upc_keys.py WPA2 passphrase recovery tool for UPC%07d devices with automatic WIFI scanning and passphrase validation.
What is this?
A while ago some smart university people figured out that untouched WIFI access points by UPC routers are vulnerable to passphrase cracking based on their SSID. upc_keys.c was quickly coded as POC by bl4sty. I took the time to 'weaponize' it with this little script.
Built exclusively for network-manager
This script uses on Linux
network-manager to scan for SSIDs starting with UPCxxxxxxx and validates the keys generated by upc_keys.c.
network-manager is present on Debian based systems and used to control WIFI connections, among other things.
- Coded as an excuse to get into Python bindings for C, the mileage you'll get out of this script may vary.
- The quality of the code will upset any decent Python programmer.
- There is RCE in the SSID parsing. Tread carefully! :-D
Your favourite Linux distro with
network-manager and setuptools installed or just OS X. We've tested it on: Ubuntu 14.04, Debian 8, Lubuntu 15.04 and it will probably also work on Kali.
How to install
~$ sudo apt-get install libssl-dev ~$ sudo apt-get install python2.7-dev ~$ sudo apt-get install python-setuptools ~$ git clone <this repo> ~$ sudo python setup.py develop
~$ brew install python ~$ brew install openssl ~$ git clone <this repo> ~$ sudo python setup.py develop
How to use
~$ sudo crack-upc -i wlan0 or ~$ sudo crack-upc -s UPC1234567
- --help for more info