From e9631169a21a4bda05ca026fcbde2c6ce8646a38 Mon Sep 17 00:00:00 2001 From: Stricted Date: Sun, 26 Jul 2015 23:08:03 +0200 Subject: [PATCH] cleanup --- CryptLib.class.php | 63 ++++++++ Login.class.php | 213 +++++++++++++++++++++++++++ SpeedportHybrid.class.php | 297 +------------------------------------- System.class.php | 28 ++++ 4 files changed, 312 insertions(+), 289 deletions(-) create mode 100644 CryptLib.class.php create mode 100644 Login.class.php diff --git a/CryptLib.class.php b/CryptLib.class.php new file mode 100644 index 0000000..ce32bb7 --- /dev/null +++ b/CryptLib.class.php @@ -0,0 +1,63 @@ + + * @copyright 2015 Jan Altensen (Stricted) + */ +trait CryptLib { + /** + * sends the encrypted request to router + * + * @param string $path + * @param mixed $fields + * @param string $cookie + * @return array + */ + private function sentEncryptedRequest ($path, $fields, $cookie = false) { + $count = count($fields); + $fields = $this->encrypt(http_build_query($fields)); + return $this->sentRequest($path, $fields, $cookie, $count); + } + + /** + * decrypt data from router + * + * @param string $data + * @return array + */ + private function decrypt ($data) { + $iv = hex2bin(substr($this->challenge, 16, 16)); + $adata = hex2bin(substr($this->challenge, 32, 16)); + $key = hex2bin($this->derivedk); + $enc = hex2bin($data); + + $factory = new CryptLib\Cipher\Factory(); + $aes = $factory->getBlockCipher('rijndael-128'); + $aes->setKey($key); + $mode = $factory->getMode('ccm', $aes, $iv, [ 'adata' => $adata, 'lSize' => 7]); + + $mode->decrypt($enc); + + return $mode->finish(); + } + + /** + * decrypt data for the router + * + * @param string $data + * @return string + */ + private function encrypt ($data) { + $iv = hex2bin(substr($this->challenge, 16, 16)); + $adata = hex2bin(substr($this->challenge, 32, 16)); + $key = hex2bin($this->derivedk); + + $factory = new CryptLib\Cipher\Factory(); + $aes = $factory->getBlockCipher('rijndael-128'); + $aes->setKey($key); + $mode = $factory->getMode('ccm', $aes, $iv, [ 'adata' => $adata, 'lSize' => 7]); + $mode->encrypt($data); + + return bin2hex($mode->finish()); + } +} diff --git a/Login.class.php b/Login.class.php new file mode 100644 index 0000000..d03b94a --- /dev/null +++ b/Login.class.php @@ -0,0 +1,213 @@ + + * @copyright 2015 Jan Altensen (Stricted) + */ +trait Login { + /** + * password-challenge + * @var string + */ + private $challenge = ''; + + /** + * csrf_token + * @var string + */ + private $token = ''; + + /** + * hashed password + * @var string + */ + private $hash = ''; + + /** + * session cookie + * @var string + */ + private $cookie = ''; + + /** + * derivedk cookie + * @var string + */ + private $derivedk = ''; + + /** + * login into the router with the given password + * + * @param string $password + * @return boolean + */ + public function login ($password) { + $this->challenge = $this->getChallenge(); + + $path = 'data/Login.json'; + $this->hash = hash('sha256', $this->challenge.':'.$password); + $fields = array('csrf_token' => 'nulltoken', 'showpw' => 0, 'password' => $this->hash); + $data = $this->sentRequest($path, $fields); + $json = $this->getValues($data['body']); + + if (isset($json['login']) && $json['login'] == 'success') { + $this->cookie = $this->getCookie($data); + + $this->derivedk = $this->getDerviedk($password); + + // get the csrf_token + $this->token = $this->getToken(); + + if ($this->checkLogin(false) === true) { + return true; + } + } + + return false; + } + + /** + * Requests the password-challenge from the router. + */ + private function getChallenge () { + $path = 'data/Login.json'; + $fields = array('csrf_token' => 'nulltoken', 'showpw' => 0, 'challengev' => 'null'); + $data = $this->sentRequest($path, $fields); + $data = $this->getValues($data['body']); + + if (isset($data['challengev']) && !empty($data['challengev'])) { + return $data['challengev']; + } + else { + throw new RouterException('unable to get