在Java中重现JavaScript路由器登录函数
我试图在路由器登录页面上模拟登录功能。该函数与一些实用程序JS脚本一起包含在登录页面上。每次加载页面时,都会包含一个新的salt,并根据输入的密码和选定的用户生成一个哈希(只有两种可能) 以下是JavaScript登录函数:在Java中重现JavaScript路由器登录函数,javascript,java,hash,login,Javascript,Java,Hash,Login,我试图在路由器登录页面上模拟登录功能。该函数与一些实用程序JS脚本一起包含在登录页面上。每次加载页面时,都会包含一个新的salt,并根据输入的密码和选定的用户生成一个哈希(只有两种可能) 以下是JavaScript登录函数: function send_login() { var salt = "8106037b"; var password = ""; if (graphic_auth == "fa
function send_login() {
var salt = "8106037b";
var password = "";
if (graphic_auth == "false") {
password = document.forms.myform.old_password.value.substr(0, 16);
document.forms.myform.old_password.value = "";
// Make sure password never gets sent as clear text
} else {
password = document.forms.myform.new_password.value.substr(0, 16);
document.forms.myform.new_password.value = "";
// Make sure password never gets sent as clear text
}
for (var i = password.length; i < 16; i++) {
password += String.fromCharCode(1); // String.fromCharCode(1) = A
}
var input = salt + password;
for (var i = input.length; i < 63; i++) {
input += String.fromCharCode(1);
}
if (graphic_auth == "false") {
input += (document.forms.myform.old_username.value == 'user') ? 'U' : String.fromCharCode(1);
} else {
input += (document.forms.myform.new_username.value == 'user') ? 'U' : String.fromCharCode(1);
}
var hash = hex_md5(input);
var login_hash = salt.concat(hash);
}
函数send\u login(){
var salt=“8106037b”;
var password=“”;
如果(图形验证==“假”){
password=document.forms.myform.old_password.value.substr(0,16);
document.forms.myform.old_password.value=“”;
//确保密码永远不会以明文形式发送
}否则{
password=document.forms.myform.new_password.value.substr(0,16);
document.forms.myform.new_password.value=“”;
//确保密码永远不会以明文形式发送
}
for(var i=password.length;i<16;i++){
密码+=String.fromCharCode(1);//String.fromCharCode(1)=A
}
var输入=salt+密码;
for(var i=input.length;i<63;i++){
输入+=String.fromCharCode(1);
}
如果(图形验证==“假”){
输入+=(document.forms.myform.old_username.value=='user')?'U':String.fromCharCode(1);
}否则{
输入+=(document.forms.myform.new_username.value=='user')?'U':String.fromCharCode(1);
}
var hash=hex_md5(输入);
var login_hash=salt.concat(散列);
}
这是我用Java复制它的尝试:
public static void main(String [] args) {
engine = new ScriptEngineManager().getEngineByName("nashorn");
try {
engine.eval(new FileReader("C:/Users/xx/Documents/Fiddler2/Captures/md5.js"));
} catch (Exception e) {
e.printStackTrace();
}
invocable = (Invocable) engine;
System.out.print(generateLoginHash("8106037b", ""));
}
public static String generateLoginHash(String salt, String password) {
for (int i = password.length(); i < 16; i++) {
password += "A";
}
String input = salt+password;
for (int i = input.length(); i < 63; i++) {
input += "A";
}
// input += (document.forms.myform.old_username.value == 'user') ? 'U' : String.fromCharCode(1);
input += "U";
System.out.print(input + "\n");
