upc_keys.py WPA2 passphrase recovery tool for UPC%07d devices with automatic WIFI scanning and passphrase validation.
A while ago some smart university people figured out that untouched WIFI access points by UPC routers are vulnerable to passphrase cracking based on their SSID. upc_keys.c was quickly coded as POC by bl4sty. I took the time to 'weaponize' it with this little script.
This script uses network-manager to scan for SSIDs starting with UPCxxxxxxx and validates the keys generated by upc_keys.c. network-manager is present on Debian based systems and used to control WIFI connections, among other things.
- Coded as an excuse to get into Python bindings for C, the mileage you'll get out of this script may vary.
- The quality of the code will upset any decent Python programmer.
- There is RCE in the SSID parsing. Tread carefully! :-D
Your favourite Linux distro with network-manager and setuptools installed. We've tested it on: Ubuntu 14.04, Debian 8, Lubuntu 15.04 and it will probably also work on Kali.
~$ sudo apt-get install libssl-dev
~$ sudo apt-get install python2.7-dev
~$ sudo apt-get install python-setuptools
~$ git clone <this repo>
~$ sudo python setup.py develop
~$ sudo crack-upc -i wlan0
or
~$ sudo crack-upc -s UPC1234567
- --help for more info