2016-09-25 20:02:18 +02:00
|
|
|
#/usr/bin/ruby
|
|
|
|
|
## reverse-adpassword.rb - Virgin Mobile Mifi login passwords are encoded, not encrypted
|
|
|
|
|
|
|
|
|
|
require 'digest/sha1'
|
|
|
|
|
|
|
|
|
|
PWTOKEN='tcqowykwoejwlgvj' # magic number from index.html inline js
|
|
|
|
|
|
|
|
|
|
## mirroring js method names
|
|
|
|
|
def rstr2hex(input)
|
|
|
|
|
# iterate over each character
|
|
|
|
|
# get it's character code (a = 97, o = 111).. so ASCII value
|
|
|
|
|
# append this value shifted 4 times & 15 + the character again & 15
|
|
|
|
|
## in js: a = c.charCodeAt(i); b+=f.charAt((a>>>4)&15)+f.charAt(a&15), where f = '0123456789abcdef'
|
|
|
|
|
# so .. isn't this just hexing?
|
|
|
|
|
input.each_byte.map { |b| b.to_s(16) }.join
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def rstr_sha1(input)
|
|
|
|
|
# technically we can do all of the encoding with .hexdigest here, but hey, completeness
|
|
|
|
|
Digest::SHA1.digest(input)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# TODO actually implement this, for now assuming input is ASCII anyway
|
|
|
|
|
def str2rstr_utf8(input)
|
|
|
|
|
input
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
## main()
|
|
|
|
|
password = ARGV.first
|
|
|
|
|
if password.nil?
|
|
|
|
|
p sprintf('USAGE: %s <password>', File.basename(__FILE__))
|
|
|
|
|
exit 1
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# TODO first we mimic the encoding, then we can decode
|
|
|
|
|
encoded = rstr2hex(rstr_sha1(str2rstr_utf8(password)))
|
|
|
|
|
|
2017-01-29 01:20:36 +01:00
|
|
|
puts sprintf('%s', encoded)
|
|
|
|
|
puts sprintf('%s', decoded)
|
