Thomas Kolb
24ba2242a4
Sensitive data are WiFi Logins and authentication data. This is done in preparation for the OTA update, where the firmware image will be transferred unencrypted and therefore passwords could be extracted from a dumped image.
40 lines
830 B
Python
Executable file
40 lines
830 B
Python
Executable file
#!/usr/bin/env python3
|
|
|
|
import requests
|
|
import sys
|
|
import hashlib
|
|
import time
|
|
import re
|
|
|
|
IP = sys.argv[1]
|
|
|
|
# read the salt from the header file
|
|
with open("../data/etc/auth", "r") as authFile:
|
|
lineno = 0
|
|
for line in authFile:
|
|
if lineno == 1:
|
|
SALT = line.strip()
|
|
lineno += 1
|
|
|
|
print(f'SALT = "{SALT}"')
|
|
|
|
# read and store the password from the user
|
|
pwd = input("Enter password: ")
|
|
|
|
# request and parse a challenge from the server
|
|
challenge = requests.get(f"http://{IP}/challenge").json()
|
|
|
|
nonce = int(challenge['nonce'])
|
|
|
|
print(f"Nonce: {nonce}")
|
|
|
|
# build response string
|
|
responsestr = pwd + ":" + str(nonce) + ":" + SALT
|
|
|
|
m = hashlib.sha256()
|
|
m.update(responsestr.encode('utf-8'))
|
|
response = m.hexdigest()
|
|
|
|
result = requests.get(f"http://{IP}/authtest", {"response": response})
|
|
print(result.text)
|