{"id":17693706,"url":"https://github.com/kcdtv/nmk","last_synced_at":"2025-05-13T03:20:01.581Z","repository":{"id":80104773,"uuid":"100827031","full_name":"kcdtv/nmk","owner":"kcdtv","description":"WiFi Scanner and Default WPS PIN Generator for Livebox 2.1 and Lievbox Next from Orange (Spain) ","archived":false,"fork":false,"pushed_at":"2021-10-05T10:39:15.000Z","size":42,"stargazers_count":21,"open_issues_count":1,"forks_count":3,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-01T06:12:09.430Z","etag":null,"topics":["default-pin","livebox","orange","reaver","spain","wash"],"latest_commit_sha":null,"homepage":"https://www.wifi-libre.com/topic-869-todo-sobre-al-algoritmo-wps-livebox-arcadyan-orange-xxxx.html","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kcdtv.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-08-19T23:32:07.000Z","updated_at":"2025-03-15T15:27:39.000Z","dependencies_parsed_at":null,"dependency_job_id":"3b2d6649-ba08-469f-bff7-3fc950b700df","html_url":"https://github.com/kcdtv/nmk","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kcdtv%2Fnmk","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kcdtv%2Fnmk/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kcdtv%2Fnmk/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kcdtv%2Fnmk/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kcdtv","download_url":"https://codeload.github.com/kcdtv/nmk/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253863579,"owners_count":21975675,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["default-pin","livebox","orange","reaver","spain","wash"],"created_at":"2024-10-24T13:46:19.160Z","updated_at":"2025-05-13T03:20:01.012Z","avatar_url":"https://github.com/kcdtv.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# nmk[![Bash4.2-shield]](http://tldp.org/LDP/abs/html/bashver4.html#AEN21220) [![License-shield]](https://raw.githubusercontent.com/v1s1t0r1sh3r3/airgeddon/master/LICENSE.md)   \n\"Tool kit\" to generate the default WPS  PIN from spanish Livebox 2.1 and Livebox Next by Orange.  \n[![livebox1]]  \n\n# Description\n**N**aranja **M**ekani**K** (**nmk**) is a tool kit that proposes different ways to generate the default WPS PIN from: \n - Arcadyan ARV7519RW22 \n - Arcadyan ARV7520CW22  \n - Arcadyan VRV9510KWAC23  \nThe two frist Access Points are also known as **Livebox 2.1** and the third one is known as **Livebox Next**\n\n \n # About the WPS breach\nThe PIN algorithm was investigated and found by **wifi-libre** members: [Todo sobre al algoritmo WPS Livebox Arcadyan (Orange-XXXX)](https://www.wifi-libre.com/topic-869-todo-sobre-al-algoritmo-wps-livebox-arcadyan-orange-xxxx.html#p7018)  \nIt is similar to the one discovered by **Stefan Viehböck** on Arcadyan easy-box: [(Vodafone EasyBox Default WPS PIN Algorithm Weakness](http://seclists.org/fulldisclosure/2013/Aug/51)  \n0range has several millions of clients in Spain and has been using exclusivly this three AP models since 2012. \n**Notice that Orange disabled remotely the WPS PIN mode on this devices since the publication of the full disclosure. The vulnerability is no longer exploitable unless the device was not actualized since August-September 2017**\n\n\n# Dependencies\n**nmk.sh** requires **wash 1.6.3** (or a superior version) and its dependencies.  \nSteps to follow in a debian based system in order to install **the latest version of reaver** (it includes **wash**):  \n - Install the dependencies    \n~~~\nsudo apt install libpcap-dev\n~~~\n - Install reaver\n~~~\ngit clone https://github.com/t6x/reaver-wps-fork-t6x.git\ncd reaver-wps-fork-t6x/src/\n./configure\nmake\nsudo make install\n~~~  \nVisit [reaver t6x repository](https://github.com/t6x/reaver-wps-fork-t6x) for more information about wash and reaver.  \n\n\n# How to use nmk.sh?\n - Clone this repository  \n ~~~\n git clone https://github.com/kcdtv/nmk.git\n ~~~\n - Execute the script with administrator privileges\n ~~~\n cd nmk; sudo bash nmk.sh\n ~~~  \n \n - If several interfaces are avalaible user is prompted to choose one  \n [![livebox3]]  \n - Once an interface is selected the scan begins and when a vulnerable target is detected it is reported with its PIN genrated  \n [![livebox4]]  \n - Press CTRL + C to stop the scan and the script.  \n Interface is left in monitor mode in order to perform a reaver attack with the default PIN.  \n In good conditions the WPA keys from ARV7520CW22 and VRV9510KWAC23 are recovered inmediatly \n Due to a very bad implementation of the WPS protocole, recovering the WPA key from the ARV7519RW22 is extremly tedious (to not say impossible).   \n   \n# How to use orangen.py\n```\npython orangen.py \u003c 4 last digits mac WAN \u003e \u003c 4 last digits serial \u003e \n```\nfree tips: The four last digits from WAN mac are the same than the four last digits from default eSSID. If default eSSID is not used you can get the 4 digits by substracting 2 from bSSID (in base 16).  \n  \n  \n# How to use orangen.sh  \nLocate your terminal in your \"nmk\" folder and invocate bash to execute the script  \n```\nbash orangen.sh\n```  \nUser will be prompted to enter bSSID (from the 2.4Ghz network) and the four last digits from serial number.  \n\n\n# Credits\nFull disclosure \"Arcadyan livebox PIN generator\" is a colective work  by **wifi-libre**, scripts by **kcdtv**\n\n\n\n\n\n[livebox1]: https://www.wifi-libre.com/img/members/3/livebox_default_PIN_4.jpg\n[lievbox2]: http://pix.toile-libre.org/upload/original/1503195806.png\n[livebox3]: http://pix.toile-libre.org/upload/original/1503190103.png\n[livebox4]: http://pix.toile-libre.org/upload/original/1503191121.png\n[lievbox5]: http://pix.toile-libre.org/upload/original/1503197042.png\n[Bash4.2-shield]: https://img.shields.io/badge/bash-4.2%2B-blue.svg?style=flat-square\u0026colorA=273133\u0026colorB=00db00 \"Bash 4.2 or later\"\n[License-shield]: https://img.shields.io/badge/license-GPL%20v3%2B-blue.svg?style=flat-square\u0026colorA=273133\u0026colorB=bd0000 \"GPL v3+\"  \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkcdtv%2Fnmk","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkcdtv%2Fnmk","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkcdtv%2Fnmk/lists"}