[R-WlanXDecrypter 0.9] - Generator dictionaries for default keys

R-WlanXDecrypter 0.9   Here I present a utility I created to generate dictionaries of default keys of R, a company of Galicia. These are known as R-wlanX (where X is a number) or similar names. Recently many wifimedia_R-XXXX networks are also seen (X are numbers), which also discuss. I have seen that there is a Rwlandecrypter aí (so I put another name), but I've tried it and not convinced, creates a dictionary of only 14 MB which includes only a small part of the possible keys by default. Before presenting the program I would like to analyze these networks to be clear about what kind of passwords used routers R default. Analysis Networks wifimedia_R-XXXX: These networks are the ones that come with certain routers that provides the R. The company provides if you have hired a service called wifimedia. This service comes by default for connections so gratiuta 30Mb or more, but can also be hired for a price for less speed connections, but this is not the last common. That is, these networks are usually high speed. Bring WPA/WPA2 password, however, the default password is ridiculous. For this reason sometimes the technician who installed the router change this password, but that's not normal. The default password of these networks is the MAC of the router with the last digit ending in 0, the lyrics tend to be sensitive but can sometimes be capitalized. An example: Code: SSID: wifimedia_R-1234 MAC: 00:26:5 B: 1E: 28: A5 The key will be: 00265b1e28a0 It can also be: 00265B1E28A0 As you can see the safety of these routers is ridiculous, needless or capture packets or use the R-WlanXDecrypter program or anything. R-wlanX networks with WEP: The first is to clarify that neither the SSID or MAC provides details of the key. The number of the SSID normally the channel (but not always) the AP. Not always the exact format of "R-wlanX" is true, sometimes mixed uppercase lowercase, no spaces sometimes, sometimes dashes, sometimes nothing separating words; and sometimes additional words appear in the SSID. The most universal way to define default passwords that are numbers R is a row of zeros. How many numbers before the 0's? . Normally 8 June sometime now independent of this type we have four possibilities of default passwords (passwords ruling over 128 bits): Password WEP 128 bit ASCII (eg "2010945600000"): The most common password 128 bit WEP Password hexadecimal (eg 20:10:94:56:00:00:00:00:00:00:00:00:00): Rare, but if any Haila 64 bit ASCII WEP Password: I've never seen one of this type 64 bit WEP Password hexadecimal (eg 20:10:94:56:00): They look quite Do they mean anything the numbers? this topic is quite mysterious: Some key-start for a year (eg "2008") followed by 4 random numbers; is believed that the year is the router manufacturing, but we found many future years (eg "2023"), so do not seem to be the case. Also most begin with 2 keys, if we reduce the search range can start looking for 2 key starting. Has recently been discovered that this number seems to be the ID assigned to your client R (completely unknown to us that only data is present in their bills). -In other cases, especially when treated 6 numbers followed by 0's (instead of 8) is believed to be the phone number without the prefix. Knowing this does not help us much but if these keys are only 6 numbers followed by 0's instead of 8, which reduces our range very sustencialmente search Well, whatever the origin of these numbers, we find that only vary up to 8 digits, which are always numbers, so we have 10 ^ 8 = 100,000,000 possibilities for each type of passwords, which are not many. In a current midrange laptop all the keys would be checked in 2 hours or less about. R-wlanX networks with WPA keys: Recently, they are appearing more R routers with WPA default keys. Still have not been able to analyze too many of these keys, but it seems that also follows a pattern similar to WEP. In this case the default passwords are 8-digit key but without following of 0's, the XXXXXXXX type (eg "20109456"). This number seems to be the ID of the client, and it seems that this issue also occurs in most