Closed m-flak closed 5 years ago
m-flak
commented
6 years ago THE ARRIS boxes' 5GHz AP do not work with 5GHz password == 2.4GHz.
TECHNICOLOR boxes have no issue.
Anyway, I disclosed this to abuse@rr.com in December 2017; and still, I encounter basically free internet in the DFW metroplex.
Implement it, dawg....
RealEnder
commented
6 years ago m-flak
commented
6 years ago Huh, I figured it out with only two password samples. I'm giving you the passwords because they might as well be the ESSID.
TG1672G3AC222, this was my former modem. I ensured my family acquired a real modem, with a mentally sourced password. TC8715D737AD1, these are SUPER COMMON, as in TC8715D{xx:xx}AA.
Now, ESSID for these former guys has been changed to MySpectrumWifi-cce8 / MySpectrumWifie8
AT&T is now using ARRIS lel
This was over in Ft Worth...
RealEnder
commented
6 years ago MySpectrumWiFixx-[2G|5G] is using netgear algo, eg. adj + noun + [3 base10 digits] Still haven't seen MySpectrumWifi-cce8 / MySpectrumWifie8
m-flak
commented
5 years ago DG1670A's also use the default netgear formulas, Example MAC: 14:cf:e2:c0:14:70
But for the my spectrums: https://github.com/m-flak/Netgear-Password-Constructinator
For these WiFi AP/Cable modems, here is default algorithm, PoC of course linked at bottom.
First Seven of ESSID, bytes 4 & 5 of BSSID in all caps (entire ap password is caps), Last Two of the ESSID. These are all concatenated to form the factory default password for Wireless 2.4&5G access.
https://drive.google.com/file/d/1mfl8Mz0fI5CgLu574wXBdp8CxyO7uGdi/view?usp=drivesdk