TRENDnet WPA Disclosure (with dictionaries for brute force attack) author : kcdtv website(s): www.wifi-libre.com www.crack-wifi.com TIMELINE Fully disclosed the 5th of august 2015 : - https://www.wifi-libre.com/topic-199-fulldisclosure-wpa-trendnet.html (full disclosure - in spanish) - https://www.wifi-libre.com/topic-200-diccionarios-para-routers-trendnet.html (attack dictionary) DESCRIPTION of the BREACH The WPA default key of TRENDnet access points are 11 digits long (8 in one case) The three first digits are the number used in the model name The rest (8 last digits) is the end of the serial number of the device where two digits are always known That means that in a TRENDnet default WPA passphrase we have 5 known digits and 6 unknown digits (2 knwon digits and 6 unknown digits when key is 8 digits long) This 6 unknown digits are numbers. So we have 10⁶ possibles passphrase. A brute force attack against an handshake can be easily done with any kind of hardware in a few minutes (a few seconds with a good video card and hashcat/pyrit) MODELS AFFECTED This list is not exhaustive; all TRENDnet routers seem to be affected by this breach : - TEW-828DRU (ac 3200) - TEW-823DRU (ac 1750) - TEW-820DAP - TEW-818DRU (ac 1900) - TEW-815DAP (ac 1750) - TEW-813DRU (ac 1200) - TEW-812DRU (ac 1750) - TEW-811DRU (ac 1200) - TEW-753DAP (n 600) - TEW-752DRU (n 600) - TEW-751DR (n 600) - TEW-750DAP (n 600) - TEW-735AP (n 300) - TEW-733GR (n 300) - TEW-732BR (n 300) ...to be continued... DETAILS ABOUT THE WPA KEY STRUCTURE + DICTIONARY FOR ATTACK The "X" are the 6 numbers that have to be brute-forced to recover the default WPA passphrase TEW-828DRU (ac 3200) passphrase structure : 828XGRXXXXX dictionary can be downloaded at https://drive.google.com/open?id=0B4KnE5P5kRPoc001cnJ3dHp3a3c TEW-823DRU (ac 1750) passphrase structure : 823X23XXXXX dictionary can be downloaded at https://drive.google.com/open?id=0B4KnE5P5kRPoSm1aa1laNU94OW8 TEW-820DAP passphrase structure : 820X20XXXXX dictionary can be downloaded at https://drive.google.com/open?id=0B4KnE5P5kRPocWlkRVY0eG1TS2s TEW-818DRU (ac 1900) passphrase structure : 818XGRXXXXX dictionary can be downloaded at https://drive.google.com/open?id=0B4KnE5P5kRPoLV9wRW1TNkRZR00 TEW-815DAP (ac 1750) passphrase structure : 815XACXXXXX dictionary can be downloaded at https://drive.google.com/open?id=0B4KnE5P5kRPoLU5sUGNOZkxUNEE TEW-813DRU (ac 1200) passphrase structure : GXXXRXXX dictionary can be downloaded at https://drive.google.com/open?id=0B4KnE5P5kRPoNkhsVVlTRUdLMms TEW-812DRU (ac 1750) passphrase structure : 812XRDXXXXX dictionary can be downloaded at https://drive.google.com/open?id=0B4KnE5P5kRPocmpsLXgyYmV5VVk TEW-811DRU (ac 1200) passphrase structure : 811XREXXXXX dictionary can be downloaded at https://drive.google.com/open?id=0B4KnE5P5kRPoRzEtTFlTRzY3ZDA TEW-753DAP (n 600) passphrase structure : 753X7DXXXXX dictionary can be downloaded at https://drive.google.com/open?id=0B4KnE5P5kRPoMVc4S0JSYkZnRHc TEW-752DRU (n 600) passphrase structure : 752RDXXXXXX dictionary can be downloaded at https://drive.google.com/open?id=0B4KnE5P5kRPoV2lwb0xOX1o1M1U TEW-751DR (n 600) passphrase structure : 751RDXXXXXX dictionary can be downloaded at https://drive.google.com/open?id=0B4KnE5P5kRPoNlVTOFpFV0labFE TEW-750DAP (n 600) passphrase structure : 750RDXXXXXX dictionary can be downloaded at https://drive.google.com/open?id=0B4KnE5P5kRPoc0tJZC1sb1FfUnc TEW-735AP (n 300) passphrase structure : 735X7AXXXXX dictionary can be downloaded at https://drive.google.com/open?id=0B4KnE5P5kRPodl9GSnAta2pFVlU TEW-733GR (n 300) passphrase structure : 733RNXXXXXX dictionary can be downloaded at https://drive.google.com/open?id=0B4KnE5P5kRPoT3BWRmNBQ2JERGM TEW-732BR (n 300) passphrase structure : 732X32XXXXX dictionary can be downloaded at https://drive.google.com/open?id=0B4KnE5P5kRPoNEVrbTBzWXFhV0k The dictionaries are about 10 MB each once they are unzipped. All links are direct. Enjoy! :) SEVERITY OF THE BREACH With the WPA keys an intruder can access the network and also decrypt sniffed traffic He could also perform much more intrusive action such as a Transparent rogue AP with a MITM RECOMMENDATION - Users have to change the default WPA key by a stronger one. - Manufacturers should never base their wpa key generation on an element "externally guessable" (such as bssid, model, serial, essid etc..) and they should always use at some point an irreversible hash function in their algorithm.