String hash = hash(input);
String login_hash = salt + hash;
return login_hash;
}
public static String hash(String input) {
Object result = null;
try {
result = invocable.invokeFunction("hex_md5", input);
} catch (ScriptException e) {
e.printStackTrace();
} catch (NoSuchMethodException e) {
e.printStackTrace();
}
return result.toString();
}
publicstaticvoidmain(字符串[]args){
engine=new ScriptEngineManager().getEngineByName(“nashorn”);
试一试{
eval(新的文件阅读器(“C:/Users/xx/Documents/Fiddler2/Captures/md5.js”);
}捕获(例外e){
e、 printStackTrace();
}
invocable=(invocable)引擎;
系统输出打印(generateLoginHash(“8106037b”);
}
公共静态字符串generateLoginHash(字符串salt、字符串密码){
for(int i=password.length();i<16;i++){
密码+=“A”;
}
字符串输入=salt+密码;
for(int i=input.length();i<63;i++){
输入+=“A”;
}
//输入+=(document.forms.myform.old_username.value=='user')?'U':String.fromCharCode(1);
输入+=“U”;
系统输出打印(输入+“\n”);
字符串哈希=哈希(输入);
字符串login\u hash=salt+hash;
返回登录\u散列;
}
公共静态字符串哈希(字符串输入){
对象结果=空;
试一试{
结果=invocable.invokeFunction(“hex_md5”,输入);
}捕获(脚本异常){
e、 printStackTrace();
}捕获(无此方法例外){
e、 printStackTrace();
}
返回result.toString();
}
如您所见,我使用的JSMD5实现与登录页面使用的实现相同(下载并保存)
但是,我生成的登录哈希与登录脚本生成的实际哈希不匹配
例如,使用用户“User”、空白密码和salt 8106037b登录时,应生成哈希:8106037bb70f15dcbd74fd1a7b14df4f54483863,但我的不匹配
我错过了什么
JavaScript MD5实现(针对感兴趣的人):
/*
*RSA Data Security,Inc.MD5消息的JavaScript实现
*摘要算法,如RFC 1321中所定义。
*版本2.1版权所有(C)Paul Johnston 1999-2002。
*其他贡献者:格雷格·霍尔特、安德鲁·凯佩特、伊德纳尔、洛斯蒂内
*根据BSD许可证分发
*看http://pajhome.org.uk/crypt/md5 更多信息。
*/
/*
*可配置变量。您可能需要调整这些以与兼容
*服务器端,但默认值在大多数情况下都有效。
*/
var hexcase=0;/*十六进制输出格式。0-小写;1-大写字母*/
变量b64pad=“”;/*base-64填充字符。“=”用于严格遵守RFC*/
var chrsz=8;/*每个输入字符的位数。8-ASCII码;16-Unicode*/
/*
*这些是您通常要调用的函数
*它们接受字符串参数并返回十六进制或base-64编码的字符串
*/
函数hex_md5(s){return binl2hex(core_md5(str2binl(s),s.length*chrsz));}
函数b64_md5(s){返回binl2b64(core_md5(str2binl(s),s.length*chrsz));}
函数str_md5(s){return binl2str(core_md5(str2binl(s),s.length*chrsz));}
函数hex_hmac_md5(键,数据){返回binl2hex(core_hmac_md5(键,数据));}
函数b64_hmac_md5(键,数据){返回binl2b64(core_hmac_md5(键,数据));}
函数str_hmac_md5(键,数据){return binl2str(core_hmac_md5(键,数据));}
/*
*执行一个简单的自检,查看VM是否正常工作
*/
函数md5_vm_test()
{
返回hex_md5(“abc”)=“900150983cd24fb0d6963f7d28e17f72”;
}
/*
*计算小尾端字数组的MD5和位长度
*/
功能核心_md5(x,len)
{
/*附加填充*/
x[len>>5]|=0x80>>9)16)bkey=core_md5(bkey,key.length*chrsz);
变量ipad=Array(16),opad=Array(16);
对于(变量i=0;i<16;i++)
{
ipad[i]=bkey[i]^0x3636;
opad[i]=bkey[i]^0x5c;
}
var hash=core_md5(ipad.concat(str2binl(data)),512+data.length*chrsz);
返回core_md5(opad.concat(散列),512+128);
}
/*
*添加整数,以2^32换行。这在内部使用16位操作
*解决一些JS解释器中的错误。
*/
功能安全添加(x,y)
{
变量lsw=(x&0xFFFF)+(y&0xFFFF);
风险值msw=(x>>16)+(y>>16)+(lsw>>16);
返回(msw>(32-cnt));
}
/*
*将字符串转换为小尾端字数组
*如果chrsz是ASCII,则大于255的字符的hi字节将被忽略。
*/
函数str2binl(str)
{
/*
* A JavaScript implementation of the RSA Data Security, Inc. MD5 Message
* Digest Algorithm, as defined in RFC 1321.