cases (so far all proven) 2, so the passwords we would reduce only the beginning in 2 (Style 2XXXXXXX). Also there have been cases of 10 digit WPA key, though still only 8 variables digits, but with two 0's below (although these are much less common). Al XXXXXXXX00 ("2010945600" eg) style. As with 8-digit key, only found cases of passwords that begin 2 to 2XXXXXXX00 style. A modest rate of 1000key/sec cracking, it would take about 28horas to check the complete dictionary of keys. If we test only the keys that begin with 2, it would take about 3 hours to check. This concludes the analysis and proceed to explain the application. R-WlanXDecrypter The program currently supports Unix and Windows platforms. Bring multiple additional options that will explain later, are a way to create custom dictionaries but need not know how to use these options to create the basic dictionaries. Basic Options -N <nbits>: Create the dictionary for key 64bit, 128bit, etc ... Although it also supports for larger 512bits key as I have never found one of R such. If you do not specify the parameter, the program gets a key of 128 bits default -H <sep>: a dictionary is created in hexadecimal format, it is not an alternative format to store the keys, but it is a different dictionary to one created without this option-h. The <sep> parameter is the character (decimal) separating the bytes expressed in hexadecimal format, if not specified default is: which is the most widely used for this function and the symbol using aircrack-ng Using only these options can create dictionaries for universal passwords creais R. If the dictionary for aircrack-ng is important to remember that dictionaries support over 2GB. By default, the program creates 8 digit key followed by 0's (and thus also include the 6-digit) -First we will create an ASCII dictionary for 128bit passwords, will occupy 1.40 GB: Code: R-WlanXDecrypter rwlan128.txt -Now create a password dictionary to Hexadecimal 64 bits, will occupy 1.48 GB: Code: R-WlanXDecrypter rwlan64hex.txt 64-h-n -With the two dictionaries should be sufficient for most routers R. Even so we can always generate hexadecimal passwords dictionary for 128bits. This dictionary would occupy 3.72 GB: Code: R-WlanXDecrypter rwlan128hex.txt-h If we create the dictionary for aircrack-ng to remember that dictionaries can not handle more than 2GB, so we have to split this into two dictionary (for example, two dictionaries of 1.86 GB each): Code: WlanXDecrypter rwlan128hex1.txt-R-h-max 49999999 WlanXDecrypter rwlan128hex2.txt-R-h-min 50000000 -Also we can create a dictionary for ASCII key 64bit, although I never saw any of this in the dictionary R occupies only 683KB: Code: R-64-n WlanXDecrypter rwlan64.txt It is assumed that these dictionaries are all keys that can contain a router R, but note that there may keys longer than 128 bits, although I have never seen any so far. Advanced Options: -C <nchar>: By default dictionary words vary 8 digits and then filled with 0's horn complete the key length. You can use this option if you want to specify a different number of digits variables -Cm <decchar>: Default keys are filled with 0's. With this parameter we can specify another symbol (specify the decimal character code) <num>-Min: With this option you can define the start of dictionary specifying the minimum. Specifies the minimum value excluding the filler (that is, only counting the number formed by the variable bytes) <num>-Max: With this option you can define the end of the dictionary specifying the maximum value. The maximum value excluding filler (ie, counting only the number formed by the variable bytes) specifies -R: If you specify this option dictionary words are separated by LF byte (char 10). By default they are separated by two bytes: CR + LF (char 13) (char 10). Most programs recognize both formats. With this option, we saved 1 byte for each word. -M <nBytes>: same as-n ago (hence does not support that option) but this option can manually set the number of bytes of the key. When speaking of passwords 128bit say, 24 of these are used for IV, so the key is really just (128-24) / 8 = 13 bytes.