upc_keys.py

upc_keys.py copied to clipboard

upc_keys.py

upc_keys.py WPA2 passphrase recovery tool for UPC%07d devices with automatic WIFI scanning and passphrase validation.

What is this?

A while ago some smart university people figured out that untouched WIFI access points by UPC routers are vulnerable to passphrase cracking based on their SSID. upc_keys.c was quickly coded as POC by bl4sty. I took the time to 'weaponize' it with this little script.

Built exclusively for network-manager

This script uses on Linux network-manager to scan for SSIDs starting with UPCxxxxxxx and validates the keys generated by upc_keys.c. network-manager is present on Debian based systems and used to control WIFI connections, among other things.

Disclaimer

• Coded as an excuse to get into Python bindings for C, the mileage you'll get out of this script may vary.
• The quality of the code will upset any decent Python programmer.
• There is RCE in the SSID parsing. Tread carefully! :-D

Requirements

Your favourite Linux distro with network-manager and setuptools installed or just OS X. We've tested it on: Ubuntu 14.04, Debian 8, Lubuntu 15.04 and it will probably also work on Kali.

How to install

Linux

~$ sudo apt-get install libssl-dev
~$ sudo apt-get install python2.7-dev
~$ sudo apt-get install python-setuptools
~$ git clone <this repo>
~$ sudo python setup.py develop

OS X

~$ brew install python
~$ brew install openssl
~$ git clone <this repo>
~$ sudo python setup.py develop

How to use

~$ sudo crack-upc -i wlan0 
or
~$ sudo crack-upc -s UPC1234567

• --help for more info