NKCSS Thompson SpeedTouch WPA(2) Key Lookup

WPA(2) Key Lookup for Thompson (SpeedTouch) Modems

Pages

Thompson SpeedTouch Lookup Intro Page (current)
Countries Thompson SpeedTouch modems can be found in
Information about the Thompson SpeedTouch Generator I've created
Lookup Thompson SpeedTouch modem WPA(2) Keys

Thompson thought they would 'solve' the problem that people don't secure their WiFi accesspoints. In order to do so, they thought of an algorithm to set a default WPA(2) key. The problem with default passwords is that they tend to get posted online and added to dictionaries. If every modem has the same password, it still wouldn't be secure. To solve this, they figured: "We'll give every modem it's own WPA(2) key.".

This WPA key was based on the serial number of the modem that in itself isn't such a bad idea, as long as you can't find out the serial number short of looking on the device iself. The WPA key is printed to the bottom of the modem, along with the serial number, so physical acces to the modem always means you can get it. The problem is that they used the same algorithm to think of a 'Unique' SSID for the modem. This is the source of the problem, if you know the SSID, you can figure out the modem's serial number, and from that, calculate the WPA(2) key.

SMS Option for The Netherlands

For residents of The Netherlands, there is also an offline option. You can send 'GET SPEEDTOUCH <SSID>' to 3010 and get an SMS with possible keys.

Example:

send 'GET SPEEDTOUCH ABDEF' to 3010

Advanced Options

I've included some advanced options to limit the expected range. You can specify the year range in which the modem has to be manufactured.

Example:

send 'GET SPEEDTOUCH ABCDEF 2005 2010' to 3010

This wil only return results for modems manufactured in 2005 thru 2010 (both are included in the search, not excluded). So, if you'd want to limit the search to 2007, you'd send 'GET SPEEDTOUCH ABCDEF 2007 2007'.

Leave a Message

Last but not least, you can use up the remaining space of the 140 characters to leave a short message. Anonimized messages will be listed on this page :)

10 Last Messages

06....0103 @ 2012-01-28 17:12: This is a Thomson ssid (Thomson 9C801E) so far i only get this key: 50fc66c229 and that one is not working.
06....0562 @ 2012-01-12 14:01: 2005 2011
06....0874 @ 2011-12-10 20:59: 2005 2010
06....0184 @ 2011-11-26 21:27: 2007 2011
06....0138 @ 2011-09-04 10:34: 2005 2010
06....0216 @ 2011-08-31 16:59: 2007 2011
06....0216 @ 2011-08-31 16:23: 2007 2011
06....0784 @ 2011-08-26 23:22: 2007 2010
06....0784 @ 2011-08-26 23:21: 2007 2011
06....0303 @ 2011-08-19 16:41: 2007 2011

This is a one-time SMS Service, not a subscription. The service costs €1,50. Be sure to checkout the Statistics.

For those of you who had a error page served up to them the last few days; it was beacause of an upgrade of the website; MVC3 broke my custom routing engine :( All is working now, but I had to do a nasty 404 hack.