the challenge from the router'); + } + } + + /** + * check if we are logged in + * + * @param boolean $exception + * @return boolean + */ + public function checkLogin ($exception = true) { + // check if challenge or session is empty + if (empty($this->challenge) || empty($this->cookie)) { + if ($exception === true) { + throw new RouterException('you musst be logged in to use this method'); + } + + return false; + } + + $path = 'data/SecureStatus.json'; + $fields = array(); + $data = $this->sentRequest($path, $fields, true); + $data = $this->getValues($data['body']); + + if ($data['loginstate'] != 1) { + if ($exception === true) { + throw new RouterException('you musst be logged in to use this method'); + } + + return false; + } + + return true; + } + + /** + * logout + * + * @return boolean + */ + public function logout () { + $this->checkLogin(); + + $path = 'data/Login.json'; + $fields = array('csrf_token' => $this->token, 'logout' => 'byby'); + $data = $this->sentRequest($path, $fields, true); + $data = $this->getValues($data['body']); + if ((isset($data['status']) && $data['status'] == 'ok') && $this->checkLogin(false) === false) { + // reset challenge and session + $this->challenge = ''; + $this->cookie = ''; + $this->token = ''; + $this->derivedk = ''; + + return true; + } + + return false; + } + + /** + * get the csrf_token + * + * @return string + */ + private function getToken () { + $this->checkLogin(); + + $path = 'html/content/overview/index.html'; + $fields = array(); + $data = $this->sentRequest($path, $fields, true); + + $a = explode('csrf_token = "', $data['body']); + $a = explode('";', $a[1]); + + if (isset($a[0]) && !empty($a[0])) { + return $a[0]; + } + else { + throw new RouterException('unable to get csrf_token'); + } + } + + /** + * calculate the derivedk + * + * @param string $password + * @return string + */ + private function getDerviedk ($password) { + $derivedk = ''; + + // calculate derivedk + if (!function_exists('hash_pbkdf2')) { + $pbkdf2 = new CryptLib\Key\Derivation\PBKDF\PBKDF2(array('hash' => 'sha1')); + $derivedk = bin2hex($pbkdf2->derive(hash('sha256', $password), substr($this->challenge, 0, 16), 1000, 32)); + $derivedk = substr($derivedk, 0, 32); + } + else { + $derivedk = hash_pbkdf2('sha1', hash('sha256', $password), substr($this->challenge, 0, 16), 1000, 32); + } + + if (empty($derivedk)) { + throw new RouterException('unable to calculate derivedk'); + } + + return $derivedk; + } + + /** + * get cookie from header data + * + * @param array $data + * @return string + */ + private function getCookie ($data) { + $cookie = ''; + if (isset($data['header']['Set-Cookie']) && !empty($data['header']['Set-Cookie'])) { + preg_match('/^.*(SessionID_R3=[a-z0-9]*).*/i', $data['header']['Set-Cookie'], $match); + if (isset($match[1]) && !empty($match[1])) { + $cookie = $match[1]; + } + } + + if (empty($cookie)) { + throw new RouterException('unable to get the session cookie from the router'); + } + + return $cookie; + } +} diff --git a/SpeedportHybrid.class.php b/SpeedportHybrid.class.php index 892355a..8cd5965 100644 --- a/SpeedportHybrid.class.php +++ b/SpeedportHybrid.class.php @@ -3,6 +3,8 @@ require_once('RebootException.class.php'); require_once('RouterException.class.php'); require_once('CryptLib/CryptLib.php'); require_once('Connection.class.php'); +require_once('CryptLib.class.php'); +require_once('Login.class.php'); require_once('Phone.class.php'); require_once('System.class.php'); @@ -13,6 +15,8 @@ require_once('System.class.php'); */ class SpeedportHybrid { use Connection; + use CryptLib; + use Login; use Phone; use System; @@ -20,31 +24,7 @@ class SpeedportHybrid { * class version * @const string */ - const VERSION = '1.0.3'; - - /** - * password-challenge - * @var string - */ - private $challenge = ''; - - /** - * csrf_token - * @var string - */ - private $token = ''; - - /** - * hashed password - * @var string - */ - private $hash = ''; - - /** - * session