Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Easybox #14

Open
redfave opened this issue Dec 6, 2014 · 4 comments
Open

Add support for Easybox #14

redfave opened this issue Dec 6, 2014 · 4 comments

Comments

@redfave
Copy link

redfave commented Dec 6, 2014

Hi
there is a new vulnerability in German Easybox routers from Vodafone, which makes it possible again to get the standard WPA password or WPS-PIN. Maybe you can implement the new algorithm: http://www.heise.de/newsticker/meldung/Akute-Sicherheitsluecke-in-Vodafone-Routern-ist-wieder-offen-2294798.html
@ruiaraujo
Copy link
Contributor

Do you know a place where is the vulnerability is actually published?

From what I understood, there is a new one which is a variation on the old
algorithm but I am unable to find details.

redfave [email protected] escreveu no dia Sat Dec 06 2014 at
11:24:10:

Hi
there is a new vulnerability in German Easybox routers from Vodafone,
which makes it possible to get the standard WPA password or WPS-PIN. Maybe
you can implement the new algorithm:
http://www.heise.de/newsticker/meldung/Akute-Sicherheitsluecke-in-Vodafone-Routern-ist-wieder-offen-2294798.html


Reply to this email directly or view it on GitHub
#14.

@redfave
Copy link
Author

redfave commented Dec 6, 2014

Yes, you understood right, it is only a variation of the previous method wich was patched by Vodofone. The new one is still unpatched. In order to gain security the router owner has to change the WPA password and the WPS PIN. If one of these is the standard value, he is still vulnerable. But unfortunately I'm also unable to find a working code or description of the algorithm. In the article there is something mentioned about a Proof-of-Concept tool by Vodafone, but I can't find it.

@ruiaraujo
Copy link
Contributor

If you do find it, write I have the one for the WPS.
I will close the issue by now.

@redfave
Copy link
Author

redfave commented Dec 9, 2014

As far as I understand, I found the guy who programmed an Android-App which can calculate the WPA-Keys. He seems to have a lot experience with Wifi-Cracking on the Android platform.
Link 1: http://forum.xda-developers.com/showpost.php?p=52420581&postcount=66
Link 2: https://www.wardriving-forum.de/forum/f275/easybox-von-vodafone-70651-8.html#post345157
He took his App offline due to risks of abuse, since the vulnerability is still unpatched, but there is a leak of a beta version of his app.
App: http://www48.zippyshare.com/v/71838222/file.html
It's up to you, if you want to try to contact him for futher information, disassembling the App or just doing nothing.

Have a nice day

@ruiaraujo ruiaraujo reopened this Dec 17, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ruiaraujo @redfave