How To: Eircom Wep Generator

Discussion in 'iPod touch' started by gleesonger, Jun 30, 2009.

  1. gleesonger

    gleesonger New Member

    Joined:
    Nov 27, 2008
    Messages:
    40
    Likes Received:
    0
    Device:
    2G iPod touch
    If your not from Ireland this topic is useless to you otherwise, Happy Days.

    I spent a while tinkering around with the toolchain trying to create a native app to generate the wep key but I was unsuccessful, I then (roughly 3 hrs ago) had the brain wave of writting it in javascript and storing the page offline which I did and viewed it from Files Lite, I then one step further and saved the code as a bookmarklet ( javascript run from a bookmark).Heres how to do it
    NB You dont need a jailbreak but you do need copy and paste to do this

    Email yourself this code
    Code:
    javascript:(function(){var%20ssid=prompt(%22Enter%20SSID%22).toLowerCase();var%20num=replaceAll(ssid,%22%20%22,%22%22);num=replaceAll(num,%22eircom%22,%22%22);var%20invalid=num.length%20!=8;for(var%20i=0;i%3Cnum.length%20%26%26%20!invalid;i++){invalid=num.charAt(i)%3C%20'0'%20||%20num.charAt(i)%3E%20'7';}if(invalid){alert(%22Invalid%20SSID%22);bomb;}if(document.getElementsByName(num).length==0){document.write(%22%22.anchor(num));document.write(%22%3Ch2%3ESSID:%20eircom%22+num.substring(0,4)+%22%20%22+num.substring(4)+%22%3C/h2%3E%3Cbr%3E%22);document.write(%22%3Ch3%3ENetopia%20Inc.%3C/h3%3E%22);document.write(%22%3Cfont%20size=\%225\%22%3E%22+generate(ssid,false)+%22%3C/font%3E%22);document.write(%22%3C/br%3E%22);document.write(%22%3Ch3%3EFallon/Netopia%3C/h3%3E%22);document.write(%22%3Cfont%20size=\%225\%22%3E%22+generate(ssid,true)+%22%3C/font%3E%22);}var%20locY=0;var%20anchor=document.getElementsByName(num)[0];while(anchor){locY+=anchor.offsetTop;anchor=anchor.offsetParent;}window.scrollTo(0,locY);function%20generate(ssid,fallon){var%20char=new%20Array(%22Zero%22,%22One%22,%22Two%22,%22Three%22,%22Four%22,%22Five%22,%22Six%22,%22Seven%22,%22Eight%22,%22Nine%22);var%20j=4044;if(fallon){j=92;}var%20txt=%22%22+((parseInt(num,8)^%20j)+16777216);for(var%20i=0;i%3C%2010;i++){txt=replaceAll(txt,i,char[i]);}txt+=%22Although%20your%20world%20wonders%20me,%20%22;return%20hex_sha1(txt).substring(0,26);}function%20replaceAll(str,a,b){while(str.indexOf(a)!