Working test api (wifi mode), firmware download, key extractor
commit
181a3b0fd3
@ -0,0 +1,7 @@
|
||||
*.bin
|
||||
firmware/
|
||||
firmware/*
|
||||
*.csv
|
||||
listing.txt
|
||||
*.pyc
|
||||
__pycache__
|
@ -0,0 +1,24 @@
|
||||
import requests
|
||||
|
||||
def call_api(api_url, method, params):
|
||||
"""
|
||||
Function to make an API call.
|
||||
|
||||
Parameters:
|
||||
- api_url (str): The URL of the API endpoint.
|
||||
- method (str): The HTTP method to use ('POST' or 'GET').
|
||||
- params (dict): Dictionary of parameters.
|
||||
|
||||
Returns:
|
||||
- response: The response from the API call.
|
||||
"""
|
||||
|
||||
print("Calling API",api_url,"with method",method,"and parameters",params)
|
||||
if method.upper() == 'POST':
|
||||
response = requests.post(api_url, data=params, verify=False)
|
||||
elif method.upper() == 'GET':
|
||||
response = requests.get(api_url, params=params, verify=False)
|
||||
else:
|
||||
raise ValueError("Method must be 'POST' or 'GET'")
|
||||
|
||||
return response
|
@ -0,0 +1,3 @@
|
||||
#!/bin/sh
|
||||
|
||||
rm -rfv firmware *.bin* fwname listing.txt
|
@ -0,0 +1,2 @@
|
||||
tool_directory: ./firmware/www/tool/
|
||||
app_config_directory: .
|
@ -0,0 +1,27 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Firmware downloader
|
||||
|
||||
DEVICE=NE1D
|
||||
SERIAL=1133001
|
||||
VERSION=194
|
||||
|
||||
BASEURL=https://updates.netool.io/bin/
|
||||
|
||||
|
||||
wget -O listing.txt $BASEURL
|
||||
|
||||
filename=$DEVICE-$VERSION-UP-$SERIAL.bin
|
||||
rm *.bin*
|
||||
if cat listing.txt | grep $filename && wget $BASEURL$filename; then
|
||||
# exact version match
|
||||
echo $filename > fwname
|
||||
else
|
||||
filename=$DEVICE-$VERSION-UP-1133333.bin
|
||||
if cat listing.txt | grep $filename && wget $BASEURL$filename; then
|
||||
echo $filename > fwname
|
||||
else
|
||||
echo "ERROR: Unable to find firmware!"
|
||||
rm fwname
|
||||
fi
|
||||
fi
|
@ -0,0 +1,21 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Define the paths to the SquashFS images
|
||||
IMAGE="$1"
|
||||
|
||||
echo $IMAGE
|
||||
|
||||
# Define the mount points
|
||||
MOUNTPOINT="./firmware"
|
||||
|
||||
# Create the mount points if they don't exist
|
||||
mkdir -p $MOUNTPOINT
|
||||
|
||||
# Mount the SquashFS images
|
||||
7z x -o$MOUNTPOINT $IMAGE
|
||||
|
||||
# Perform the diff and show only the differences
|
||||
#diff --no-dereference -r $MOUNTPOINT
|
||||
|
||||
# Remove the mount points
|
||||
#rm -rf $MOUNTPOINT
|
@ -0,0 +1,94 @@
|
||||
import yaml
|
||||
import os
|
||||
import re
|
||||
|
||||
def read_php_files(input, output):
|
||||
# Load the directory path from the YAML file
|
||||
|
||||
search_list=['sec', 'code', 'id', 'post_key', 'pass', 'key'] # why is there so many?
|
||||
param_list=['POST','GET','DELETE','PUT'] # so far looks like only POST and GET, include the others just in case
|
||||
directory_path = input
|
||||
|
||||
# Check if the directory exists
|
||||
if not os.path.isdir(directory_path):
|
||||
print(f"The directory {directory_path} does not exist.")
|
||||
return
|
||||
|
||||
# List all .php files in the directory
|
||||
php_files = [f for f in os.listdir(directory_path) if f.endswith('.php')]
|
||||
if not php_files:
|
||||
print("No PHP files found in the directory.")
