decoding passwords sent over http
This commit is contained in:
Conor Horan-Kates
parent
3dd7b04e9e
commit
a48cec0de4
41
mifi/reverse-adpassword.rb
Normal file
41
mifi/reverse-adpassword.rb
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
#/usr/bin/ruby
|
||||||
|
## reverse-adpassword.rb - Virgin Mobile Mifi login passwords are encoded, not encrypted
|
||||||
|
|
||||||
|
require 'digest/sha1'
|
||||||
|
|
||||||
|
PWTOKEN='tcqowykwoejwlgvj' # magic number from index.html inline js
|
||||||
|
|
||||||
|
## mirroring js method names
|
||||||
|
def rstr2hex(input)
|
||||||
|
# iterate over each character
|
||||||
|
# get it's character code (a = 97, o = 111).. so ASCII value
|
||||||
|
# append this value shifted 4 times & 15 + the character again & 15
|
||||||
|
## in js: a = c.charCodeAt(i); b+=f.charAt((a>>>4)&15)+f.charAt(a&15), where f = '0123456789abcdef'
|
||||||
|
# so .. isn't this just hexing?
|
||||||
|
input.each_byte.map { |b| b.to_s(16) }.join
|
||||||
|
end
|
||||||
|
|
||||||
|
def rstr_sha1(input)
|
||||||
|
# technically we can do all of the encoding with .hexdigest here, but hey, completeness
|
||||||
|
Digest::SHA1.digest(input)
|
||||||
|
end
|
||||||
|
|
||||||
|
# TODO actually implement this, for now assuming input is ASCII anyway
|
||||||
|
def str2rstr_utf8(input)
|
||||||
|
input
|
||||||
|
end
|
||||||
|
|
||||||
|
## main()
|
||||||
|
password = ARGV.first
|
||||||
|
if password.nil?
|
||||||
|
p sprintf('USAGE: %s <password>', File.basename(__FILE__))
|
||||||
|
exit 1
|
||||||
|
end
|
||||||
|
|
||||||
|
# TODO first we mimic the encoding, then we can decode
|
||||||
|
encoded = rstr2hex(rstr_sha1(str2rstr_utf8(password)))
|
||||||
|
|
||||||
|
puts sprintf('%s %s', decoded, "\n")
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Loading…
Reference in New Issue
Block a user