2 require_once('RebootException.class.php');
3 require_once('RouterException.class.php');
4 require_once('CryptLib/CryptLib.php');
7 * @author Jan Altensen (Stricted)
8 * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
9 * @copyright 2015 Jan Altensen (Stricted)
11 class SpeedportHybrid
{
16 const VERSION
= '1.0.3';
22 private $challenge = '';
52 private $derivedk = '';
54 public function __construct ($url = 'http://speedport.ip/') {
59 * Requests the password-challenge from the router.
61 private function getChallenge () {
62 $path = 'data/Login.json';
63 $fields = array('csrf_token' => 'nulltoken', 'showpw' => 0, 'challengev' => 'null');
64 $data = $this->sentRequest($path, $fields);
65 $data = $this->getValues($data['body']);
67 if (isset($data['challengev']) && !empty($data['challengev'])) {
68 return $data['challengev'];
71 throw new RouterException('unable to get the challenge from the router');
76 * login into the router with the given password
78 * @param string $password
81 public function login ($password) {
82 $this->challenge
= $this->getChallenge();
84 $path = 'data/Login.json';
85 $this->hash
= hash('sha256', $this->challenge
.':'.$password);
86 $fields = array('csrf_token' => 'nulltoken', 'showpw' => 0, 'password' => $this->hash
);
87 $data = $this->sentRequest($path, $fields);
88 $json = $this->getValues($data['body']);
90 if (isset($json['login']) && $json['login'] == 'success') {
91 $this->cookie
= $this->getCookie($data);
93 $this->derivedk
= $this->getDerviedk($password);
96 $this->token
= $this->getToken();
98 if ($this->checkLogin(false) === true) {
107 * check if we are logged in
109 * @param boolean $exception
112 public function checkLogin ($exception = true) {
113 // check if challenge or session is empty
114 if (empty($this->challenge
) ||
empty($this->cookie
)) {
115 if ($exception === true) {
116 throw new RouterException('you musst be logged in to use this method');
122 $path = 'data/SecureStatus.json';
124 $data = $this->sentRequest($path, $fields, true);
125 $data = $this->getValues($data['body']);
127 if ($data['loginstate'] != 1) {
128 if ($exception === true) {
129 throw new RouterException('you musst be logged in to use this method');
143 public function logout () {
146 $path = 'data/Login.json';
147 $fields = array('csrf_token' => $this->token
, 'logout' => 'byby');
148 $data = $this->sentRequest($path, $fields, true);
149 $data = $this->getValues($data['body']);
150 if ((isset($data['status']) && $data['status'] == 'ok') && $this->checkLogin(false) === false) {
151 // reset challenge and session
152 $this->challenge
= '';
155 $this->derivedk
= '';
168 public function reboot () {
171 $path = 'data/Reboot.json';
172 $fields = array('csrf_token' => $this->token
, 'reboot_device' => 'true');
173 $data = $this->sentEncryptedRequest($path, $fields, true);
174 $data = $this->getValues($data['body']);
176 if ($data['status'] == 'ok') {
177 // reset challenge and session
178 $this->challenge
= '';
181 $this->derivedk
= '';
183 // throw an exception because router is unavailable for other tasks
184 // like $this->logout() or $this->checkLogin
185 throw new RebootException('Router Reboot');
192 * change dsl connection status
194 * @param string $status
197 public function changeDSLStatus ($status) {
200 $path = 'data/Connect.json';
202 if ($status == 'online' ||
$status == 'offline') {
203 $fields = array('csrf_token' => 'nulltoken', 'showpw' => 0, 'password' => $this->hash
, 'req_connect' => $status);
204 $data = $this->sentRequest($path, $fields, true);
205 $data = $this->getValues($data['body']);
207 if ($data['status'] == 'ok') {
215 throw new RouterException('unknown status');
220 * change lte connection status
222 * @param string $status
225 public function changeLTEStatus ($status) {
226 throw new Exception('unstable funtion');
227 $path = 'data/Modules.json';
229 if ($status == '0' ||
$status == '1' ||
$status == 'yes' ||
$status == 'no') {
230 if ($status == 'yes') $status = '1';
231 else if ($status == 'no') $status = '0';
233 $fields = array('csrf_token' => $this->token
, 'use_lte' => $status);
234 $data = $this->sentEncryptedRequest($path, $fields, true);
240 throw new RouterException('unknown status');
245 * get phone book entrys
249 public function getPhoneBookEntrys () {
250 $data = $this->getData('PhoneBook');
251 $data = $this->getValues($data);
253 if (isset($data['addbookentry'])) {
254 return $data['addbookentry'];
