Read mac address and nonce key into Gateway class

4 years ago · c6b41f7605
parent 3ca22df5dd
commit c6b41f7605
2 changed files with 12 additions and 11 deletions
--- a/connect.py
+++ b/connect.py
@ -39,24 +39,17 @@ if gw.status < 1:
 dname = gw.device_name
 print("device_name =", gw.device_name)
 print("rom_version = {} {}".format(gw.rom_version, gw.rom_channel))
+print("mac = {}".format(gw.mac_address))

 if gw.ping(verbose = 0) is True:
  die(0, "Exploit already installed and running")

-try: 
-  r0 = requests.get("http://{ip_addr}/cgi-bin/luci/web".format(ip_addr = ip_addr), timeout = 4)
-except Exception:
-  die("Xiaomi Mi Wi-Fi device not found! (ip: {})".format(ip_addr))
-
-try:
-  mac = re.findall(r'deviceId = \'(.*?)\'', r0.text)[0]
-except Exception:
+if not gw.nonce_key or not gw.mac_address:
  die("Xiaomi Mi Wi-Fi device is wrong model or not the stock firmware in it.")

-key = re.findall(r'key: \'(.*)\',', r0.text)[0]
-nonce = "0_" + mac + "_" + str(int(time.time())) + "_" + str(random.randint(1000, 10000))
+nonce = "0_" + gw.mac_address + "_" + str(int(time.time())) + "_" + str(random.randint(1000, 10000))
 password = input("Enter device WEB password: ")
-account_str = (password + key).encode('utf-8')
+account_str = (password + gw.nonce_key).encode('utf-8')
 account_str = hashlib.sha1(account_str).hexdigest()
 password = (nonce + account_str).encode('utf-8')
 password = hashlib.sha1(password).hexdigest()
--- a/gateway.py
+++ b/gateway.py
@ -58,6 +58,8 @@ class Gateway():
  device_name = None
  rom_version = None
  rom_channel = None
+  mac_address = None
+  nonce_key = None
  webpassword = None
  status = -2
  ftp = None
@ -83,6 +85,8 @@ class Gateway():
    self.device_name = None
    self.rom_version = None
    self.rom_channel = None
+    self.mac_address = None
+    self.nonce_key = None
    self.status = -2
    try:
      r0 = requests.get("http://{ip_addr}/cgi-bin/luci/web".format(ip_addr = self.ip_addr), timeout = self.timeout)
@ -101,6 +105,10 @@ class Gateway():
      self.rom_version = romver.group(1).strip() if romver else None
      romchan = re.search(r'romChannel: \'(.*?)\'', r0.text)
      self.rom_channel = romchan.group(1).strip().lower() if romchan else None
+      mac_address = re.search(r'var deviceId = \'(.*?)\'', r0.text)
+      self.mac_address = mac_address.group(1) if mac_address else None
+      nonce_key = re.search(r'key: \'(.*)\',', r0.text)
+      self.nonce_key = nonce_key.group(1) if nonce_key else None
    except requests.exceptions.HTTPError as e:
      print("Http Error:", e)
    except requests.exceptions.ConnectionError as e: