起因:路由器由于长期没有登陆,所以忘记了密码…
硬件:路由器迅捷(FAST): FWR310
登录页面分析
页面极为简单,仅含登录按钮:
登录逻辑
function lgDoSub() {
var lgPwd = id("lgPwd"), /*输入的密码项*/
sessionValue = "";
var value = lgPwd.value,
result,
pos,
errorCode;
/* 检查密码 */
/* 简答检验 */
/* 发送密码数据 */
result = $.auth($.orgAuthPwd(value)); /*对密码进行简单处理并进行验证, 核心所在 !!!*/
/* 处理返回的结果 */
if (result.errorno == ENONE) {
unloadLogin();
lgPwd.value = "";
} else {
showLgError(parseInt(authInfo[1]));
}
}
主要核心:$.auth($.orgAuthPwd(value));
代码分析
this.orgAuthPwd = function (a) {
return this.securityEncode(a, "RDpbLfCPsJZ7fiv", "yLwVl0zKqws7LgKPRQ84Mdt708T1qQ3Ha7xv3H7NyU84p21BriUWBU43odz3iP4rBL3cD02KZciXTysVXiV8ngg6vL48rPJyAUw0HurW20xqxv9aYb4M9wK1Ae0wlro510qXeU07kV57fQMc8L6aLgMLwygtc0F10a0Dg70TOoouyFhdysuRMO51yY5ZlOZZLEal1h0t9YQW0Ko7oBwmCAHoic4HYbUyVeU3sfQ1xtXcPcf1aT303wAQhv66qzW")
};
this.securityEncode = function (a, b, c) {//数据处理函数
var d = "",
e,
f,
h,
m,
k = 187,
l = 187;
f = a.length;
h = b.length;
m = c.length;
e = f > h ? f : h;
for (var g = 0; g < e; g++)
l = k = 187, g >= f ? l = b.charCodeAt(g) : g >= h ? k = a.charCodeAt(g) : (k = a.charCodeAt(g), l = b.charCodeAt(g)), d += c.charAt((k ^ l) % m);
return d
};
function auth(a) {
var b = a,
c = this.domainUrl + "?code=" + TDDP_AUTH + "&asyn=0";//构造URL:http://192.168.1.1/?code=7&asyn=0
if (void 0 == a || 0 == b.length)//无密码
return this.result.errorno = EUNAUTH, this.result;
a = void 0;
this.session = this.securityEncode(authInfo[3], b, authInfo[4]);//再次调用securityEncode函数
c += "&id=" + this.encodePara(this.session);//构造URL
if (!1 == this.local || this.routerAlive)
this.externLoading(!0),
this.request(c, a, "post", this.ajaxSyn), this.externLoading(!1);//请求ok
this.parseAuthRlt();
ENONE == this.result.errorno && this.setLgPwd(b);
return this.result
};
problem:
- authInfo未知
authInfo
经过对数据进行多次测试请求后,得知authInfo为上次数据请求response中数据
代码测试
$.auth($.orgAuthPwd(pre[i]+password[j]+post[k]));