can i hack tncap ?????? i am from morocco plz help me



Avatar
kikothebest94

Status: n/a
Joined: Wed, 09 Jul 2014
Posts: 6
Team:
Reputation: 0 Reputation
Offline
Wed, 09 Jul 2014 @ 12:18:18

I i'm trying tohack my tncap, can someone help me please? It's TNAP99C73D the mac address should be a4:b1:e9:99:c7:3d thanks a lot.



104 Results - Page 1 of 4 -
1 2 3 4

We have a total of 184976 messages in 22900 topics.
We have a total of 20684 registered users.
Our newest registered member is deathasher.