Merge pull request #371 from hack-gpon/Erny-cig-password

simonebortolin · web-flow · commit 252c15cf9ba8 · 2024-10-19T22:01:27.000+02:00
Move CIG GPON password generator to frontend
diff --git a/_includes/cig_password.html b/_includes/cig_password.html
@@ -20,19 +20,17 @@
             <label for="result" class="form-label">Password</label>
         </div>
     </form>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.2.0/crypto-js.min.js"></script>
+    <script type="text/javascript" src="/assets/js/cigpassword.js"></script>
     <script>
         var cigPassword = document.getElementById('cig-password');
         cigPassword.addEventListener('submit', (event) => {
             event.preventDefault();
             if (!cigPassword.checkValidity()) {
                 event.preventDefault();
             } else {
-                const data = new URLSearchParams(new FormData(cigPassword));
-                var url = new URL("https://cigpassword.hack-gpon.org/");
-                url.search = data.toString();
-                fetch(url, {mode: 'cors'}).then(response => response.json()).then(json => document.getElementById('result').value = json.password).catch((error) => {
-                    document.getElementById('result').value = "Error!"
-                });
+                const data = new FormData(cigPassword);
+                document.getElementById('result').value = cigpassword_gpon(data.get("serial"), data.get("username"));
             }
             [...cigPassword.elements].map(e => e.parentNode).forEach(e => e.classList.toggle('was-validated', true));
         });
diff --git a/assets/js/cigpassword.js b/assets/js/cigpassword.js
@@ -0,0 +1,28 @@
+function hexToBytes(hex) {
+    let bytes = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < hex.length; i += 2) {
+        bytes[i / 2] = parseInt(hex.substr(i, 2), 16);
+    }
+    return bytes;
+}
+
+function cigpassword_gpon(ont_serial, ont_user) {
+    const hardcoded_key = '01030a1013051764c8061419b49d0500';
+    const hardcoded_seed = '2345679abcdefghijkmnpqrstuvwxyzACDEFGHJKLMNPQRSTUVWXYZ';
+
+    let ont_vendor = ont_serial.substring(0, 4).toUpperCase();
+    let ont_id = ont_serial.substring(4).toLowerCase();
+    let formatted_serial = `${ont_vendor}${ont_id}`;
+
+    let key_bytes = CryptoJS.enc.Hex.parse(hardcoded_key);
+    let hmac = CryptoJS.HmacMD5(`${formatted_serial}-${ont_user}`, key_bytes);
+    let pw_md5_hmac = hexToBytes(hmac.toString(CryptoJS.enc.Hex));
+
+    let output = Array(pw_md5_hmac.length);
+
+    for (let i = 0; i < pw_md5_hmac.length; i++) {
+        output[i] = hardcoded_seed[pw_md5_hmac[i] % 0x36];
+    }
+
+    return output.join('');
+}