* Version 2.1 Copyright (C) Paul Johnston 1999 - 2002.
* Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet
* Distributed under the BSD License
* See http://pajhome.org.uk/crypt/md5 for more info.
*/
/*
* Configurable variables. You may need to tweak these to be compatible with
* the server-side, but the defaults work in most cases.
*/
var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */
var b64pad = ""; /* base-64 pad character. "=" for strict RFC compliance */
var chrsz = 8; /* bits per input character. 8 - ASCII; 16 - Unicode */
/*
* These are the functions you'll usually want to call
* They take string arguments and return either hex or base-64 encoded strings
*/
function hex_md5(s){ return binl2hex(core_md5(str2binl(s), s.length * chrsz));}
function b64_md5(s){ return binl2b64(core_md5(str2binl(s), s.length * chrsz));}
function str_md5(s){ return binl2str(core_md5(str2binl(s), s.length * chrsz));}
function hex_hmac_md5(key, data) { return binl2hex(core_hmac_md5(key, data)); }
function b64_hmac_md5(key, data) { return binl2b64(core_hmac_md5(key, data)); }
function str_hmac_md5(key, data) { return binl2str(core_hmac_md5(key, data)); }
/*
* Perform a simple self-test to see if the VM is working
*/
function md5_vm_test()
{
return hex_md5("abc") == "900150983cd24fb0d6963f7d28e17f72";
}
/*
* Calculate the MD5 of an array of little-endian words, and a bit length
*/
function core_md5(x, len)
{
/* append padding */
x[len >> 5] |= 0x80 << ((len) % 32);
x[(((len + 64) >>> 9) << 4) + 14] = len;
var a = 1732584193;
var b = -271733879;
var c = -1732584194;
var d = 271733878;
for(var i = 0; i < x.length; i += 16)
{
var olda = a;
var oldb = b;
var oldc = c;
var oldd = d;
a = md5_ff(a, b, c, d, x[i+ 0], 7 , -680876936);
d = md5_ff(d, a, b, c, x[i+ 1], 12, -389564586);
c = md5_ff(c, d, a, b, x[i+ 2], 17, 606105819);
b = md5_ff(b, c, d, a, x[i+ 3], 22, -1044525330);
a = md5_ff(a, b, c, d, x[i+ 4], 7 , -176418897);
d = md5_ff(d, a, b, c, x[i+ 5], 12, 1200080426);
c = md5_ff(c, d, a, b, x[i+ 6], 17, -1473231341);
b = md5_ff(b, c, d, a, x[i+ 7], 22, -45705983);
a = md5_ff(a, b, c, d, x[i+ 8], 7 , 1770035416);
d = md5_ff(d, a, b, c, x[i+ 9], 12, -1958414417);
c = md5_ff(c, d, a, b, x[i+10], 17, -42063);
b = md5_ff(b, c, d, a, x[i+11], 22, -1990404162);
a = md5_ff(a, b, c, d, x[i+12], 7 , 1804603682);
d = md5_ff(d, a, b, c, x[i+13], 12, -40341101);
c = md5_ff(c, d, a, b, x[i+14], 17, -1502002290);
b = md5_ff(b, c, d, a, x[i+15], 22, 1236535329);
a = md5_gg(a, b, c, d, x[i+ 1], 5 , -165796510);
