From 6d12741e1a149d4ccf1a0c601f5e862bff2e1ef6 Mon Sep 17 00:00:00 2001 From: "advielsack@googlemail.com" Date: Sat, 6 Apr 2013 00:10:02 +0000 Subject: [PATCH] Added Password 'encryption' according to guesses, need version verification and testing git-svn-id: http://gsconf.googlecode.com/svn/trunk@11 11042eb7-4a36-49e9-8ab2-01d26d512705 --- gs105e.c | 17 ++++++++++++----- gs105e.h | 1 + shell.c | 4 ++-- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/gs105e.c b/gs105e.c index 9f0d807..c594e86 100644 --- a/gs105e.c +++ b/gs105e.c @@ -74,6 +74,8 @@ char newPacketId() { return (char)packetId; } + + void makeHeader(unsigned int queryType) { int n; @@ -95,8 +97,10 @@ void makeHeader(unsigned int queryType) { memcpy(&gs105e_queryData[24], "\x4e\x53\x44\x50", 4); //Magic!! :-O if (settings.password != NULL && queryType == QR_EXEC) { - - addActData(GS_PASSWORD, strlen(settings.password), settings.password); + char tmpPassword[strlen(settings.password)]; + for (n = 0; n < strlen(settings.password); n++) + tmpPassword[n] = passwordSecret[n % 19] ^ settings.password[n]; + addActData(GS_PASSWORD, strlen(settings.password), tmpPassword); } @@ -382,10 +386,13 @@ int gs105e_setName(char * data) { } int gs105e_setPassword(char * data) { - makeHeader(QR_EXEC); - + int n; + makeHeader(QR_EXEC); - addActData(GS_NEWPASSWORD, strlen(data), data); + char tmpPasswd[strlen(data)]; + for (n = 0; n < strlen(data); n++) + tmpPasswd[n] = data[n] ^ passwordSecret[n % 19]; + addActData(GS_NEWPASSWORD, strlen(data), tmpPasswd); return gs105e_act(); } diff --git a/gs105e.h b/gs105e.h index f62e5e7..1430f4b 100644 --- a/gs105e.h +++ b/gs105e.h @@ -112,6 +112,7 @@ struct gs105e_discovered { struct gs105e_discovered * next; }; +static char passwordSecret[19] = "NtgrSmartSwitchRock"; struct gs105e_discovered * gs105e_devs ; diff --git a/shell.c b/shell.c index 744db98..922442e 100644 --- a/shell.c +++ b/shell.c @@ -86,8 +86,8 @@ char * copyString(char * data) { void password(void) { if (settings.password == NULL) { - printf("\033[91mWarning: As the protocol of the switch wants it that way, all configuration packets are send as broadcasts, meaning everyone on this net can sniff your password!\033[0m\n"); - settings.password = copyString(getpass("Password: ")); + printf("\033[91mWarning: As the protocol of the switch wants it that way, all configuration packets are send as broadcasts. Even though Netgear is 'encrypting' the password it, the encryption used, is one step away from plaintext.\033[0m\n"); + settings.password = copyString((char *)getpass("Password: ")); } } -- 2.39.5