summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--_includes/cig_password.html10
-rw-r--r--assets/js/cigpassword.js28
2 files changed, 32 insertions, 6 deletions
diff --git a/_includes/cig_password.html b/_includes/cig_password.html
index 33b24a5..5223e35 100644
--- a/_includes/cig_password.html
+++ b/_includes/cig_password.html
@@ -20,6 +20,8 @@
<label for="result" class="form-label">Password</label>
</div>
</form>
+ <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.2.0/crypto-js.min.js"></script>
+ <script type="text/javascript" src="/assets/js/cigpassword.js"></script>
<script>
var cigPassword = document.getElementById('cig-password');
cigPassword.addEventListener('submit', (event) => {
@@ -27,12 +29,8 @@
if (!cigPassword.checkValidity()) {
event.preventDefault();
} else {
- const data = new URLSearchParams(new FormData(cigPassword));
- var url = new URL("https://cigpassword.hack-gpon.org/");
- url.search = data.toString();
- fetch(url, {mode: 'cors'}).then(response => response.json()).then(json => document.getElementById('result').value = json.password).catch((error) => {
- document.getElementById('result').value = "Error!"
- });
+ const data = new FormData(cigPassword);
+ document.getElementById('result').value = cigpassword_gpon(data.get("serial"), data.get("username"));
}
[...cigPassword.elements].map(e => e.parentNode).forEach(e => e.classList.toggle('was-validated', true));
});
diff --git a/assets/js/cigpassword.js b/assets/js/cigpassword.js
new file mode 100644
index 0000000..7fbcf0f
--- /dev/null
+++ b/assets/js/cigpassword.js
@@ -0,0 +1,28 @@
+function hexToBytes(hex) {
+ let bytes = new Uint8Array(hex.length / 2);
+ for (let i = 0; i < hex.length; i += 2) {
+ bytes[i / 2] = parseInt(hex.substr(i, 2), 16);
+ }
+ return bytes;
+}
+
+function cigpassword_gpon(ont_serial, ont_user) {
+ const hardcoded_key = '01030a1013051764c8061419b49d0500';
+ const hardcoded_seed = '2345679abcdefghijkmnpqrstuvwxyzACDEFGHJKLMNPQRSTUVWXYZ';
+
+ let ont_vendor = ont_serial.substring(0, 4).toUpperCase();
+ let ont_id = ont_serial.substring(4).toLowerCase();
+ let formatted_serial = `${ont_vendor}${ont_id}`;
+
+ let key_bytes = CryptoJS.enc.Hex.parse(hardcoded_key);
+ let hmac = CryptoJS.HmacMD5(`${formatted_serial}-${ont_user}`, key_bytes);
+ let pw_md5_hmac = hexToBytes(hmac.toString(CryptoJS.enc.Hex));
+
+ let output = Array(pw_md5_hmac.length);
+
+ for (let i = 0; i < pw_md5_hmac.length; i++) {
+ output[i] = hardcoded_seed[pw_md5_hmac[i] % 0x36];
+ }
+
+ return output.join('');
+}