262 * add Phone Book Entry
264 * @param string $name
265 * @param string $firstname
266 * @param string $private
267 * @param string $work
268 * @param string $mobile
273 public function addPhoneBookEntry ($name, $firstname, $private, $work, $mobile, $id = -1) {
276 $path = 'data/PhoneBook.json';
278 'csrf_token' => $this->getToken(),
281 'phonebook_name' => $name,
282 'phonebook_vorname' => $firstname,
283 'phonebook_number_p' => $private,
284 'phonebook_number_a' => $work,
285 'phonebook_number_m' => $mobile
288 $data = $this->sentRequest($path, $fields, true);
289 $data = $this->getValues($data['body']);
291 if ($data['status'] == 'ok') {
295 throw new RouterException('can not add/edit Phone Book Entry');
300 * edit Phone Book Entry
303 * @param string $name
304 * @param string $firstname
305 * @param string $private
306 * @param string $work
307 * @param string $mobile
311 public function changePhoneBookEntry ($id, $name, $firstname, $private, $work, $mobile) {
312 return $this->addPhoneBookEntry($name, $firstname, $private, $work, $private, $id);
316 * delete Phone Book Entry
322 public function deletePhoneBookEntry ($id) {
325 $path = 'data/PhoneBook.json';
327 'csrf_token' => $this->getToken(),
329 'deleteEntry' => 'delete'
332 $data = $this->sentRequest($path, $fields, true);
333 $data = $this->getValues($data['body']);
336 if ($data['status'] == 'ok') {
340 throw new RouterException('can not delete Phone Book Entry');
346 * get uptime based on online (connection) time
350 public function getUptime () {
351 $data = $this->getData('LAN');
352 $data = $this->getValues($data);
354 return $data['days_online'];
358 * return the given json as array
360 * @param string $file
363 public function getData ($file) {
364 if ($file != 'Status') $this->checkLogin();
366 $path = 'data/'.$file.'.json';
368 $data = $this->sentRequest($path, $fields, true);
370 return $data['body'];
374 * get the router syslog
378 public function getSyslog() {
379 $data = $this->getData('SystemMessages');
380 $data = $this->getValues($data);
382 if (isset($data['addmessage'])) {
383 return $data['addmessage'];
391 * get the Missed Calls from router
395 public function getMissedCalls() {
396 $data = $this->getData('PhoneCalls');
397 $data = $this->getValues($data);
399 if (isset($data['addmissedcalls'])) {
400 return $data['addmissedcalls'];
408 * get the Taken Calls from router
412 public function getTakenCalls() {
413 $data = $this->getData('PhoneCalls');
414 $data = $this->getValues($data);
416 if (isset($data['addtakencalls'])) {
417 return $data['addtakencalls'];
425 * get the Dialed Calls from router
429 public function getDialedCalls() {
430 $data = $this->getData('PhoneCalls');
431 $data = $this->getValues($data);
433 if (isset($data['adddialedcalls'])) {
434 return $data['adddialedcalls'];
446 public function reconnectLte () {
449 $path = 'data/modules.json';
450 $fields = array('csrf_token' => $this->token
, 'lte_reconn' => '1');
451 $data = $this->sentEncryptedRequest($path, $fields, true);
453 return $data['body'];
457 * reset the router to Factory Default
462 public function resetToFactoryDefault () {
465 $path = 'data/resetAllSetting.json';
466 $fields = array('csrf_token' => 'nulltoken', 'showpw' => 0, 'password' => $this->hash
, 'reset_all' => 'true');
467 $data = $this->sentRequest($path, $fields, true);
469 return $data['body'];
474 * check if firmware is actual
478 public function checkFirmware () {
481 $path = 'data/checkfirmware.json';
482 $fields = array('checkfirmware' => 'true');
483 $data = $this->sentRequest($path, $fields, true);
485 return $data['body'];
489 * decrypt data from router
491 * @param string $data
494 private function decrypt ($data) {
495 $iv = hex2bin(substr($this->challenge
, 16, 16));
496 $adata = hex2bin(substr($this->challenge
, 32, 16));
497 $key = hex2bin($this->derivedk
);
498 $enc = hex2bin($data);
500 $factory = new CryptLib\Cipher\
Factory();
501 $aes = $factory->getBlockCipher('rijndael-128');
503 $mode = $factory->getMode('ccm', $aes, $iv, [ 'adata' => $adata, 'lSize' => 7]);
505 $mode->decrypt($enc);
507 return $mode->finish();
511 * decrypt data for the router
513 * @param string $data
516 private function encrypt ($data) {
517 $iv = hex2bin(substr($this->challenge
, 16, 16));
518 $adata = hex2bin(substr($this->challenge
, 32, 16));
519 $key = hex2bin($this->derivedk
);
521 $factory = new CryptLib\Cipher\
Factory();