cookie - * @var string - */ - private $cookie = ''; + const VERSION = '1.0.4'; /** * router url @@ -53,190 +33,14 @@ class SpeedportHybrid { private $url = ''; /** - * derivedk cookie - * @var string + * inititalize this class + * + * @param string $url */ - private $derivedk = ''; - public function __construct ($url = 'http://speedport.ip/') { $this->url = $url; } - /** - * Requests the password-challenge from the router. - */ - private function getChallenge () { - $path = 'data/Login.json'; - $fields = array('csrf_token' => 'nulltoken', 'showpw' => 0, 'challengev' => 'null'); - $data = $this->sentRequest($path, $fields); - $data = $this->getValues($data['body']); - - if (isset($data['challengev']) && !empty($data['challengev'])) { - return $data['challengev']; - } - else { - throw new RouterException('unable to get the challenge from the router'); - } - } - - /** - * login into the router with the given password - * - * @param string $password - * @return boolean - */ - public function login ($password) { - $this->challenge = $this->getChallenge(); - - $path = 'data/Login.json'; - $this->hash = hash('sha256', $this->challenge.':'.$password); - $fields = array('csrf_token' => 'nulltoken', 'showpw' => 0, 'password' => $this->hash); - $data = $this->sentRequest($path, $fields); - $json = $this->getValues($data['body']); - - if (isset($json['login']) && $json['login'] == 'success') { - $this->cookie = $this->getCookie($data); - - $this->derivedk = $this->getDerviedk($password); - - // get the csrf_token - $this->token = $this->getToken(); - - if ($this->checkLogin(false) === true) { - return true; - } - } - - return false; - } - - /** - * check if we are logged in - * - * @param boolean $exception - * @return boolean - */ - public function checkLogin ($exception = true) { - // check if challenge or session is empty - if (empty($this->challenge) || empty($this->cookie)) { - if ($exception === true) { - throw new RouterException('you musst be logged in to use this method'); - } - - return false; - } - - $path = 'data/SecureStatus.json'; - $fields = array(); - $data = $this->sentRequest($path, $fields, true); - $data = $this->getValues($data['body']); - - if ($data['loginstate'] != 1) { - if ($exception === true) { - throw new RouterException('you musst be logged in to use this method'); - } - - return false; - } - - return true; - } - - /** - * logout - * - * @return boolean - */ - public function logout () { - $this->checkLogin(); - - $path = 'data/Login.json'; - $fields = array('csrf_token' => $this->token, 'logout' => 'byby'); - $data = $this->sentRequest($path, $fields, true); - $data = $this->getValues($data['body']); - if ((isset($data['status']) && $data['status'] == 'ok') && $this->checkLogin(false) === false) { - // reset challenge and session - $this->challenge = ''; - $this->cookie = ''; - $this->token = ''; - $this->derivedk = ''; - - return true; - } - - return false; - } - - /** - * reboot the router - * - * @return boolean - */ - public function reboot () { - $this->checkLogin(); - - $path = 'data/Reboot.json'; - $fields = array('csrf_token' => $this->token, 'reboot_device' => 'true'); - $data = $this->sentEncryptedRequest($path, $fields, true); - $data = $this->getValues($data['body']); - - if ($data['status'] == 'ok') { - // reset challenge and session - $this->challenge = ''; - $this->cookie = ''; - $this->token = ''; - $this->derivedk = ''; - - // throw an exception because router is unavailable for other tasks - // like $this->logout() or $this->checkLogin - throw new RebootException('Router Reboot'); - } - - return false; - } - - /** - * decrypt data from router - * - * @param string $data - * @return array - */ - private function decrypt ($data) { - $iv = hex2bin(substr($this->challenge, 16, 16)); - $adata = hex2bin(substr($this->challenge, 32, 16)); - $key = hex2bin($this->derivedk); - $enc = hex2bin($data); - - $factory = new CryptLib\Cipher\Factory(); - $aes = $factory->getBlockCipher('rijndael-128'); - $aes->setKey($key); - $mode = $factory->getMode('ccm', $aes, $iv, [ 'adata' => $adata, 'lSize' => 7]); - - $mode->decrypt($enc); - - return $mode->finish(); - } - - /** - * decrypt data for the router - * - * @param string $data - * @return string - */ - private function encrypt ($data) { - $iv = hex2bin(substr($this->challenge, 16, 16)); - $adata = hex2bin(substr($this->challenge, 32, 16)); - $key = hex2bin($this->derivedk); - - $factory = new CryptLib\Cipher\Factory(); - $aes = $factory->getBlockCipher('rijndael-128'); - $aes->setKey($key); - $mode = $factory->getMode('ccm', $aes, $iv, [ 'adata' => $adata, 'lSize' => 7]); - $mode->encrypt($data); - - return bin2hex($mode->finish()); - } - /** * get the values from array * @@ -269,20 +73,6 @@ class SpeedportHybrid { return $data; } - /** - * sends the encrypted request to router - * - * @param string $path - * @param mixed $fields - * @param string $cookie - * @return array - */ - private function sentEncryptedRequest ($path, $fields, $cookie = false) { - $count = count($fields); - $fields = $this->encrypt(http_build_query($fields)); - return $this->sentRequest($path, $fields, $cookie, $count); - } - /** * sends the request to router * @@ -346,77 +136,6 @@ class SpeedportHybrid { return array('header' => $this->parse_headers($header), 'body' => $body); } - /** - * get the csrf_token - * - * @return string - */ - private function getToken () { - $this->checkLogin(); - - $path = 'html/content/overview/index.html'; - $fields = array(); - $data = $this->sentRequest($path, $fields, true); - - $a = explode('csrf_token = "', $data['body']); - $a = explode('";', $a[1]); - - if (isset($a[0]) && !empty($a[0])) { - return $a[0]; - } - else { - throw new RouterException('unable to get csrf_token'); - } - } - - /** - * calculate the derivedk - * - * @param string $password - * @return string - */ - private function getDerviedk ($password) { - $derivedk = ''; - - // calculate derivedk - if (!function_exists('hash_pbkdf2')) { - $pbkdf2 = new CryptLib\Key\Derivation\PBKDF\PBKDF2(array('hash' => 'sha1')); - $derivedk = bin2hex($pbkdf2->derive(hash('sha256', $password), substr($this->challenge, 0, 16), 1000, 32)); - $derivedk = substr($derivedk, 0, 32); - } - else { - $derivedk = hash_pbkdf2('sha1', hash('sha256', $password), substr($this->challenge, 0, 16), 1000, 32); - } - - if (empty($derivedk)) { - throw new RouterException('unable to calculate derivedk'); - } - - return $derivedk; - } - - /** - * get cookie from header data - * - * @param array $data - * @return string - */ - private function getCookie ($data) { - $cookie = ''; - if (isset($data['header']['Set-Cookie']) && !empty($data['header']['Set-Cookie'])) { - preg_match('/^.*(SessionID_R3=[a-z0-9]*).*/i', $data['header']['Set-Cookie'], $match); - if (isset($match[1]) && !empty($match[1])) { - $cookie = $match[1]; - } - } - - if (empty($cookie)) { - throw new RouterException('unable to get the session cookie from the router'); - } - - return $cookie; - } - /** * parse the curl return header into an array * diff --git a/System.class.php b/System.class.php index b7f304a..4bf7a27 100644 --- a/System.class.php +++ b/System.class.php @@ -81,4 +81,32 @@ trait System { return $data['body']; } + + /** + * reboot the router + * + * @return boolean + */ + public function reboot () { + $this->checkLogin(); + + $path = 'data/Reboot.json'; + $fields = array('csrf_token' => $this->token, 'reboot_device' => 'true'); + $data = $this->sentEncryptedRequest($path, $fields, true); + $data = $this->getValues($data['body']); + + if ($data['status'] == 'ok') { + // reset challenge and session + $this->challenge = ''; + $this->cookie = ''; + $this->token = ''; + $this->derivedk = ''; + + // throw an exception because router is unavailable for other tasks + // like $this->logout() or $this->checkLogin + throw new RebootException('Router Reboot'); + } + + return false; + } } -- 2.20.1