|
||||
return
|
||||
|
||||
out = ""
|
||||
# Process each .php file
|
||||
for filename in php_files:
|
||||
file_path = os.path.join(directory_path, filename)
|
||||
with open(file_path, 'r', encoding='utf-8') as file:
|
||||
contents = file.read()
|
||||
add = filename
|
||||
found_params = []
|
||||
for paramtype in param_list:
|
||||
for match in re.finditer("_" + paramtype, contents):
|
||||
start_line = contents.rfind('\n', 0, match.start()) + 1
|
||||
end_line = contents.find('\n', match.end(), -1)
|
||||
line = contents[start_line:end_line]
|
||||
if "[" in line and "]" in line:
|
||||
quoted_strings = re.findall(r'["\'](.*?)["\']', line)
|
||||
if len(quoted_strings) == 1:
|
||||
found_params.append((quoted_strings[0], line[line.find("$")+1:line.find('=')].strip()))
|
||||
add += ",PARAM:," + quoted_strings[0] + "," + paramtype
|
||||
|
||||
for codetype in search_list:
|
||||
for match in re.finditer("\$" + codetype, contents):
|
||||
# Extract the line containing the matched string
|
||||
start_line = contents.rfind('\n', 0, match.start()) + 1
|
||||
end_line = contents.find('\n', match.end(), -1)
|
||||
line = contents[start_line:end_line]
|
||||
|
||||
if '==' in line and not "POST" in line and not "GET" in line:
|
||||
#print(line)
|
||||
quoted_strings = re.findall(r'["\'](.*?)["\']', line)
|
||||
if len(quoted_strings) == 1:
|
||||
if codetype not in [x[0] for x in found_params]:
|
||||
# non-matching variable & key!
|
||||
found = False
|
||||
for val in found_params:
|
||||
if codetype == val[1]:
|
||||
found = True
|
||||
codetype2 = val[0]
|
||||
print("NOTE: Alternate parameter variable used!", codetype, "-->", codetype2, "in file", filename)
|
||||
add += ",KEY:," + codetype2 + "," + quoted_strings[0]
|
||||
break
|
||||
if not found:
|
||||
print("WARNING: No matching parameter variable found!" , codetype, "--> ??? in file", filename)
|
||||
add += ",KEY:," + codetype + "," + quoted_strings[0]
|
||||
|
||||
else:
|
||||
add += ",KEY:," + codetype + "," + quoted_strings[0]
|
||||
|
||||
|
||||
|
||||
if add == filename:
|
||||
out += add + ",null"
|
||||
else:
|
||||
out += add
|
||||
out += "\n"
|
||||
|
||||
print(out)
|
||||
|
||||
with open(output + "/apidetails.csv", 'w', encoding='utf-8') as file:
|
||||
# Write the string to the file
|
||||
file.write(out)
|
||||
|
||||
|
||||
|
||||
# Example usage
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
with open('config.yml', 'r') as file:
|
||||
config = yaml.safe_load(file)
|
||||
directory_path = config['tool_directory']
|
||||
output_path = config['app_config_directory']
|
||||
read_php_files(directory_path, output_path)
|
@ -0,0 +1,52 @@
|
||||
from call_api import call_api
|
||||
from read_api_details import parse_csv_to_dict
|
||||
import json
|
||||
|
||||
def main():
|
||||
base_url = "https://192.168.49.1/tool/" # Replace with your actual base URL
|
||||
details = parse_csv_to_dict("apidetails.csv")
|
||||
print(details.keys())
|
||||
# Prompt the user for the API call
|
||||
api_call = input("Enter the API call (e.g., about.php): ").strip()
|
||||
full_url = base_url + api_call
|
||||
print(details[api_call])
|
||||
# Prompt the user for the method
|
||||
method = input("Enter the HTTP method (POST/GET): ").strip().upper()
|
||||
auto_include = []
|
||||
if 'PARAM' in details[api_call]:
|
||||
