WPA HEX passcode equivalent in ASCII?

Onund

Senior member
Jul 19, 2007
287
0
0
I think I know the answer to this but I'm hoping there are people much smarter than me with a better answer.

So I got a device I'd like to connect up to a wifi network, protected with WPA2, but here is my problem; the passcode on the network is set as a 64 character HEX number, my device only accepts a 63 character ASCII passphrases.

From my research I've found out that WPA2 uses a 63 ASCII characters, the SSID and a hash function to encode the passphrase into a 64 character HEX number. Now, either a poor spec or poor implementations of the spec allow for some devices to accept HEX numbers directly instead of ASCII passphrases and/or devices to only accept ASCII.

So the question is, knowing the HEX key and SSID, is there some way to reverse engineer an ASCII key that will encode to the given HEX key? erg, I should probably ask if there is an easy way to do this, somethign easier than reading up on the hash function specs...

And no, I can't just change the key to an ASCII version, this is a company network and I don't think the admins will want to change the entire setup to accommodate one device.

Thanks for reading
 
 

QuixoticOne

Golden Member
Nov 4, 2005
1,855
0
0
I've never looked at reversing the hash, I suppose someone has a utility to do it somewhere.

Anyway chances are someone generated a password in ascii first and the hex was just a result of someone seeing that and documenting it versus the ascii original. If you talk to the IT people who may have originally set up the router or someone who knows about the master password list, they can possibly tell you the ascii version.

Also some devices have very poor documentation as to HOW, but they can actually take a hex input. Some devices say to enter anything 0-63 characters = password, 64 hex characters exactly = hex direct. Some devices only like HEX in either uppercase or lowercase, so try both.

Another option might be to reflash your device with newer OEM firmware that might let you enter the hex, or reflash it with better 3rd party firmware (if any exists for your model) that will let you use the HEX hash e.g. openwrt, dd-wrt, whatever firmware supports your model.

 

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
My first responses and I shall list them in order

1) Whoever is in charge of your wireless networks needs to be fired immediately, he's spent too much time reading and not enough time actually doing.
2) Whoever is in charge of security also needs to be fired because obviously they don't know what they are doing
3) Who the F thinks it's a good idea to have a 64 nibble hexkey?

I wish I could be more help but AFAIK the key and SSID have nothing whatseover to do with each other.
 

Onund

Senior member
Jul 19, 2007
287
0
0
Originally posted by: QuixoticOne
I've never looked at reversing the hash, I suppose someone has a utility to do it somewhere.

Anyway chances are someone generated a password in ascii first and the hex was just a result of someone seeing that and documenting it versus the ascii original. If you talk to the IT people who may have originally set up the router or someone who knows about the master password list, they can possibly tell you the ascii version.

Also some devices have very poor documentation as to HOW, but they can actually take a hex input. Some devices say to enter anything 0-63 characters = password, 64 hex characters exactly = hex direct. Some devices only like HEX in either uppercase or lowercase, so try both.

Another option might be to reflash your device with newer OEM firmware that might let you enter the hex, or reflash it with better 3rd party firmware (if any exists for your model) that will let you use the HEX hash e.g. openwrt, dd-wrt, whatever firmware supports your model.

Nah, I'm pretty sure they pushed the 'auto-generate key' button and went with that.

I was thinking there should be a util to undo the hash but haven't found one yet. I did find a javascript app that converts the passphrase and SSID into a HEX key, I looked at that a little but don't really have the time to reverse engineer it.

FWIW, the device i'm trying to connect is an Archos 605 Wifi. It only accepts 63 chars. I opened a ticket with their support about the issue, I was asked to update to the latest FW and still the same thing. They've elevated the issue...

My first responses and I shall list them in order

1) Whoever is in charge of your wireless networks needs to be fired immediately, he's spent too much time reading and not enough time actually doing.
2) Whoever is in charge of security also needs to be fired because obviously they don't know what they are doing
3) Who the F thinks it's a good idea to have a 64 nibble hexkey?

I wish I could be more help but AFAIK the key and SSID have nothing whatseover to do with each other.

1) I agree, the guy isn't an IT guy actually, he just does it because we don't have a bonafide IT department in our office. He should be fired from IT and we should get a real IT person, but that will never happen.
2) Same guy as 1). To add fuel to your fire, we have two wireless routers in the office, one is secured using WEP, the other WPA2... wtf?
3) I may be wrong but I think once you enter a passphrase the WPA spec calls for it to be encoded into a 64 bit hexkey.

From reading up a bit on WPA passcodes, the SSID is used as the salt for encoding the passphrase into a hex key. This is knowledge gleened from wikipedia and trying to understand a javascript implementation of the encoder.

I'm thinking I might just have to bring up the issue with the IT guy, there really should be a ascii passphrase.... ugh.
 

JackMDS

Elite Member
Super Moderator
Oct 25, 1999
29,545
422
126
The encryption process is Internally.

Where did you get the HEX key from?
 

QuixoticOne

Golden Member
Nov 4, 2005
1,855
0
0
I peeked at the specs. for the ascii -> hex conversion, and it looks like the algorithms it uses are designed to be one way and secure (I hadn't assumed that they would be -- there's no obvious REASON for that to be secure in this use case, since if the user is allowed to enter their own hex they certainly could pick an insecure entry).

I'd forget about finding a converter to go from HEX back to ASCII, I think it is not practically possible to write the algorithm that can usefully do this task for mathematical reasons.

At first I'd assumed they hadn't intended it to be secure, so I thought perhaps it might be possible to convert the HEX to *some* corresponding ASCII version (even if not the original). I don't think even that is practically possible given the hashing algorithms in use.

Look for a firmware fix for your client device, or find another device.

 

Onund

Senior member
Jul 19, 2007
287
0
0
Originally posted by: QuixoticOne
I peeked at the specs. for the ascii -> hex conversion, and it looks like the algorithms it uses are designed to be one way and secure (I hadn't assumed that they would be -- there's no obvious REASON for that to be secure in this use case, since if the user is allowed to enter their own hex they certainly could pick an insecure entry).

I'd forget about finding a converter to go from HEX back to ASCII, I think it is not practically possible to write the algorithm that can usefully do this task for mathematical reasons.

At first I'd assumed they hadn't intended it to be secure, so I thought perhaps it might be possible to convert the HEX to *some* corresponding ASCII version (even if not the original). I don't think even that is practically possible given the hashing algorithms in use.

Look for a firmware fix for your client device, or find another device.

I'm pretty sure the spec doesn't allow picking the hex key directly, that's poor decision making on the design side. I think the key is always supposed to be user inputted as ascii.

I was thinking it should be possible to find an equivalent ASCII version as well. Damn though... I guess I'll keep trying to get a firmware fix for my device and talk to the network admin again about the key.

Thanks for looking.

 

Onund

Senior member
Jul 19, 2007
287
0
0
Originally posted by: JackMDS
The encryption process is Internally.

Where did you get the HEX key from?

Yes, my understanding is that it's supposed to be internally computed but some devices allow you to input the key directly in hex. Our router is one of them apparently, my device is not.