-n is equivalent to 64-m 5-n 128 a-m 13, etc ... -Q: do not show the status of the process of creating the dictionary With the defaults generated dictionaries are of great size and with many words, and it can take a long time to check them all depending on the equipment. With these advanced options you can define more custom dictionaries. Several useful examples: -As we have said, sometimes the keys are just 6 numbers followed by 0's, then we will create the above dictionaries (except 64bit ASCII since it is pointless to reduce it) but for 6 variables bytes instead of 8. The dictionaries created only occupy 67.7 MB 3 together. This way we can do a quick check with the aircrack-ng for key variables with 6 numbers before using large dictionaries: Code: R-WlanXDecrypter rwlan128 c6.txt-c-6 Code: R-WlanXDecrypter rwlan64hex-c6.txt-h-n 64-c 6 Code: R-WlanXDecrypter c6.txt rwlan128hex-c-h-6 'I named many of the default passwords of R usually start 2. Using max-min and-only dictionaries can define that range (starting with 2). 3 dictionaries that are creating (128bit ascii, hex 64bit and 128bit hex) occupy the tenth of each: Code: R-WlanXDecrypter rwlan128-start2.txt-min-max 20000000 29999999 Code: R-WlanXDecrypter start2.txt rwlan64hex-n-h-64-min-max 20000000 29999999 Code: R-WlanXDecrypter rwlan128hex-start2.txt-h-min-max 20000000 29999999 Case WPA: -We can use the program with options to create a dictionary views for key WPA. In this case we have to indicate that you create a dictionary of 8 digits, all variables. The dictionary will have 100,000,000 keys and take 953.67MB: Code: R-WlanXDecrypter rwlanwpa.txt-m 8 -If we want to reduce the search time, we can create a dictionary that contains only keys that begin with 2 keys The dictionary has 10,000,000 and occupies 95.37MB.: Code: R-WlanXDecrypter rwlanwpa start2.txt-m-8-min-max 20000000 29999999 Most WPA keys of R are 8 figures, but also have detected some cases key variables 10 digits 8 digits followed by two 0's. To create this dictionary would be as follows: -The complete dictionary to 10 digit WPA key and occupies 100,000,000 has 1144.41MB: Code: R-WlanXDecrypter rwlanwpa10.txt-m 10 -If you only want to reduce the search time, we can test the keys that begin with 2. 10,000,000 This dictionary has keys and occupies 114.44MB. Code: R-WlanXDecrypter rwlanwpa10-start2.txt-m 10-min-max 20000000 29999999 So far all the networks analyzed starting with the number 2. Therefore it is recommended to start with dictionaries recojen only keys starting with 2 and use the general dictionaries figures 8 and 10 only if they do not work. Discharge Includes compiled versions for Linux and Windows and source code. Current-version (0.9): -Mirror 1: http://www.fileden.com/files/2006/9/18/225525/R-WlanXDecrypter0.9.zip -Mirror 2: http://www.megaupload.com/?d=2FMY7HWR -Mirror 3: http://www.multiupload.nl/5GMLPSPSYF Old-versions (0.8): -Mirror 1: http://www.fileden.com/files/2006/9/18/225525/R-WlanXDecrypter0.8.rar -Mirror 2: http://www.megaupload.com/?d=8BF9OA1S -Mirror 3: http://www.multiupload.nl/BG5OKMXCQA Changelog v0.8 [06/10/2010] ----------------- + First public release v0.9 [11/10/2010] ----------------- + Show final file size and number of keys + Show status of the process + Added-q quiet mode + Fixed bug in the-min and-max + Small loop optimization key generator + Correction of small general failures Known Bugs To over-2GB dictionary process status shows incorrect values ​​(eg negative numbers) from having processed 2GB (although the process is successful). Also remember that aircrack-ng dictionary recognizes no larger than 2GB. Appendix: Using Hexadecimal dictionaries in aircrack-ng To define one aircrack-ng dictionary hexadeximal must specify h: before the path dictionary and must always specify the length of the WEP keys in the dictionary we are using: Code: aircrak-ng-n 128-wh, "rwlan1281hex.txt" captura.cap Code: aircrak-ng-n 64-wh "rwlan64hex.txt" captura.cap Yet in the current version of aircrack-ng 1.1, there are several bugs and difficulties impeding the proper functioning of the hexadecimal dictionaries. I created a post about it here that explains in detail how to solve this problem.

Tweet