crack thomson speedtouch wpa keys with your android phone
You can use your android for domotics that's a lot of fun and impressive. But here is another way to impress your friends with your phone. There's a scripting environment available for the Android and that makes it possible to run python, which in turn makes it possible to run the python version of stkeys.
stkeys
stkeys is a little tool demonstrating a weakness in the thomson speedtouch wifi router default wpa key. The default wep/wpa key is generated by an algorithm which is based on the serial number and so is the default SSID. The algorithm was cracked a long time ago and is a nice demonstration of what you shouldn't rely on for security. This is a very dangerous situation as wrongfully thinking you are safe is even worse then running an open network.
Read more about this on gnucitizen.org
I remembered someone posted a python version of this tool in the comments on that article, this script runs on android without modification. I modified it a bit for convenience so it scans for networks and uses a GUI for easy usage.
Android scripting environment
To do this you need the android scripting environment, which you can install from here
Or scan this barcode with your android:
After you've installed the scripting environment start it in apps, (it's called ase)
Press menu, then view, then Interpreters, then menu again, then add and in this menu you can select the python interpreter.
When the interpreter is installed you can run python scripts (great!) you can even edit and write them on the phone with the build in editor.
The Script
Download the modified python script here
Connect the phone to your pc with the usb cable, and save the script on your sd card in the directory /ase/scripts
Next time you run the ase on your phone the script is available.
execute it.
select the speedtouch SSID (if there is any)
watch it running
within minutes you get 1 or 2 possible ssid keys. If you get 2 you just have to try them both.
Select the key and use the button to paste it to the android clipboard.
Disclaimer
This is obviously something you should only try on routers you own yourself or where you have permission to do this. The process is undetectable as long as you don't connect to the router. In most circumstances it's obviously illegal to decrypt network traffic without permission. Use this to convince people of changing the WEP/WPA key in routers where it's factory default, generated keys are not safe.
A great tool
This Scripting environment on the android is really cool, I did most of the (very rough) modifications I did on this script on the phone itself in just a few minutes.
Lineaire weergave