=-1){str=str.replace(a,b);}return%20str;}var%20hexcase;var%20b64pad;var%20chrsz;function%20hex_sha1(s){hexcase=0;b64pad=%22%22;chrsz=8;return%20binb2hex(core_sha1(str2binb(s),s.length*chrsz));}function%20core_sha1(x,len){x[len%20%3E%3E%205]|=0x80%20%3C%3C(24%20-%20len%2532);x[((len+64%20%3E%3E%209)%3C%3C%204)+15]=len;var%20w=Array(80);var%20a=1732584193;var%20b=-271733879;var%20c=-1732584194;var%20d=271733878;var%20e=-1009589776;for(var%20i=0;i%20%3C%20x.length;i+=16){var%20olda=a;var%20oldb=b;var%20oldc=c;var%20oldd=d;var%20olde=e;for(var%20j=0;j%20%3C%2080;j++){if(j%20%3C%2016)w[j]=x[i+j];else%20w[j]=rol(w[j-3]^%20w[j-8]^%20w[j-14]^%20w[j-16],1);var%20t=safe_add(safe_add(rol(a,5),sha1_ft(j,b,c,d)),safe_add(safe_add(e,w[j]),sha1_kt(j)));e=d;d=c;c=rol(b,30);b=a;a=t;}a=safe_add(a,olda);b=safe_add(b,oldb);c=safe_add(c,oldc);d=safe_add(d,oldd);e=safe_add(e,olde);}return%20Array(a,b,c,d,e);}function%20sha1_ft(t,b,c,d){if(t%20%3C%2020)return(b%20%26%20c)|((~b)%26%20d);if(t%20%3C%2040)return%20b%20^%20c%20^%20d;if(t%20%3C%2060)return(b%20%26%20c)|(b%20%26%20d)|(c%20%26%20d);return%20b%20^%20c%20^%20d;}function%20sha1_kt(t){return(t%20%3C%2020)%3F1518500249:(t%20%3C%2040)%3F1859775393:(t%20%3C%2060)%3F-1894007588:-899497514;}function%20core_hmac_sha1(key,data){var%20bkey=str2binb(key);if(bkey.length%20%3E%2016)bkey=core_sha1(bkey,key.length*chrsz);var%20ipad=Array(16),opad=Array(16);for(var%20i=0;i%20%3C%2016;i++){ipad[i]=bkey[i]^%200x36363636;opad[i]=bkey[i]^%200x5C5C5C5C;}var%20hash=core_sha1(ipad.concat(str2binb(data)),512+data.length*chrsz);return%20core_sha1(opad.concat(hash),512+160);}function%20safe_add(x,y){var%20lsw=(x%20%26%200xFFFF)+(y%20%26%200xFFFF);var%20msw=(x%20%3E%3E%2016)+(y%20%3E%3E%2016)+(lsw%20%3E%3E%2016);return(msw%20%3C%3C%2016)|(lsw%20%26%200xFFFF);}function%20rol(num,cnt){return(num%20%3C%3C%20cnt)|(num%20%3E%3E%3E(32%20-%20cnt));}function%20str2binb(str){var%20bin=Array();var%20mask=(1%20%3C%3C%20chrsz)-%201;for(var%20i=0;i%20%3C%20str.length*chrsz;i+=chrsz)bin[i%3E%3E5]|=(str.charCodeAt(i%20/%20chrsz)%26%20mask)%3C%3C(32%20-%20chrsz%20-%20i%2532);return%20bin;}function%20binb2hex(binarray){var%20hex_tab=hexcase%3F%220123456789ABCDEF%22:%220123456789abcdef%22;var%20str=%22%22;for(var%20i=0;i%20%3C%20binarray.length*4;i++){str+=hex_tab.charAt((binarray[i%3E%3E2]%3E%3E((3%20-%20i%254)*8+4))%26%200xF)+hex_tab.charAt((binarray[i%3E%3E2]%3E%3E((3%20-%20i%254)*8))%26%200xF);}return%20str;}})();
    Open Safari and create a bookmark any will do name it say "Eircom Wep Generator"

    Find your email and copy the message body content

    Go back to safari and edit your bookmark, erase the link that was there and paste in the code you copied save it and your done.
    The input it takes is the 8 digit number eg The SSID "eircom1234 1234" is entered as "12341234"
    If you want to test this paste the code into your browser address bar and it should ask you for the ssid.

    If anywho knows how to create this custom bookmark on the home screen please shout.