d = md5_gg(d, a, b, c, x[i+ 6], 9 , -1069501632);
c = md5_gg(c, d, a, b, x[i+11], 14, 643717713);
b = md5_gg(b, c, d, a, x[i+ 0], 20, -373897302);
a = md5_gg(a, b, c, d, x[i+ 5], 5 , -701558691);
d = md5_gg(d, a, b, c, x[i+10], 9 , 38016083);
c = md5_gg(c, d, a, b, x[i+15], 14, -660478335);
b = md5_gg(b, c, d, a, x[i+ 4], 20, -405537848);
a = md5_gg(a, b, c, d, x[i+ 9], 5 , 568446438);
d = md5_gg(d, a, b, c, x[i+14], 9 , -1019803690);
c = md5_gg(c, d, a, b, x[i+ 3], 14, -187363961);
b = md5_gg(b, c, d, a, x[i+ 8], 20, 1163531501);
a = md5_gg(a, b, c, d, x[i+13], 5 , -1444681467);
d = md5_gg(d, a, b, c, x[i+ 2], 9 , -51403784);
c = md5_gg(c, d, a, b, x[i+ 7], 14, 1735328473);
b = md5_gg(b, c, d, a, x[i+12], 20, -1926607734);
a = md5_hh(a, b, c, d, x[i+ 5], 4 , -378558);
d = md5_hh(d, a, b, c, x[i+ 8], 11, -2022574463);
c = md5_hh(c, d, a, b, x[i+11], 16, 1839030562);
b = md5_hh(b, c, d, a, x[i+14], 23, -35309556);
a = md5_hh(a, b, c, d, x[i+ 1], 4 , -1530992060);
d = md5_hh(d, a, b, c, x[i+ 4], 11, 1272893353);
c = md5_hh(c, d, a, b, x[i+ 7], 16, -155497632);
b = md5_hh(b, c, d, a, x[i+10], 23, -1094730640);
a = md5_hh(a, b, c, d, x[i+13], 4 , 681279174);
d = md5_hh(d, a, b, c, x[i+ 0], 11, -358537222);
c = md5_hh(c, d, a, b, x[i+ 3], 16, -722521979);
b = md5_hh(b, c, d, a, x[i+ 6], 23, 76029189);
a = md5_hh(a, b, c, d, x[i+ 9], 4 , -640364487);
d = md5_hh(d, a, b, c, x[i+12], 11, -421815835);
c = md5_hh(c, d, a, b, x[i+15], 16, 530742520);
b = md5_hh(b, c, d, a, x[i+ 2], 23, -995338651);
a = md5_ii(a, b, c, d, x[i+ 0], 6 , -198630844);
d = md5_ii(d, a, b, c, x[i+ 7], 10, 1126891415);
c = md5_ii(c, d, a, b, x[i+14], 15, -1416354905);
b = md5_ii(b, c, d, a, x[i+ 5], 21, -57434055);
a = md5_ii(a, b, c, d, x[i+12], 6 , 1700485571);
d = md5_ii(d, a, b, c, x[i+ 3], 10, -1894986606);
c = md5_ii(c, d, a, b, x[i+10], 15, -1051523);
b = md5_ii(b, c, d, a, x[i+ 1], 21, -2054922799);
a = md5_ii(a, b, c, d, x[i+ 8], 6 , 1873313359);
d = md5_ii(d, a, b, c, x[i+15], 10, -30611744);
c = md5_ii(c, d, a, b, x[i+ 6], 15, -1560198380);
b = md5_ii(b, c, d, a, x[i+13], 21, 1309151649);
a = md5_ii(a, b, c, d, x[i+ 4], 6 , -145523070);
d = md5_ii(d, a, b, c, x[i+11], 10, -1120210379);
c = md5_ii(c, d, a, b, x[i+ 2], 15, 718787259);
b = md5_ii(b, c, d, a, x[i+ 9], 21, -343485551);
a = safe_add(a, olda);
b = safe_add(b, oldb);
c = safe_add(c, oldc);
d = safe_add(d, oldd);
}
return Array(a, b, c, d);
}
/*
* These functions implement the four basic operations the algorithm uses.
