Merge pull request #400 from reaae4/patch-1

Add support for xgspon to cigpassword_gpon

Author: simonebortolin

_includes/cig_password_xgspon.html

@@ -28,6 +28,8 @@
             <label for="result" class="form-label">Password</label>
         </div>
     </form>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.2.0/crypto-js.min.js"></script>
+    <script type="text/javascript" src="/assets/js/cigpassword.js"></script>
     <script>
         var cigPassword = document.getElementById('cig-password');
         cigPassword.addEventListener('submit', (event) => {
@@ -36,16 +38,10 @@
                 event.preventDefault();
             } else {
                 const data = new URLSearchParams(new FormData(cigPassword));
-                var url = new URL("https://cigpassword.hack-gpon.org/xgspon/");
-                url.search = data.toString();
-                fetch(url, {mode: 'cors'}).then(response => response.json()).then(json => {
-                    document.getElementById('result').value = json.password;
-                    document.getElementById('username').value = json.username;
-                }).catch((error) => {
-                    document.getElementById('result').value = "Error!"
-                });
+                document.getElementById('result').value = cigpassword_gpon(data.get("serial"), null, data.get("password_len"), true);
+                document.getElementById('username').value = data.get("serial");
             }
             [...cigPassword.elements].map(e => e.parentNode).forEach(e => e.classList.toggle('was-validated', true));
         });
     </script>
-</div>
+</div>

assets/js/cigpassword.js

@@ -6,16 +6,30 @@ function hexToBytes(hex) {
     return bytes;
 }
 
-function cigpassword_gpon(ont_serial, ont_user) {
+function cigpassword_gpon(ont_serial, ont_user, length = 0, xgspon = false) {
     const hardcoded_key = '01030a1013051764c8061419b49d0500';
     const hardcoded_seed = '2345679abcdefghijkmnpqrstuvwxyzACDEFGHJKLMNPQRSTUVWXYZ';
 
     let ont_vendor = ont_serial.substring(0, 4).toUpperCase();
     let ont_id = ont_serial.substring(4).toLowerCase();
+
+    if (xgspon) {
+        ont_id = ont_id.toUpperCase();
+    }
+
     let formatted_serial = `${ont_vendor}${ont_id}`;
 
-    let key_bytes = CryptoJS.enc.Hex.parse(hardcoded_key);
-    let hmac = CryptoJS.HmacMD5(`${formatted_serial}-${ont_user}`, key_bytes);
+    let key_bytes = new Uint8Array(hardcoded_key.match(/.{1,2}/g).map(byte => parseInt(byte, 16)));
+    if (length > 0) {
+        key_bytes[15] = length;
+    }
+
+    let formatted_serial_user = formatted_serial;
+    if (ont_user) {
+        formatted_serial_user += `-${ont_user}`;
+    }
+
+    let hmac = CryptoJS.HmacMD5(formatted_serial_user, CryptoJS.lib.WordArray.create(key_bytes));
     let pw_md5_hmac = hexToBytes(hmac.toString(CryptoJS.enc.Hex));
 
     let output = Array(pw_md5_hmac.length);
@@ -24,5 +38,9 @@ function cigpassword_gpon(ont_serial, ont_user) {
         output[i] = hardcoded_seed[pw_md5_hmac[i] % 0x36];
     }
 
-    return output.join('');
+    if (length > 0) {
+        return output.slice(0, length).join('');
+    } else {
+        return output.join('');
+    }
 }