Comments (6)
I think it should be possible to reverse the algorithm and get to the seed from the password, yes, as long as you also have the date for that password. It would have to be implemented but from a quick glance at the code I think it should be possible. Pull requests are welcome ;)
Keep in mind that this only applies to Arris modems that have a "password of the day". Other modems with a "fixed" password will not benefit from this.
from arrispwgen.
i know, just Arris modems, and i know too that is possible... i can try reversing the perl version but i am not a programmer i think is much more easy for you :D, i have a problem because i have the seed, i have the oid used for setting a oid "hex-string" value, conversing to ascii is just crap... -.- what do u think? ... and i soo soorry for my english :(
from arrispwgen.
No need to apologise for your English, I don't know where you're from but I bet I can't speak your native language as well as you speak English ;)
If you have the OID you could set the seed via SNMP - at least in theory. Converting from ASCII to HEX is easy, you can use one an online tool for that.
I added a feature-request tag to this issue and I'll try to implement the reverse algorithm but I don't know when I'll have the time for that. I'll post here again when I have some news.
from arrispwgen.
thank you.................. well i know the oid, but i can't get the seed, when i run the snmpget command i get just a big nothing ("") i looking how the system set the seed inside the nvram, i have the hexadecimal seed, i get it from a file config, i did the conversion from hexadecimal to ascii, but the word that i get is garbage, and don't work, i guess that the hexadecimal oid value in the config file its encrypted or coded. well... thank you for ur attention and i hope u have a time for reversing the algorithm and make the code :D regards...
from arrispwgen.
I have started an effort to implement a way to reverse a seed from a password but I don't think there's a way to do it efficiently.
It boils down to something like this:
I iterate over the password, one character at a time, and for each character I have to reverse the following equation from the generation algorithm (where % is the arithmetic modulus operator):
A = (X + Y) % 36
I know A but I don't know X or Y:
- A is the character from the password for the current iteration.
- Y is a value calculated for that position when the password is generated.
- X is the seed character at the same position as the position of the password character of the current iteration.
It is possible to know the value of X + Y (and even that is tricky because of the modulus) but that's useless because we need their values separately.
If there was a way to do this, the problem would be solved but as far as I can tell, the only way is by reversing the modulus, which many times has more than one possible solution and no way to know which one is the one we want.
Brute forcing is also not the answer, at least not on regular hardware. A seed consists of 10 characters from A to Z and 0 to 9, totalling 36 possibilities for each of the 10 seed characters. That means the number of possible seeds for a given password and its date is 36 to the power of ten, which is 36 billion possibilities - for each day. Unless you have a monster machine with a few powerful GPUs, it would take dozens of days, maybe even hundreds.
There might be a way around it but until I or someone comes up with it, I'm declaring this to be "impossible", sorry.
I might implement a brute forcer but I'm pretty sure it will be too slow to be usable. Perhaps if done via a GPU but I have never done something like that and have no idea where I would start. Maybe I'll give it a shot when I'm bored and want a new challenge.
from arrispwgen.
Just for fun I tried using crunch to generate all the possible seeds. It says the number of passwords is "slightly" larger than the 36 billion I mentioned before (must have been sleepy, I multiplied 36 by 10, ten times, which is obviously wrong).
$ ./crunch 10 10 ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 -o arris_seed_list.txt
Crunch will now generate the following amount of data: 40217742840692736 bytes
38354628411 MB
37455691 GB
36577 TB
35 PB
Crunch will now generate the following number of lines: 3656158440062976
lol
from arrispwgen.
Related Issues (16)
- C# Version HOT 1
- C++11 port HOT 1
- Something that may interest you. HOT 2
- Basic Android Port. HOT 4
- Seed in Hex HOT 10
- Node/npm version, usable in other software HOT 1
- Add simple local server HOT 6
- A command line version HOT 1
- Detect out-of-order dates in the CLI version HOT 6
- Router Arris 1692A HOT 8
- Any news with the encription key? HOT 2
- Possible to decrypt the des encoded Seed? HOT 1
- DES encoded HOT 1
- Won't accept seed length less than 8 characters HOT 1
- npm install fail HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from arrispwgen.