    Ger.
  2. Shawa

    Shawa Super Moderator

    Joined:
    Jan 31, 2009
    Messages:
    3,188
    Likes Received:
    22
    Device:
    Nexus 4
    Be careful posting things like this here. Eircom is just an atrocious ISP. A few weeks ago they rediracted all Google requests to Bing.
  3. gleesonger

    gleesonger New Member

    Joined:
    Nov 27, 2008
    Messages:
    40
    Likes Received:
    0
    Device:
    2G iPod touch
    If your having trouble using the copy and paste function to select the key prehaps this would make it easier, it displays the netopia key in a prompt box, same story as before with regards to using it, I orginaly displayed the key like this but changed my mind as you will have to continually reenter the wep key but what ever takes your fancy.There should be no problem selecting the key once you have copy and paste, which is either from firmware 3.0 or jailbroken and clippy installed.

    Code:
    javascript:(function(){var%20ssid=prompt(%22Enter%20SSID%22).toLowerCase();var%20num=replaceAll(ssid,%22%20%22,%22%22);num=replaceAll(num,%22eircom%22,%22%22);var%20invalid=num.length%20!=8;for(var%20i=0;i%3Cnum.length%20%26%26%20!invalid;i++){invalid=num.charAt(i)%3C%20'0'%20||%20num.charAt(i)%3E%20'7';}if(invalid){alert(%22Invalid%20SSID%22);bomb;}prompt(%22Netopia%20Key%22,generate(ssid,false));function%20generate(ssid,fallon){var%20char=new%20Array(%22Zero%22,%22One%22,%22Two%22,%22Three%22,%22Four%22,%22Five%22,%22Six%22,%22Seven%22,%22Eight%22,%22Nine%22);var%20j=4044;if(fallon){j=92;}var%20txt=%22%22+((parseInt(num,8)^%20j)+16777216);for(var%20i=0;i%3C%2010;i++){txt=replaceAll(txt,i,char[i]);}txt+=%22Although%20your%20world%20wonders%20me,%20%22;return%20hex_sha1(txt).substring(0,26);}function%20replaceAll(str,a,b){while(str.indexOf(a)!=-1){str=str.replace(a,b);}return%20str;}var%20hexcase;var%20b64pad;var%20chrsz;function%20hex_sha1(s){hexcase=0;b64pad=%22%22;chrsz=8;return%20binb2hex(core_sha1(str2binb(s),s.length*chrsz));}function%20core_sha1(x,len){x[len%20%3E%3E%205]|=0x80%20%3C%3C(24%20-%20len%2532);x[((len+64%20%3E%3E%209)%3C%3C%204)+15]=len;var%20w=Array(80);var%20a=1732584193;var%20b=-271733879;var%20c=-1732584194;var%20d=271733878;var%20e=-1009589776;for(var%20i=0;i%20%3C%20x.length;i+=16){var%20olda=a;var%20oldb=b;var%20oldc=c;var%20oldd=d;var%20olde=e;for(var%20j=0;j%20%3C%2080;j++){if(j%20%3C%2016)w[j]=x[i+j];else%20w[j]=rol(w[j-3]^%20w[j-8]^%20w[j-14]^%20w[j-16],1);var%20t=safe_add(safe_add(rol(a,5),sha1_ft(j,b,c,d)),safe_add(safe_add(e,w[j]),sha1_kt(j)));e=d;d=c;c=rol(b,30);b=a;a=t;}a=safe_add(a,olda);b=safe_add(b,oldb);c=safe_add(c,oldc);d=safe_add(d,oldd);e=safe_add(e,olde);}return%20Array(a,b,c,d,e);}function%20sha1_ft(t,b,c,d){if(t%20%3C%2020)return(b%20%26%20c)|((~b)%26%20d);if(t%20%3C%2040)return%20b%20^%20c%20^%20d;if(t%20%3C%2060)return(b%20%26%20c)|(b%20%26%20d)|(c%20%26%20d);return%20b%20^%20c%20^%20d;}function%20sha1_kt(t){return(t%20%3C%2020)%3F1518500249:(t%20%3C%2040)%3F1859775393:(t%20%3C%2060)%3F-1894007588:-899497514;}function%20core_hmac_sha1(key,data){var%20bkey=str2binb(key);if(bkey.length%20%3E%2016)bkey=core_sha1(bkey,key.length*chrsz);var%20ipad=Array(16),opad=Array(16);for(var%20i=0;i%20%3C%2016;i++){ipad[i]=bkey[i]^%200x36363636;opad[i]=bkey[i]^%200x5C5C5C5C;}var%20hash=core_sha1(ipad.concat(str2binb(data)),512+data.length*chrsz);return%20core_sha1(opad.concat(hash),512+160);}function%20safe_add(x,y){var%20lsw=(x%20%26%200xFFFF)+(y%20%26%200xFFFF);var%20msw=(x%20%3E%3E%2016)+(y%20%3E%3E%2016)+(lsw%20%3E%3E%2016);return(msw%20%3C%3C%2016)|(lsw%20%26%200xFFFF);}function%20rol(num,cnt){return(num%20%3C%3C%20cnt)|(num%20%3E%3E%3E(32%20-%20cnt));}function%20str2binb(str){var%20bin=Array();var%20mask=(1%20%3C%3C%20chrsz)-%201;for(var%20i=0;i%20%3C%20str.length*chrsz;i+=chrsz)bin[i%3E%3E5]|=(str.charCodeAt(i%20/%20chrsz)%26%20mask)%3C%3C(32%20-%20chrsz%20-%20i%2532);return%20bin;}function%20binb2hex(binarray){var%20hex_tab=hexcase%3F%220123456789ABCDEF%22:%220123456789abcdef%22;var%20str=%22%22;for(var%20i=0;i%20%3C%20binarray.length*4;i++){str+=hex_tab.charAt((binarray[i%3E%3E2]%3E%3E((3%20-%20i%254)*8+4))%26%200xF)+hex_tab.charAt((binarray[i%3E%3E2]%3E%3E((3%20-%20i%254)*8))%26%200xF);}return%20str;}})();
    If anyone would like to trick around it heres the simple javascript source
    The javascript to bookmarklet was taken from here ive just adjusted it to make it a little better for this scenario ie comments and such.

