esp32-sk6812/scripts/authtest.py

#!/usr/bin/env python3

import requests
import sys
import hashlib
import time
import re

IP = sys.argv[1]

# read the salt from the header file
with open("../data/etc/auth", "r") as authFile:
    lineno = 0
    for line in authFile:
        if lineno == 1:
            SALT = line.strip()
        lineno += 1

print(f'SALT = "{SALT}"')

# read and store the password from the user
pwd = input("Enter password: ")

# request and parse a challenge from the server
challenge = requests.get(f"http://{IP}/challenge").json()

nonce = int(challenge['nonce'])

print(f"Nonce: {nonce}")

# build response string
responsestr = pwd + ":" + str(nonce) + ":" + SALT

m = hashlib.sha256()
m.update(responsestr.encode('utf-8'))
response = m.hexdigest()

result = requests.get(f"http://{IP}/authtest", {"response": response})
print(result.text)
Integrated authentication test in WebServer 2019-11-25 22:45:01 +01:00			`#!/usr/bin/env python3`

			`import requests`
			`import sys`
			`import hashlib`
			`import time`
			`import re`

			`IP = sys.argv[1]`

			`# read the salt from the header file`
Load sensitive data from the SPIFFS Sensitive data are WiFi Logins and authentication data. This is done in preparation for the OTA update, where the firmware image will be transferred unencrypted and therefore passwords could be extracted from a dumped image. 2019-11-26 22:03:44 +01:00			`with open("../data/etc/auth", "r") as authFile:`
			`lineno = 0`
			`for line in authFile:`
			`if lineno == 1:`
			`SALT = line.strip()`
			`lineno += 1`
Integrated authentication test in WebServer 2019-11-25 22:45:01 +01:00
			`print(f'SALT = "{SALT}"')`

			`# read and store the password from the user`
			`pwd = input("Enter password: ")`

			`# request and parse a challenge from the server`
			`challenge = requests.get(f"http://{IP}/challenge").json()`

			`nonce = int(challenge['nonce'])`

			`print(f"Nonce: {nonce}")`

			`# build response string`
			`responsestr = pwd + ":" + str(nonce) + ":" + SALT`

			`m = hashlib.sha256()`
			`m.update(responsestr.encode('utf-8'))`
			`response = m.hexdigest()`

			`result = requests.get(f"http://{IP}/authtest", {"response": response})`
Load sensitive data from the SPIFFS Sensitive data are WiFi Logins and authentication data. This is done in preparation for the OTA update, where the firmware image will be transferred unencrypted and therefore passwords could be extracted from a dumped image. 2019-11-26 22:03:44 +01:00			`print(result.text)`