LebGeeks

A community for technology geeks in Lebanon.

You are not logged in.

#1 February 22 2011

ZuZ
Member

Ogero DSL (Blink)... You've been hacked

This is my newest post on https://izuz.wordpress.com/2011/02/22/o … en-hacked/ ...

This is a payback for all the sucky internet they are giving us..

Enjoy people!..

--------------------------------------------------------------------------------------------------
HEY OGERO !!! PAY BACK IS A B!TCH !!!

How many times you get to find Blink wifi networks around you?! Very frequently right?!

ipad.png?w=600&h=450

Your WiFi network at home or at work might be a Blink WiFi. ( If you do then this is the time to PANIC!)

Here’s why:

Blink (or any other ISP as a matter of fact) mass orders and mass configures their wireless routers. Hence the WEP/WPA keys are automatically generated per router; so does the SSID (Name of the wireless network).

Certain routers have always had this vulnerability BUT Lo and Behold , Blink routers are also vulnerable to this attack.

How you may ask?! Let me explain…

When you scan for WiFi networks and see a BlinkXXXXXX network, be sure that this SSID is automatically generated, as we mentioned earlier.. It is a concatenation of the ISP Name (Blink) + the XXXXXX (6 character HEX code), and this code is the key to our attack.

This code is generated from the Serial Number (SN) of the router… So does the WEP/WPA key of the router.

XXXXXX -> SN -> Hash -> KEY

So by reversing the Hash function (which is doable via rainbow tables), you will get to have the Serial Number and then Hash it to find the WiFi router key!

It is easy and it can be done! and there are already apps available out there for iOS and Android!

What makes the matter even more critical, is the fact that Ogero doesn’t give you the admin access to your WiFi router, so that you can change your default settings.

So it is really a combination of circumstances that made this Hack available:

Ignorance (People don’t change their SSID)
Dictatorship (Ogero doesn’t supply you with Admin access to your equipment)
Done panicking?! Great your next mission is to go and literally Nag-the-hell out of your Ogero Customer Support.

p.s: You don’t believe me!? Post you WiFi SSID name in the comments and i will tell you your key!

update 1: username “user” with password “user” works for a big chunk of the routers out there, this is a privileged user which means, can view system settings and PCs connected to the network, which brings us to a totally new level of security threats!

Last edited by ZuZ (February 22 2011)

Offline

#2 February 22 2011

Samer99
Member

Re: Ogero DSL (Blink)... You've been hacked

You don't need the Administrator username or password to be able to change the SSID and the WEP/WPA keys, just login as a User (Username: user / Password: user)...

Many people are changing the SSID and the WEP/WPA keys... So I think that there are no reasons to PANIC!

Last edited by Samer99 (February 22 2011)

Offline

#3 February 22 2011

forgotten
Member

Re: Ogero DSL (Blink)... You've been hacked

Panic is not appropriate  I hacked my brothers blink in 2 minutes without tools the password is mostly 3 digits   different than the router serial no joke  . That is eactly why i do not want ogero as Isp!

Offline

#4 February 22 2011

Kassem
Member

Re: Ogero DSL (Blink)... You've been hacked

Samer99 wrote:

You don't need the Administrator username or password to be able to change the SSID and the WEP/WPA keys, just login as a User (Username: user / Password: user)...

Many people are changing the SSID and the WEP/WPA keys... So I think that there are no reasons to PANIC!

I'm trying to do that but I can't. The address is http://192.168.1.1:80, I get the login dialog box, I enter the username and password, but all I get is a blank white page. Why does that happen?

Offline

#5 February 22 2011

dan961
Member

Re: Ogero DSL (Blink)... You've been hacked

Kassem wrote:
Samer99 wrote:

You don't need the Administrator username or password to be able to change the SSID and the WEP/WPA keys, just login as a User (Username: user / Password: user)...

Many people are changing the SSID and the WEP/WPA keys... So I think that there are no reasons to PANIC!

I'm trying to do that but I can't. The address is http://192.168.1.1:80, I get the login dialog box, I enter the username and password, but all I get is a blank white page. Why does that happen?

yes me too!

Offline

#6 February 22 2011

Kassem
Member

Re: Ogero DSL (Blink)... You've been hacked

forgotten wrote:

Panic is not appropriate  I hacked my brothers blink in 2 minutes without tools the password is mostly 3 digits   different than the router serial no joke  . That is eactly why i do not want ogero as Isp!

Yes this is actually true. I figured out the pattern very easily a long time ago. Then when I had issues with bandwidth being consumed like crazy (I had to pay $50 + 114,000L.L for bandwidth I did not consume), I went to Ogero in Bourj El Murr and asked them to check the router and change the password. Unfortunately, I forgot what the pattern was because I stopped connecting using Wi-Fi once I bought a desktop.

Offline

#7 February 22 2011

ZuZ
Member

Re: Ogero DSL (Blink)... You've been hacked

Samer99 wrote:

You don't need the Administrator username or password to be able to change the SSID and the WEP/WPA keys, just login as a User (Username: user / Password: user)...

Many people are changing the SSID and the WEP/WPA keys... So I think that there are no reasons to PANIC!

user/user cannot change system settings :)

forgotten wrote:

Panic is not appropriate  I hacked my brothers blink in 2 minutes without tools the password is mostly 3 digits   different than the router serial no joke  . That is eactly why i do not want ogero as Isp!

the wep/wap key are hashed off the serial number, it cannot be guessed, needs to be calculated

Offline

#8 February 22 2011

m0ei
Member

Re: Ogero DSL (Blink)... You've been hacked

Well if you have the Ogero Dlink router, the user/user allows you to change the pass. I don't know about the others, because when i had ogero i changed the Pass and you can change the encryption to WPA. But now i'm with IDM and i'm still using the same router so i flashed the router and installed a new firmware, working perfectly.

Offline

#9 February 22 2011

ZuZ
Member

Re: Ogero DSL (Blink)... You've been hacked

m0ei wrote:

Well if you have the Ogero Dlink router, the user/user allows you to change the pass. I don't know about the others, because when i had ogero i changed the Pass and you can change the encryption to WPA. But now i'm with IDM and i'm still using the same router so i flashed the router and installed a new firmware, working perfectly.

a big chunk of the routers are thomson ... dlink are the newer ones..

Offline

#10 February 22 2011

Samer99
Member

Re: Ogero DSL (Blink)... You've been hacked

Kassem wrote:
Samer99 wrote:

You don't need the Administrator username or password to be able to change the SSID and the WEP/WPA keys, just login as a User (Username: user / Password: user)...

Many people are changing the SSID and the WEP/WPA keys... So I think that there are no reasons to PANIC!

I'm trying to do that but I can't. The address is http://192.168.1.1:80, I get the login dialog box, I enter the username and password, but all I get is a blank white page. Why does that happen?

If you have the THOMSON TG585 v7 (the modem-router that most Ogero clients have), then the default adress is http://192.168.1.254/ and you can login as a User (Username: user / Password: user), and you will be able to change the SSID and the password... I did that for 3 relatives...

Offline

#11 February 22 2011

m0ei
Member

Re: Ogero DSL (Blink)... You've been hacked

ZuZ wrote:
m0ei wrote:

Well if you have the Ogero Dlink router, the user/user allows you to change the pass. I don't know about the others, because when i had ogero i changed the Pass and you can change the encryption to WPA. But now i'm with IDM and i'm still using the same router so i flashed the router and installed a new firmware, working perfectly.

a big chunk of the routers are thomson ... dlink are the newer ones..

Not really, the first routers ogero used were Dlink, i was a customer with ogero from 2009 then after 6 months i think they replaced the routers to Thomson. I don't know if they are using new Dlink routers now as you're saying.

Offline

#12 February 22 2011

ZuZ
Member

Re: Ogero DSL (Blink)... You've been hacked

m0ei wrote:
ZuZ wrote:
m0ei wrote:

Well if you have the Ogero Dlink router, the user/user allows you to change the pass. I don't know about the others, because when i had ogero i changed the Pass and you can change the encryption to WPA. But now i'm with IDM and i'm still using the same router so i flashed the router and installed a new firmware, working perfectly.

a big chunk of the routers are thomson ... dlink are the newer ones..

Not really, the first routers ogero used were Dlink, i was a customer with ogero from 2009 then after 6 months i think they replaced the routers to Thomson. I don't know if they are using new Dlink routers now as you're saying.

we need an ogero representative to set things straight! and how they are willing to fix this

Offline

#13 February 22 2011

Kassem
Member

Re: Ogero DSL (Blink)... You've been hacked

I have a D-Link router. And no you do not need to calculate anything to figure out the password, you can easily figure out the pattern. At least that's how it used to be back then.

Offline

#14 February 22 2011

chosen2k
Member

Re: Ogero DSL (Blink)... You've been hacked

you can contact ogero and they will give you the admin login and password

Offline

#15 February 22 2011

longbit
Member

Re: Ogero DSL (Blink)... You've been hacked

can you post a howto guide for this ?
what algorithm is used to hash the SN, and what tools we need to reverse it?

Last edited by longbit (February 22 2011)

Offline

#16 February 22 2011

Bij
Member

Re: Ogero DSL (Blink)... You've been hacked

An advice for future Ogero subscribers: get the non-wireless (modem only) package and by your own router.
Less Expansive.
More secure: I got WPA TKIP set up, mac address filtering, firewall, parental protection.
One interesting thing you can do when you have full control over your router is reduce broadcast power by percentages. My network does not show up at my neighbors above, below and next door using normal laptop WNIC.

Offline

#17 February 22 2011

nuclearcat
Member

Re: Ogero DSL (Blink)... You've been hacked

TKIP is not secure (it uses some ciphers as WEP, but just different way). Use AES.

Offline

#18 February 22 2011

dp0001
Member

Re: Ogero DSL (Blink)... You've been hacked

um... if you only have a dsl modem also acting as router and wifi, you will get pwnd

IMO, like Bij said; best practice is [DSL modem] -> [wifi/ethernet router/firewall] -> everybody else

Last edited by dp0001 (February 22 2011)

Offline

#19 February 22 2011

m0ei
Member

Re: Ogero DSL (Blink)... You've been hacked

Yes use AES, WPA TKIP encrypted wireless password can be cracked using dictionaries or bruteforce.

Offline

#20 February 22 2011

Aly
Member

Re: Ogero DSL (Blink)... You've been hacked

Sorry but this is very old news, it is obvious, in fact this matter is related to Thomson company not Ogero, and you did not "hack" Ogero you will be stealing lousy bandwidth (128k or 256k)  from your poor  neighbors, mmm that's not ethical.
You steal,
Your Neighbors pay,
Ogero Wins.

PS: when I said "you" I didn't mean the author, I am speaking in general.

Offline

#21 February 23 2011

MrClass
Member

Re: Ogero DSL (Blink)... You've been hacked

Heh this "hack" is nothing hunny. I was able to figure out Cyberia ADSL and HDSL usernames and passwords thanks to Cyberia's stupidity. Most cyberia DSL users turned out to have password for their account 12345678. I figured out the username L number pattern, and voila, access to their ADSL account :)

I was able to open at least 27 accounts and heck there is more to come. I wonder if I put the L number and password on my ADSL router, would I use internet off of their account? Hmmmmmm :)

Offline

#22 February 23 2011

samer
Admin

Re: Ogero DSL (Blink)... You've been hacked

I wonder if I put the L number and password on my ADSL router, would I use internet off of their account? Hmmmmmm :)

This is easily traceable by the ISP. I wouldn't advise using someone else's DSL account on your own phone line.

Offline

#23 February 23 2011

MrClass
Member

Re: Ogero DSL (Blink)... You've been hacked

I know I'm just questioning. Anyway I don't think it will work especially if you're connected to another ISP. I think Ogero sets each account to 1 specific phone line.

Offline

#24 February 23 2011

jadz
Member

Re: Ogero DSL (Blink)... You've been hacked

worked fine for me =D thanks! but my neighboor's internet was 128 >.<

Offline

#25 February 24 2011

Bij
Member

Re: Ogero DSL (Blink)... You've been hacked

nuclearcat wrote:

TKIP is not secure (it uses some ciphers as WEP, but just different way). Use AES.

I actually found out I was using AES when I went to the settings page to change it  I don't know why I thought I was using TKIP.
One thing I never noticed before is the "Both" option when choosing the cipher type. Any idea on how this works ?

Offline

Board footer