0
im kinda stuck here i have an embedded system i was given from a friend that connects to a wifi network to configure it unfortunately he cant remember the WEP key that was used to connect it. is there a way to recover the key from the client (WITHOUT AP) and there is no reset switch on it either. i have some basic linux knowledge so i could use something like Kali to do this.
thanks Sam
Sam Jones Martin
Posted 2017-09-24T13:27:08.067
Reputation: 1
0
Partial answer:
This page says the VIX TP5000 ticket processer has an RS422 interface option, which uses a 6V differential signal. So first thing I'd do is to get an RS422 USB dongle for 20 EUR or so, and have a look.
Next thing I'd do is to put it in a room with some access point with random SSID, and sniff traffic on a third computer with airomon from aircrack-ng and/or with wireshark once you found a channel, to see if that gives any clues.
Edit
As it scans for an AP with SSID ERG, do the following:
Use hostapd to set up an unencrypted AP, see if it connects (i.e., associates and authenticates, use hostapd_cli). If yes, you have won.
Otherwise, set up a WEP-encrypted AP, sniff traffic and see if you can't use this to crack the WEP password.
Once it connects, run wireshark on the AP network interface. If you see a DHCP request, run a DHCP server. If you don't see any, maybe it already has a static IP address. Try a broadcast ping (ping -b -I 255.255.255.255), if necessary scan the whole IPv4 address range with ping.
dirkt
Posted 2017-09-24T13:27:08.067
Reputation: 11 627
thanks for that ordering one later today and the 'airomon' says its probing for a WiFi network called ERG. I have run 'airbase-ng' and im being told its shared authentication with 140 bytes key stream. when the RS422 interface arrives ill see what that uncovers. – Sam Jones Martin – 2017-09-24T16:36:22.657
So setup an AP with SSID ERG, and see what happens ... – dirkt – 2017-09-24T17:00:43.843
tried that on a old ap i had laying around it didn't seem to connect to it and it didn't get an ip address either. 'airbase-ng' allows it to connect but still the device does not get an ip if i bridge the 'wlan0' interface to 'eth0' interface. (other devices get IP's from DHCP with the airbase-ng method) – Sam Jones Martin – 2017-09-24T23:15:24.210
1Difficult to answer without any details, like exact model of the embedded system, whether it has a serial console or not, whether it has LAN or not, ... While WEP is crackable e.g. with
aircrack-ng(WITH an AP so you can sniff traffic), there are very likely easier ways to get in. – dirkt – 2017-09-24T13:31:29.690hi its a VIX TP5000 it runs some version of linux on powerPC arch there is no Ethernet and there is something that looks like serial but with 6v on one pin and 0 on another and the last is common to system ground. I have though about using aircrack but id need to find a willing host to let me have a go with there system – Sam Jones Martin – 2017-09-24T13:52:50.417