522 $aes = $factory->getBlockCipher('rijndael-128');
524 $mode = $factory->getMode('ccm', $aes, $iv, [ 'adata' => $adata, 'lSize' => 7]);
525 $mode->encrypt($data);
527 return bin2hex($mode->finish());
531 * get the values from array
533 * @param array $array
536 private function getValues($array) {
538 foreach ($array as $item) {
539 // thank you telekom for this piece of shit
540 if ($item['vartype'] == 'template') {
541 if (is_array($item['varvalue'])) {
542 $data[$item['varid']][] = $this->getValues($item['varvalue']);
545 // i dont know if we need this
546 $data[$item['varid']] = $item['varvalue'];
550 if (is_array($item['varvalue'])) {
551 $data[$item['varid']] = $this->getValues($item['varvalue']);
554 $data[$item['varid']] = $item['varvalue'];
563 * sends the encrypted request to router
565 * @param string $path
566 * @param mixed $fields
567 * @param string $cookie
570 private function sentEncryptedRequest ($path, $fields, $cookie = false) {
571 $count = count($fields);
572 $fields = $this->encrypt(http_build_query($fields));
573 return $this->sentRequest($path, $fields, $cookie, $count);
577 * sends the request to router
579 * @param string $path
580 * @param mixed $fields
581 * @param string $cookie
582 * @param integer $count
585 private function sentRequest ($path, $fields, $cookie = false, $count = 0) {
586 $url = $this->url
.$path.'?lang=en';
588 curl_setopt($ch, CURLOPT_URL
, $url);
590 if (!empty($fields)) {
591 if (is_array($fields)) {
592 curl_setopt($ch, CURLOPT_POST
, count($fields));
593 curl_setopt($ch, CURLOPT_POSTFIELDS
, http_build_query($fields));
596 curl_setopt($ch, CURLOPT_POST
, $count);
597 curl_setopt($ch, CURLOPT_POSTFIELDS
, $fields);
601 if ($cookie === true) {
602 curl_setopt($ch, CURLOPT_COOKIE
, 'challengev='.$this->challenge
.'; '.$this->cookie
);
605 curl_setopt($ch, CURLOPT_RETURNTRANSFER
, true);
606 curl_setopt($ch, CURLOPT_HEADER
, true);
608 $result = curl_exec($ch);
610 $header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE
);
611 $header = substr($result, 0, $header_size);
612 $body = substr($result, $header_size);
615 // check if response is empty
617 throw new RouterException('empty response');
620 // check if body is encrypted (hex instead of json)
621 if (ctype_xdigit($body)) {
622 $body = $this->decrypt($body);
626 $body = preg_replace("/(\r\n)|(\r)/", "\n", $body);
627 $body = preg_replace('/\'/i', '"', $body);
628 $body = preg_replace("/\[\s+\]/i", '[ {} ]', $body);
629 $body = preg_replace("/},\s+]/", "}\n]", $body);
632 if (strpos($url, '.json') !== false) {
633 $body = json_decode($body, true);
636 return array('header' => $this->parse_headers($header), 'body' => $body);
644 private function getToken () {
647 $path = 'html/content/overview/index.html';
649 $data = $this->sentRequest($path, $fields, true);
651 $a = explode('csrf_token = "', $data['body']);
652 $a = explode('";', $a[1]);
654 if (isset($a[0]) && !empty($a[0])) {
658 throw new RouterException('unable to get csrf_token');
663 * calculate the derivedk
665 * @param string $password
668 private function getDerviedk ($password) {
671 // calculate derivedk
672 if (!function_exists('hash_pbkdf2')) {
673 $pbkdf2 = new CryptLib\Key\Derivation\PBKDF\
PBKDF2(array('hash' => 'sha1'));
674 $derivedk = bin2hex($pbkdf2->derive(hash('sha256', $password), substr($this->challenge
, 0, 16), 1000, 32));
675 $derivedk = substr($derivedk, 0, 32);
678 $derivedk = hash_pbkdf2('sha1', hash('sha256', $password), substr($this->challenge
, 0, 16), 1000, 32);
681 if (empty($derivedk)) {
682 throw new RouterException('unable to calculate derivedk');
689 * get cookie from header data
694 private function getCookie ($data) {
696 if (isset($data['header']['Set-Cookie']) && !empty($data['header']['Set-Cookie'])) {
697 preg_match('/^.*(SessionID_R3=[a-z0-9]*).*/i', $data['header']['Set-Cookie'], $match);
698 if (isset($match[1]) && !empty($match[1])) {
703 if (empty($cookie)) {
704 throw new RouterException('unable to get the session cookie from the router');
711 * parse the curl return header into an array
713 * @param string $response
716 private function parse_headers($response) {
718 $header_text = substr($response, 0, strpos($response, "\r\n\r\n"));
720 $header_text = explode("\r\n", $header_text);
721 foreach ($header_text as $i => $line) {
723 $headers['http_code'] = $line;
726 list ($key, $value) = explode(': ', $line);
727 $headers[$key] = $value;