Skip to content
WPA2 passphrase recovery tool for UPC%07d devices
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
upc_keys.c WPA2 passphrase recovery tool for UPC%07d devices with automatic WIFI scanning and passphrase validation.

What is this?

A while ago some smart university people figured out that untouched WIFI access points by UPC routers are vulnerable to passphrase cracking based on their SSID. upc_keys.c was quickly coded as POC by bl4sty. I took the time to 'weaponize' it with this little script.

Built exclusively for network-manager

This script uses on Linux network-manager to scan for SSIDs starting with UPCxxxxxxx and validates the keys generated by upc_keys.c. network-manager is present on Debian based systems and used to control WIFI connections, among other things.


  • Coded as an excuse to get into Python bindings for C, the mileage you'll get out of this script may vary.
  • The quality of the code will upset any decent Python programmer.
  • There is RCE in the SSID parsing. Tread carefully! :-D


Your favourite Linux distro with network-manager and setuptools installed or just OS X. We've tested it on: Ubuntu 14.04, Debian 8, Lubuntu 15.04 and it will probably also work on Kali.

How to install


~$ sudo apt-get install libssl-dev
~$ sudo apt-get install python2.7-dev
~$ sudo apt-get install python-setuptools
~$ git clone <this repo>
~$ sudo python develop


~$ brew install python
~$ brew install openssl
~$ git clone <this repo>
~$ sudo python develop

How to use

~$ sudo crack-upc -i wlan0 
~$ sudo crack-upc -s UPC1234567
  • --help for more info
You can’t perform that action at this time.