aiden
/
xmir-patcher
mirror of https://github.com/openwrt-xiaomi/xmir-patcher
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Read mac address and nonce key into Gateway class

Browse Source
pull/3/head
remittor 3 years ago
parent 3ca22df5dd
commit c6b41f7605
2 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File

15
connect.py
Unescape Escape View File

@ -39,24 +39,17 @@ if gw.status < 1:
dname = gw.device_name dname = gw.device_name
print("device_name =", gw.device_name) print("device_name =", gw.device_name)
print("rom_version = {} {}".format(gw.rom_version, gw.rom_channel)) print("rom_version = {} {}".format(gw.rom_version, gw.rom_channel))
print("mac = {}".format(gw.mac_address))
if gw.ping(verbose = 0) is True: if gw.ping(verbose = 0) is True:
die(0, "Exploit already installed and running") die(0, "Exploit already installed and running")
try: if not gw.nonce_key or not gw.mac_address:
r0 = requests.get("http://{ip_addr}/cgi-bin/luci/web".format(ip_addr = ip_addr), timeout = 4)
except Exception:
die("Xiaomi Mi Wi-Fi device not found! (ip: {})".format(ip_addr))
try:
mac = re.findall(r'deviceId = \'(.*?)\'', r0.text)[0]
except Exception:
die("Xiaomi Mi Wi-Fi device is wrong model or not the stock firmware in it.") die("Xiaomi Mi Wi-Fi device is wrong model or not the stock firmware in it.")
key = re.findall(r'key: \'(.*)\',', r0.text)[0] nonce = "0_" + gw.mac_address + "_" + str(int(time.time())) + "_" + str(random.randint(1000, 10000))
nonce = "0_" + mac + "_" + str(int(time.time())) + "_" + str(random.randint(1000, 10000))
password = input("Enter device WEB password: ") password = input("Enter device WEB password: ")
account_str = (password + key).encode('utf-8') account_str = (password + gw.nonce_key).encode('utf-8')
account_str = hashlib.sha1(account_str).hexdigest() account_str = hashlib.sha1(account_str).hexdigest()
password = (nonce + account_str).encode('utf-8') password = (nonce + account_str).encode('utf-8')
password = hashlib.sha1(password).hexdigest() password = hashlib.sha1(password).hexdigest()

8
gateway.py
Unescape Escape View File

@ -58,6 +58,8 @@ class Gateway():
device_name = None device_name = None
rom_version = None rom_version = None
rom_channel = None rom_channel = None
mac_address = None
nonce_key = None
webpassword = None webpassword = None
status = -2 status = -2
ftp = None ftp = None
@ -83,6 +85,8 @@ class Gateway():
self.device_name = None self.device_name = None
self.rom_version = None self.rom_version = None
self.rom_channel = None self.rom_channel = None
self.mac_address = None
self.nonce_key = None
self.status = -2 self.status = -2
try: try:
r0 = requests.get("http://{ip_addr}/cgi-bin/luci/web".format(ip_addr = self.ip_addr), timeout = self.timeout) r0 = requests.get("http://{ip_addr}/cgi-bin/luci/web".format(ip_addr = self.ip_addr), timeout = self.timeout)
@ -101,6 +105,10 @@ class Gateway():
self.rom_version = romver.group(1).strip() if romver else None self.rom_version = romver.group(1).strip() if romver else None
romchan = re.search(r'romChannel: \'(.*?)\'', r0.text) romchan = re.search(r'romChannel: \'(.*?)\'', r0.text)
self.rom_channel = romchan.group(1).strip().lower() if romchan else None self.rom_channel = romchan.group(1).strip().lower() if romchan else None
mac_address = re.search(r'var deviceId = \'(.*?)\'', r0.text)
self.mac_address = mac_address.group(1) if mac_address else None
nonce_key = re.search(r'key: \'(.*)\',', r0.text)
self.nonce_key = nonce_key.group(1) if nonce_key else None
except requests.exceptions.HTTPError as e: except requests.exceptions.HTTPError as e:
print("Http Error:", e) print("Http Error:", e)
except requests.exceptions.ConnectionError as e: except requests.exceptions.ConnectionError as e:

Write Preview
Loading…
Cancel
Save