Muy guenas a tod@s !!
WiFiReaver & upc_keys. WPA2 passphrase recovery tool for UPC%07d devices.
You'd think vendors would stop using weak algorithms that allow people to recover the credentials for a WiFi network based on purely the ESSID. Sadly, these days aren't over yet. We've seen some excellent recent research by Novella/Meijer/Verdult [1][2] lately which illustrates that these issues still exist in recent devices/firmwares. I set out to dig up one of these algorithms and came up with this little tool.
The attack is two-fold; in order to generate the single valid WPA2 phrase for a given network we need to know the serialnumber of the device.. which we don't have. Luckily there's a correlation between the ESSID and serial number as well, so we can generate a list of 'candidate' serial numbers (usually around ~20 or so) for a given ESSID and generate the corresponding WPA2 phrase for each serial. (This should take under a second on a reasonable system).
Use at your own risk and responsibility. Do not complain if it fails to recover some keys, there could very well be variations out there I am not aware of. Do not contact me for support.
blasty
UPDATE 20160108: I added support for 5GHz networks. Specifying network type is mandatory now. But as a bonus you get less candidates. :-)
Download upc_keys (jdownloader - mega)
The use of this product wireless analysis software should be a basic tool for professionals and individuals who are eager to know the security level of wireless facilities is strictly forbidden to use it to commit criminal acts of intrusion on wireless networks of which we do not own or do not have permissions to analyze their security.
Un saludo.
PD: Como siempre, en algo, habre metido la pata.