for param, val in details[api_call]["PARAM"].items():
|
||||
# print(param, val)
|
||||
if val == method:
|
||||
print(param, end="")
|
||||
if 'KEY' in details[api_call]:
|
||||
for keyname, key in details[api_call]["KEY"].items():
|
||||
if keyname == param:
|
||||
print("=" + key, end="")
|
||||
auto_include.append((keyname, key))
|
||||
print("")
|
||||
|
||||
|
||||
# Prompt the user for parameters
|
||||
params = {}
|
||||
while True:
|
||||
param_name = input("Enter parameter name (or press enter to finish): ").strip()
|
||||
if param_name == "":
|
||||
break
|
||||
param_value = input(f"Enter value for '{param_name}': ").strip()
|
||||
params[param_name] = param_value
|
||||
|
||||
for param in auto_include:
|
||||
params[param[0]] = param[1]
|
||||
# Call the API
|
||||
try:
|
||||
response = call_api(full_url, method, params)
|
||||
print("Response Status Code:", response.status_code)
|
||||
try:
|
||||
print("Response JSON:", json.dumps(response.json(), indent=2))
|
||||
except ValueError:
|
||||
print("Response Text:", response.text)
|
||||
except Exception as e:
|
||||
print("Error:", str(e))
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
@ -0,0 +1,55 @@
|
||||
import csv
|
||||
|
||||
def parse_csv_to_dict(csv_file_path):
|
||||
"""
|
||||
Parses a CSV file into a dictionary.
|
||||
|
||||
Parameters:
|
||||
- csv_file_path (str): The path to the CSV file.
|
||||
|
||||
Returns:
|
||||
- dict: A dictionary representation of the CSV file.
|
||||
"""
|
||||
parsed_dict = {}
|
||||
|
||||
with open(csv_file_path, mode='r', newline='', encoding='utf-8') as csvfile:
|
||||
reader = csv.reader(csvfile)
|
||||
for row in reader:
|
||||
if len(row) < 2:
|
||||
continue # Skip rows that do not have at least two columns
|
||||
name = row[0].strip()
|
||||
if name not in parsed_dict:
|
||||
parsed_dict[name] = {}
|
||||
|
||||
index = 1
|
||||
while index < len(row):
|
||||
field_type = row[index].strip() if len(row) > index else None
|
||||
#print(field_type, end=" ")
|
||||
if not field_type:
|
||||
break # End of relevant columns for this row
|
||||
|
||||
if field_type in ('KEY:', 'PARAM:') and len(row) > index + 2:
|
||||
key_or_param_name = row[index + 1].strip()
|
||||
key_or_param_value = row[index + 2].strip()
|
||||
|
||||
if field_type == 'KEY:':
|
||||
if 'KEY' not in parsed_dict[name]:
|
||||
parsed_dict[name]['KEY'] = {}
|
||||
parsed_dict[name]['KEY'][key_or_param_name] = key_or_param_value
|
||||
elif field_type == 'PARAM:':
|
||||
if 'PARAM' not in parsed_dict[name]:
|
||||
parsed_dict[name]['PARAM'] = {}
|
||||
parsed_dict[name]['PARAM'][key_or_param_name] = key_or_param_value
|
||||
|
||||
index += 3
|
||||
#print("")
|
||||
# If no valid field_type was found, set the entry to None
|
||||
if name not in parsed_dict:
|
||||
parsed_dict[name] = None
|
||||
|
||||
return parsed_dict
|
||||
|
||||
if __name__ == "__main__":
|
||||
csv_file_path = 'apidetails.csv'
|
||||
result = parse_csv_to_dict(csv_file_path)
|
||||
print(result)
|
@ -0,0 +1,15 @@
|
||||
#!/bin/sh
|
||||
|
||||
if ! [ -e apidetails.csv ]; then
|
||||
|
||||
./download-fw.sh
|
||||
./extract.sh $(cat fwname)
|
||||
DIR=./firmware/www/tool/
|
||||
|
||||
echo "tool_directory: $DIR
|
||||
app_config_directory: ." > config.yml
|
||||
|
||||
python get_codes.py
|
||||
|
||||
./cleanup.sh
|
||||
fi
|
Loading…
Reference in New Issue