Last active
July 24, 2025 17:50
-
-
Save vaguinerg/a0781aeeb4d330001e2d740e06614e27 to your computer and use it in GitHub Desktop.
micropython tp-link wr 840n v6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| import requests | |
| import re | |
| import binascii | |
| import hashlib | |
| def get_salt(ip): | |
| response = requests.get(f"http://{ip}/cgi/getParm", headers={"Referer": f"http://{ip}/"}) | |
| match = re.search(r'var ss="([^"]+)"', response.text) | |
| return match.group(1) | |
| def encrypt(text, salt): | |
| base64_str = binascii.b2a_base64(text.encode('utf-8')).strip().decode('utf-8') | |
| input_str = salt + base64_str + salt | |
| md5_hash = hashlib.md5(input_str.encode('utf-8')).digest() | |
| return binascii.hexlify(md5_hash).decode('utf-8') | |
| def get_session(ip, username, password, salt): | |
| username_enc = encrypt(username, salt) | |
| password_enc = encrypt(password, salt) | |
| url = f"http://{ip}/cgi/login?UserName={username_enc}&Passwd={password_enc}&Action=1&LoginStatus=0" | |
| response = requests.get(url, headers={"Referer": f"http://{ip}/"}) | |
| set_cookie = response.headers.get('Set-Cookie', '') | |
| jsessionid_match = re.search(r'JSESSIONID=([^;]+)', set_cookie) | |
| return jsessionid_match.group(1) if jsessionid_match else None | |
| def get_token(ip, session): | |
| response = requests.get(f"http://{ip}", headers={"Referer": f"http://{ip}/", "Cookie": f"loginErrorShow=1; JSESSIONID={session}"}) | |
| token_match = re.search(r'var token="([^"]+)"', response.text) | |
| return token_match.group(1) if token_match else None | |
| def post_router(ip, session, token, post_data): | |
| host, _, port = ip.partition(':') | |
| port = int(port or 80) | |
| addr = socket.getaddrinfo(host, port)[0][-1] | |
| s = socket.socket() | |
| s.connect(addr) | |
| s.settimeout(0.01) | |
| request = ( | |
| "POST /cgi?5 HTTP/1.1\r\n" | |
| f"Content-Length: {len(post_data)}\r\n" | |
| f"Cookie: JSESSIONID={session}\r\n" | |
| f"Referer: http://{ip}/\r\n" | |
| f"TokenID: {token}\r\n" | |
| "Connection: close\r\n" | |
| "\r\n" | |
| f"{post_data}" | |
| ) | |
| s.send(request.encode()) | |
| response = s.read().decode('utf-8') | |
| return response | |
| def main(): | |
| ip = "192.168.0.1" | |
| username = "admin" | |
| password = "2121" | |
| salt = get_salt(ip) | |
| jsessionid = get_session(ip, username, password, salt) | |
| token = get_token(ip, jsessionid) | |
| post_data = "[LAN_WLAN#0,0,0,0,0,0#0,0,0,0,0,0]0,19\r\nname\r\nStandard\r\nSSID\r\nX_TP_Band\r\nEnable\r\nRegulatoryDomain\r\nSSIDAdvertisementEnabled\r\nBeaconType\r\nBasicEncryptionModes\r\nWPAEncryptionModes\r\nIEEE11iEncryptionModes\r\nbeaconType\r\nBasicEncryptionModes\r\nBasicAuthenticationMode\r\nWPAEncryptionModes\r\nWPAAuthenticationMode\r\nIEEE11iEncryptionModes\r\nIEEE11iAuthenticationMode\r\nX_TP_PreSharedKey\r\n" | |
| print (post_router(ip, jsessionid, token, post_data)) | |
| if __name__ == "__main__": | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment