Living in Spain has a lot of advantages.

But, from the geek point of view – some things really suck. For example, (I will be reffering to Poland because I don’t know the situation in other countries) in my previous city (Warsaw) I used to have very good broadband connection for about 20 euro per month. I had got about 10Mb which usually works with this speed.

Spain is different. Every ISP here sells shit. For me it reminds sweet-times ;) of Poland about 8 years ago – low quality, slow connections and big latency. You cannot buy/order 6Mb connection – you can order “up to 6M” which means 1-2Mb max. Of course if nobody else is using it at the same moment ;)

Unfortunately I bought connection from Telefonica.es – which is totally crap. For me it’s the essence of Spanish networking. So, finally every day my internet connection is not working for about 2 hours.

Fortunately, some of my neighbours have connections as well, and even better – from other companies.

The closest ones are using Vodafone – quite popular here. It means “they are paying 40 euros for UP to 6Mb, which means they have max 3M”. I decided to make backup connection for myself to have possibility be online whenever I want.

So, I started playing with aircrack-ng. The most popular way to crack WPA is to gain handshake and use bruceforce method with dictionary.

Getting it was quite simple – I used deauth method described in many places (disconnecting donnected user).

Then I created a big dictionary (about 1GB) using some dictionaries from internet, scrapping some pages and connecting all dictionaries from /usr/share/dict/ directory (about 20 dictionaries).

Then I started cracking using aircrack-ng -w -b etc.

On machine equipped with 8 cpu’s it took about 4 hours to declare that the password is not in the dictionary.

So, I started an investigation – asking some people who have Vodafone connection and guess what? All Vodafone WPA passwords contain only 14 characters from uppercase set of letters (A-Z).

It helped a lot. I wrote simple python script to generate all possible passwords (*thanks for rezos for pointed me stupid mistake*):

from itertools import product
from string import ascii_uppercase
for i in product(ascii_uppercase, repeat=14):
    print ''.join(i)

and passed them directly to aircrack:

./gen.py |aircrack-ng -b xx:xx:xx:xx:xx:xx -w - vodafone-02.cap

Now, I have to wait about 2 weeks ;) For now 24 millions of keys has been checked:

[07:18:27] 24389170 keys tested (905.21 k/s)

If you know some other “standards” of Spanish wireless networking – please send me it.