diff options
| -rw-r--r-- | _includes/cig_password.html | 10 | ||||
| -rw-r--r-- | assets/js/cigpassword.js | 28 |
2 files changed, 32 insertions, 6 deletions
diff --git a/_includes/cig_password.html b/_includes/cig_password.html index 33b24a5..5223e35 100644 --- a/_includes/cig_password.html +++ b/_includes/cig_password.html @@ -20,6 +20,8 @@ <label for="result" class="form-label">Password</label> </div> </form> + <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.2.0/crypto-js.min.js"></script> + <script type="text/javascript" src="/assets/js/cigpassword.js"></script> <script> var cigPassword = document.getElementById('cig-password'); cigPassword.addEventListener('submit', (event) => { @@ -27,12 +29,8 @@ if (!cigPassword.checkValidity()) { event.preventDefault(); } else { - const data = new URLSearchParams(new FormData(cigPassword)); - var url = new URL("https://cigpassword.hack-gpon.org/"); - url.search = data.toString(); - fetch(url, {mode: 'cors'}).then(response => response.json()).then(json => document.getElementById('result').value = json.password).catch((error) => { - document.getElementById('result').value = "Error!" - }); + const data = new FormData(cigPassword); + document.getElementById('result').value = cigpassword_gpon(data.get("serial"), data.get("username")); } [...cigPassword.elements].map(e => e.parentNode).forEach(e => e.classList.toggle('was-validated', true)); }); diff --git a/assets/js/cigpassword.js b/assets/js/cigpassword.js new file mode 100644 index 0000000..7fbcf0f --- /dev/null +++ b/assets/js/cigpassword.js @@ -0,0 +1,28 @@ +function hexToBytes(hex) { + let bytes = new Uint8Array(hex.length / 2); + for (let i = 0; i < hex.length; i += 2) { + bytes[i / 2] = parseInt(hex.substr(i, 2), 16); + } + return bytes; +} + +function cigpassword_gpon(ont_serial, ont_user) { + const hardcoded_key = '01030a1013051764c8061419b49d0500'; + const hardcoded_seed = '2345679abcdefghijkmnpqrstuvwxyzACDEFGHJKLMNPQRSTUVWXYZ'; + + let ont_vendor = ont_serial.substring(0, 4).toUpperCase(); + let ont_id = ont_serial.substring(4).toLowerCase(); + let formatted_serial = `${ont_vendor}${ont_id}`; + + let key_bytes = CryptoJS.enc.Hex.parse(hardcoded_key); + let hmac = CryptoJS.HmacMD5(`${formatted_serial}-${ont_user}`, key_bytes); + let pw_md5_hmac = hexToBytes(hmac.toString(CryptoJS.enc.Hex)); + + let output = Array(pw_md5_hmac.length); + + for (let i = 0; i < pw_md5_hmac.length; i++) { + output[i] = hardcoded_seed[pw_md5_hmac[i] % 0x36]; + } + + return output.join(''); +} |