*/
function md5_cmn(q, a, b, x, s, t)
{
return safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s),b);
}
function md5_ff(a, b, c, d, x, s, t)
{
return md5_cmn((b & c) | ((~b) & d), a, b, x, s, t);
}
function md5_gg(a, b, c, d, x, s, t)
{
return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t);
}
function md5_hh(a, b, c, d, x, s, t)
{
return md5_cmn(b ^ c ^ d, a, b, x, s, t);
}
function md5_ii(a, b, c, d, x, s, t)
{
return md5_cmn(c ^ (b | (~d)), a, b, x, s, t);
}
/*
* Calculate the HMAC-MD5, of a key and some data
*/
function core_hmac_md5(key, data)
{
var bkey = str2binl(key);
if(bkey.length > 16) bkey = core_md5(bkey, key.length * chrsz);
var ipad = Array(16), opad = Array(16);
for(var i = 0; i < 16; i++)
{
ipad[i] = bkey[i] ^ 0x36363636;
opad[i] = bkey[i] ^ 0x5C5C5C5C;
}
var hash = core_md5(ipad.concat(str2binl(data)), 512 + data.length * chrsz);
return core_md5(opad.concat(hash), 512 + 128);
}
/*
* Add integers, wrapping at 2^32. This uses 16-bit operations internally
* to work around bugs in some JS interpreters.
*/
function safe_add(x, y)
{
var lsw = (x & 0xFFFF) + (y & 0xFFFF);
var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
return (msw << 16) | (lsw & 0xFFFF);
}
/*
* Bitwise rotate a 32-bit number to the left.
*/
function bit_rol(num, cnt)
{
return (num << cnt) | (num >>> (32 - cnt));
}
/*
* Convert a string to an array of little-endian words
* If chrsz is ASCII, characters >255 have their hi-byte silently ignored.
*/
function str2binl(str)
{
var bin = Array();
var mask = (1 << chrsz) - 1;
for(var i = 0; i < str.length * chrsz; i += chrsz)
bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (i%32);
return bin;
}
/*
* Convert an array of little-endian words to a string
*/
function binl2str(bin)
{
var str = "";
var mask = (1 << chrsz) - 1;
for(var i = 0; i < bin.length * 32; i += chrsz)
str += String.fromCharCode((bin[i>>5] >>> (i % 32)) & mask);
return str;
}
/*
* Convert an array of little-endian words to a hex string.
*/
function binl2hex(binarray)
{
var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
var str = "";
for(var i = 0; i < binarray.length * 4; i++)
{
str += hex_tab.charAt((binarray[i>>2] >> ((i%4)*8+4)) & 0xF) +
hex_tab.charAt((binarray[i>>2] >> ((i%4)*8 )) & 0xF);
}
return str;
}
/*
* Convert an array of little-endian words to a base-64 string
*/
function binl2b64(binarray)
{
var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
var str = "";
for(var i = 0; i < binarray.length * 4; i += 3)
{
var triplet = (((binarray[i >> 2] >> 8 * ( i %4)) & 0xFF) << 16)
| (((binarray[i+1 >> 2] >> 8 * ((i+1)%4)) & 0xFF) << 8 )
| ((binarray[i+2 >> 2] >> 8 * ((i+2)%4)) & 0xFF);
for(var j = 0; j < 4; j++)
{
if(i * 8 + j * 6 > binarray.length * 32) str += b64pad;
else str += tab.charAt((triplet >> 6*(3-j)) & 0x3F);
}
}
return str;
}
function md5_js_loaded() { return true; }