Monday, April 4, 2011

2wire Dictionary Script

If your neighborhood is like mine then you most likely see a bunch of 2wire### wireless ssid's being broadcasted. In California (I'm not sure if this holds true for the rest of the country) 2wire hardware is the standard for AT&T U-verse

The 2wire box and it's capabilities seem decent, except for one thing... The techs from AT&T who set these devices up often use the default password for wireless, which is a 10 digit numeric password conveniently located on the side of the box (see image below). To the credit of the techs, they do usually enable WPA2 (even though the devices will usually support WEP as well). However, using the default 10 digit numeric password only leaves 10^10  password possibilities, which in computer terms only takes a few days to crack!

In order to crack something like this your favorite tool (i.e. aircrack-ng) would require you to have a dictionary of all of the potential passwords from 0000000000 to 9999999999. I thought it would be trivial to generate this rather large 100+Gb file with all of the passwords, but it turns out I was wrong. It gets a little sticky when you generate numbers on a 32 bit system that are bigger than 2^32. But nevermind that...I have provided a perl script below, which you can use to generate this dictionary. This is useful for for cracking anything that uses a 10 digit numerical password. Enjoy! 


  1. Why not just use a linux machine and seq 0000000001 9999999999 >> 2Wire?

    1. I hadn't heard of the "seq" command. Had I known I probably would have done that. Thank you for bringing this to my attention...very cool! :-)