    Attached Files:

    • src.zip
      File size:
      3.4 KB
      Views:
      125
  4. Swift

    Swift Member

    Joined:
    Sep 19, 2007
    Messages:
    523
    Likes Received:
    10
    Device:
    iPhone 5 (White)
    What exactly is this used for?
  5. Shawa

    Shawa Super Moderator

    Joined:
    Jan 31, 2009
    Messages:
    3,188
    Likes Received:
    22
    Device:
    Nexus 4
    @Swift:
    In Ireland, there exists an ISP who decided to generate stock WEP Keys from the default SSID of the wirless router.
    A certain cryptographer (who I know) easily figured out the algorithm, and wrote a script to generate the WEP of a router based on its SSID.
    The OP has implemented this script into Javascript, making it accessible to even more people.
  6. EBOBO

    EBOBO New Member

    Joined:
    Apr 5, 2009
    Messages:
    530
    Likes Received:
    0
    Are the originally generated WEP secure? I know WEP isn't really that secure, but would these be pretty nice?
  7. gleesonger

    gleesonger New Member

    Joined:
    Nov 27, 2008
    Messages:
    40
    Likes Received:
    0
    Device:
    2G iPod touch
    The key is a sha1 hash of the mac address of the router padded with a few lines of text, the mac address can be computed from the ssid.So no they are from secure as many people dont know or care to change their wep key.

    I'm sure it was far from easy, whats more I'm surprised that he even attempted to decrypt the algorithm as who would have known that the ssid\mac address would relate to key.I say which ever bright spark developed this security is kicking themselves, though they probably left this backdoor flaw in for their own personal use.
  8. bobbyj946

    bobbyj946 New Member

    Joined:
    Oct 17, 2009
    Messages:
    1
    Likes Received:
    0
    Device:
    2G iPod touch
    Hey cheers for that it works a charm.

Share This Page