My beloved Pirelli PRGAV4202N modem died and I had to replace it with the (A1 branded) ADB VV2220 (v2/Firmware: E_9.4.1). In the past I've already created a couple of scripts to read current statistics, etc. but these are worthless now. Time for some hands-on!
So my first goal was to read the Diagnostic/Interfaces summary, but it turned out to be a little more complicated as expected, as the logon process requires some additional form fields (sha256 hash of the password, etc.) which are pre filled using javascript. In order to mimic this behaviour we first have to extract some values from the login page:
page=$(curl -v -k http://10.0.0.138/ui/login 2>&1)
nonce=$(echo "$page" | grep 'name="nonce"' | egrep -o 'value="(.*)"' | sed -n -E 's/value="(.*)"/\1/p')
code1=$(echo "$page" | grep 'name='\''code1'\''' | egrep -o 'value='\''(.*)'\''' | sed -n -E 's/value='\''(.*)'\''/\1/p')
code3=$(echo "$page" | grep 'name='\''code3'\''' | egrep -o 'value='\''(.*)'\''' | sed -n -E 's/value='\''(.*)'\''/\1/p')
So my first goal was to read the Diagnostic/Interfaces summary, but it turned out to be a little more complicated as expected, as the logon process requires some additional form fields (sha256 hash of the password, etc.) which are pre filled using javascript. In order to mimic this behaviour we first have to extract some values from the login page:
page=$(curl -v -k http://10.0.0.138/ui/login 2>&1)
nonce=$(echo "$page" | grep 'name="nonce"' | egrep -o 'value="(.*)"' | sed -n -E 's/value="(.*)"/\1/p')
code1=$(echo "$page" | grep 'name='\''code1'\''' | egrep -o 'value='\''(.*)'\''' | sed -n -E 's/value='\''(.*)'\''/\1/p')
code3=$(echo "$page" | grep 'name='\''code3'\''' | egrep -o 'value='\''(.*)'\''' | sed -n -E 's/value='\''(.*)'\''/\1/p')
Now I use the PHP function "hash_hmac" to create the sha256 hash (openssl could be used as well):
passwd=$(php -r "echo hash_hmac('sha256','Austria&Eur0','$nonce');")
passwd=$(php -r "echo hash_hmac('sha256','Austria&Eur0','$nonce');")
Using the hashed password we can now sign in and fetch the new session ID:
sid=$(curl -k -v -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "login=Login&userName=Telek0m&userPwd=$passwd&nonce=$nonce&code1=$code1&code3=$code3" http://$1/ui/login 2>&1 | grep "Set-Cookie:" | sed -n -E 's/.*Set-Cookie:.*sid=([^;]*).*/\1/p')
Using the session ID you have switch to enhanced mode first (seems to be requires as otherwise calling the diagnostics URI's ins't working), then fetch the "Diagnostic/Interfaces summary" and output it using html2text:
echo $(curl -k -v --header "Cookie: sid=$sid" "http://$1/ui/dboard?level=2")
echo "$(curl --header "Cookie: sid=$sid" "http://$1/ui/dboard/diagnostics/ifsummary?backto=diagnostics&p=1" 2>/dev/null | html2text -style pretty -o - )"
Voila here it is:
 |
| Interface summary |
I've add the complete script (output is refreshed every 5s) below and A1 users in Austria can call it (others most likely have to adjust the command line parameters):
./adbstats.sh "10.0.0.138" "Telek0m" "Austria&Eur0"
I hope this post inspired you to create some fancy scripts as well (e.g. periodic reboot, etc.) and to share them with the community.
Cheers
adbstats.sh
#!/bin/bash
page=$(curl -v -k http://$1/ui/login 2>&1)
nonce=$(echo "$page" | grep 'name="nonce"' | egrep -o 'value="(.*)"' | sed -n -E 's/value="(.*)"/\1/p')
code1=$(echo "$page" | grep 'name='\''code1'\''' | egrep -o 'value='\''(.*)'\''' | sed -n -E 's/value='\''(.*)'\''/\1/p')
code3=$(echo "$page" | grep 'name='\''code3'\''' | egrep -o 'value='\''(.*)'\''' | sed -n -E 's/value='\''(.*)'\''/\1/p')
# Use php to create hash
passwd=$(php -r "echo hash_hmac('sha256','$3','$nonce');")
sid=$(curl -k -v -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "login=Login&userName=$2&userPwd=$passwd&nonce=$nonce&code1=$code1&code3=$code3" http://$1/ui/login 2>&1 | grep "Set-Cookie:" | sed -n -E 's/.*Set-Cookie:.*sid=([^;]*).*/\1/p')
# Switch to advanced mode
echo $(curl -k -v --header "Cookie: sid=$sid" "http://$1/ui/dboard?level=2")
while true
do
clear
echo "$(curl --header "Cookie: sid=$sid" "http://$1/ui/dboard/diagnostics/ifsummary?backto=diagnostics&p=1" 2>/dev/null | html2text -style pretty -o - )"
Sleep 5
done
1 comment:
Users missing PHP can replace this using openssl (as shown on the example below):
echo $(echo -n 'Austria&Eur0' | openssl dgst -sha256 -hmac "Test123")
7f40e7952ea31895cae365039e0e06191f007c3fe6a378fe401bcb8119df7dd9
echo $(php -r "echo hash_hmac('sha256','Austria&Eur0','Test123');")
7f40e7952ea31895cae365039e0e06191f007c3fe6a378fe401bcb8119df7dd9
Cheers
≠ logic
Post a Comment