The dlink Dir-655 hash changes…

I mentioned in a previous post I needed to programatically log into my Dlink DIR-655 router and grabbed the computed password off of a submit.

Well it turns out the salt changes periodically (maybe every reset?) and just storing the hash wasn’t enough. I ended up writing a bit of ruby to recreate the javascript hashing function

require 'digest/md5'
require 'nokogiri'

router_path = "http://#{router[:ip]}"
x = agent.get(router_path)
salt = x.body.match(/salt = "(.*)"/)[1]

# pad the pasword to length 16
pad_size = (16 - router[:password].length)
padded_password = router[:password] + "\x01" * pad_size

# pad it the rest of the way, length 64 for admin
salted_password = salt + padded_password + ("\x01" * (64 - salt.length - padded_password.length))
login_hash = salt + Digest::MD5.hexdigest(salted_password)

login_path = "#{router_path}/post_login.xml?hash=#{login_hash}"

That code can be found on my github as part of Orbital Command.

One thought on The dlink Dir-655 hash changes…

Leave a Reply to David Reitz Cancel reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>