decoding passwords sent over http

This commit is contained in:
Conor Horan-Kates 2016-09-25 18:02:18 +00:00
parent 3dd7b04e9e
commit a48cec0de4

View File

@ -0,0 +1,41 @@
#/usr/bin/ruby
## reverse-adpassword.rb - Virgin Mobile Mifi login passwords are encoded, not encrypted
require 'digest/sha1'
PWTOKEN='tcqowykwoejwlgvj' # magic number from index.html inline js
## mirroring js method names
def rstr2hex(input)
# iterate over each character
# get it's character code (a = 97, o = 111).. so ASCII value
# append this value shifted 4 times & 15 + the character again & 15
## in js: a = c.charCodeAt(i); b+=f.charAt((a>>>4)&15)+f.charAt(a&15), where f = '0123456789abcdef'
# so .. isn't this just hexing?
input.each_byte.map { |b| b.to_s(16) }.join
end
def rstr_sha1(input)
# technically we can do all of the encoding with .hexdigest here, but hey, completeness
Digest::SHA1.digest(input)
end
# TODO actually implement this, for now assuming input is ASCII anyway
def str2rstr_utf8(input)
input
end
## main()
password = ARGV.first
if password.nil?
p sprintf('USAGE: %s <password>', File.basename(__FILE__))
exit 1
end
# TODO first we mimic the encoding, then we can decode
encoded = rstr2hex(rstr_sha1(str2rstr_utf8(password)))
puts sprintf('%s %s', decoded, "\n")