ph-neutral header
welcome talks guest_info party history imprint darklab phenoelit twist4

WLAN router horror stories


It's about finding and exposing two weak password algorithms for the
standard-passwords for WPA/WPA2 in widely deployed
soho-home-dsl-wifi-voip-routers and what could be done with that
knowledge if you have malicious intents.

Planned content:
- History/Intro -> There have been cases like this before in other countries
- Finding targets -> Wardriving + Mapping (we know its "boring" so
this part will be kept short and focused on practical use)
- Router internals -> Firmware Unpacking/Reversing with IDA to read
some MIPS-Assembly (we will drink before we talk about this part, you
have been warned!)

more details about what we are focusing on

1. Telekom/Arcadyan Speedport 700V Router default password weakness
2. Telekom Austria (Pirelli Broadband PRGAV4202N) Router default
password weakness
3. (more stuff)


we are computerscience students from hell (ViBi = Austria, 5M7X = Germany)