exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

TRENDnet WPA Default Key Brute Forcing

TRENDnet WPA Default Key Brute Forcing
Posted Aug 6, 2015
Authored by kcdtv

TRENDnet WPA default keys are constructed insecurely making cracking achievable. In this advisory are links to useful dictionaries for cracking various models affected.

tags | advisory
SHA-256 | 14ea0ec60c2c7c9acb67d3c3f6ab17ec493e3b5ec2c93221dd1cec83e86c45d0

TRENDnet WPA Default Key Brute Forcing

Change Mirror Download
         TRENDnet WPA Disclosure (with dictionaries for brute force attack)

author : kcdtv
website(s): www.wifi-libre.com
www.crack-wifi.com

TIMELINE

Fully disclosed the 5th of august 2015 :
-
https://www.wifi-libre.com/topic-199-fulldisclosure-wpa-trendnet.html
(full disclosure - in spanish)
-
https://www.wifi-libre.com/topic-200-diccionarios-para-routers-trendnet.html
(attack dictionary)


DESCRIPTION of the BREACH

The WPA default key of TRENDnet access points are 11 digits long (8 in
one case)
The three first digits are the number used in the model name
The rest (8 last digits) is the end of the serial number of the device
where two digits are always known
That means that in a TRENDnet default WPA passphrase we have 5 known
digits and 6 unknown digits (2 knwon digits and 6 unknown digits when
key is 8 digits long)
This 6 unknown digits are numbers.
So we have 10⁶ possibles passphrase.
A brute force attack against an handshake can be easily done with any
kind of hardware in a few minutes (a few seconds with a good video card
and hashcat/pyrit)

MODELS AFFECTED

This list is not exhaustive; all TRENDnet routers seem to be affected by
this breach :

- TEW-828DRU (ac 3200)
- TEW-823DRU (ac 1750)
- TEW-820DAP
- TEW-818DRU (ac 1900)
- TEW-815DAP (ac 1750)
- TEW-813DRU (ac 1200)
- TEW-812DRU (ac 1750)
- TEW-811DRU (ac 1200)
- TEW-753DAP (n 600)
- TEW-752DRU (n 600)
- TEW-751DR (n 600)
- TEW-750DAP (n 600)
- TEW-735AP (n 300)
- TEW-733GR (n 300)
- TEW-732BR (n 300)
...to be continued...

DETAILS ABOUT THE WPA KEY STRUCTURE + DICTIONARY FOR ATTACK

The "X" are the 6 numbers that have to be brute-forced to recover the
default WPA passphrase

TEW-828DRU (ac 3200)
passphrase structure : 828XGRXXXXX
dictionary can be downloaded at
https://drive.google.com/open?id=0B4KnE5P5kRPoc001cnJ3dHp3a3c

TEW-823DRU (ac 1750)
passphrase structure : 823X23XXXXX
dictionary can be downloaded at
https://drive.google.com/open?id=0B4KnE5P5kRPoSm1aa1laNU94OW8

TEW-820DAP
passphrase structure : 820X20XXXXX
dictionary can be downloaded at
https://drive.google.com/open?id=0B4KnE5P5kRPocWlkRVY0eG1TS2s

TEW-818DRU (ac 1900)
passphrase structure : 818XGRXXXXX
dictionary can be downloaded at
https://drive.google.com/open?id=0B4KnE5P5kRPoLV9wRW1TNkRZR00

TEW-815DAP (ac 1750)
passphrase structure : 815XACXXXXX
dictionary can be downloaded at
https://drive.google.com/open?id=0B4KnE5P5kRPoLU5sUGNOZkxUNEE

TEW-813DRU (ac 1200)
passphrase structure : GXXXRXXX
dictionary can be downloaded at
https://drive.google.com/open?id=0B4KnE5P5kRPoNkhsVVlTRUdLMms

TEW-812DRU (ac 1750)
passphrase structure : 812XRDXXXXX
dictionary can be downloaded at
https://drive.google.com/open?id=0B4KnE5P5kRPocmpsLXgyYmV5VVk

TEW-811DRU (ac 1200)
passphrase structure : 811XREXXXXX
dictionary can be downloaded at
https://drive.google.com/open?id=0B4KnE5P5kRPoRzEtTFlTRzY3ZDA

TEW-753DAP (n 600)
passphrase structure : 753X7DXXXXX
dictionary can be downloaded at
https://drive.google.com/open?id=0B4KnE5P5kRPoMVc4S0JSYkZnRHc

TEW-752DRU (n 600)
passphrase structure : 752RDXXXXXX
dictionary can be downloaded at
https://drive.google.com/open?id=0B4KnE5P5kRPoV2lwb0xOX1o1M1U

TEW-751DR (n 600)
passphrase structure : 751RDXXXXXX
dictionary can be downloaded at
https://drive.google.com/open?id=0B4KnE5P5kRPoNlVTOFpFV0labFE

TEW-750DAP (n 600)
passphrase structure : 750RDXXXXXX
dictionary can be downloaded at
https://drive.google.com/open?id=0B4KnE5P5kRPoc0tJZC1sb1FfUnc

TEW-735AP (n 300)
passphrase structure : 735X7AXXXXX
dictionary can be downloaded at
https://drive.google.com/open?id=0B4KnE5P5kRPodl9GSnAta2pFVlU

TEW-733GR (n 300)
passphrase structure : 733RNXXXXXX
dictionary can be downloaded at
https://drive.google.com/open?id=0B4KnE5P5kRPoT3BWRmNBQ2JERGM

TEW-732BR (n 300)
passphrase structure : 732X32XXXXX
dictionary can be downloaded at
https://drive.google.com/open?id=0B4KnE5P5kRPoNEVrbTBzWXFhV0k

The dictionaries are about 10 MB each once they are unzipped.
All links are direct.
Enjoy! :)

SEVERITY OF THE BREACH

With the WPA keys an intruder can access the network and also decrypt
sniffed traffic
He could also perform much more intrusive action such as a Transparent
rogue AP with a MITM

RECOMMENDATION

- Users have to change the default WPA key by a stronger one.
- Manufacturers should never base their wpa key generation on an
element "externally guessable" (such as bssid, model, serial, essid
etc..) and they should always use at some point an irreversible hash
function in their algorithm.
Login or Register to add favorites

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close