我正在尝试从华为E8372发送短信,与此产品的旧版本不同,现在需要登录(用户名/密码)才允许进行API调用。从https://github.com/arska/e3372/issues/1我已经能够更新arasaahov编写的代码,如下所示,它让我通过登录步骤(我可以获得一个SESSION_ID cookie和令牌)
#!/bin/sh
# Script updated from example here: https://github.com/arska/e3372/issues/1
MODEM_IP="192.168.8.1"
message="Hello world"
phone="PHONE NUMBER HERE"
echo "Get the Session token information from http://$MODEM_IP/api/webserver/SesTokInfo"
curl -s -X GET "http://$MODEM_IP/api/webserver/SesTokInfo" > ses_tok.xml
# Echo the ses_tok.xml file
#cat ses_tok.xml
# Now pull out the important stuff
echo ""
echo ""
echo "Now pull the important stuff out"
COOKIE=`grep "SessionID=" ses_tok.xml | cut -b 10-147`
TOKEN=`grep "TokInfo" ses_tok.xml | cut -b 10-41`
LOGIN_REQ="<request><Username>admin</Username><Password>YWRtaW4=</Password><password_type>3</password_type></request>"
echo "COOKIE: $COOKIE"
echo "TOKEN: $TOKEN"
echo "LOGIN REQ: $LOGIN_REQ"
echo "\n"
# Now lets actually login
curl -v -X POST -d $LOGIN_REQ "http://$MODEM_IP/api/user/login" \
-H "Cookie: $COOKIE" -H "__RequestVerificationToken: $TOKEN" -H "Content-Type: text/xml" -H 'Connection: keep-alive' \
--dump-header login_resp_hdr.txt # > /dev/null
# Pull the important parts out
SESSION_ID=$(grep "SessionID=" login_resp_hdr.txt | cut -d ':' -f2 | cut -d ';' -f1)
ADM_TOKEN=$(grep "__RequestVerificationTokenone" login_resp_hdr.txt | cut -d ':' -f2)
echo "\n"
echo "admin SESSION_ID is: $SESSION_ID"
echo "admin TOKEN is: $ADM_TOKEN"
message_data="<request><Index>-1</Index><Phones><Phone>$phone</Phone></Phones><Sca></Sca><Content>hello</Content><Length>5</Length><Reserved>1</Reserved><Date>1</Date></request>"
# Send an SMS
#curl -X POST -d $message_data "http://$MODEM_IP/api/sms/send-sms" -H "Cookie: $SESSION_ID" -H "__RequestVerificationToken: $ADM_TOKEN" -H "Content-Type: text/xml" #--dump-header send_result.txt
curl -v http://192.168.8.1/api/sms/send-sms \
-H "Cookie: $SESSION_ID" \
-H "__RequestVerificationToken: $ADM_TOKEN" \
-H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8" \
-H "Accept: */*" \
-H "Referer: http://192.168.8.1/html/smsinbox.html" \
-H "Content-Type: text/xml" \
-H "Connection: keep-alive" \
-H "Origin: http://192.168.8.1" \
--data $message_data \
--dump-header send_result.txt
然而,我收到错误&#34; 100005&#34;我认为这意味着我的send-sms命令不正确。脚本的完整输出如下:
Get the Session token information from http://192.168.8.1/api/webserver/SesTokInfo
Now pull the important stuff out
COOKIE: SessionID=bqveiiBGuCLn8kzilf/7JGUbly53F9EaGFpcJL5gNkg+HvkhC5NpE51pyC7wrTaZQGOJKfdYqnhGWEGU06BPyyknGvsPZvD2QbPzKPh7GvXIiBBL6N9BW7SnrFYh/X0J
TOKEN: pFAF3FZcWziTDWlthllgIDRGbPSFERuH
LOGIN REQ: <request><Username>admin</Username><Password>YWRtaW4=</Password><password_type>3</password_type></request>
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 192.168.8.1...
* TCP_NODELAY set
* Connected to 192.168.8.1 (192.168.8.1) port 80 (#0)
> POST /api/user/login HTTP/1.1
> Host: 192.168.8.1
> User-Agent: curl/7.52.1
> Accept: */*
> Cookie: SessionID=bqveiiBGuCLn8kzilf/7JGUbly53F9EaGFpcJL5gNkg+HvkhC5NpE51pyC7wrTaZQGOJKfdYqnhGWEGU06BPyyknGvsPZvD2QbPzKPh7GvXIiBBL6N9BW7SnrFYh/X0J
> __RequestVerificationToken: pFAF3FZcWziTDWlthllgIDRGbPSFERuH
> Content-Type: text/xml
> Connection: keep-alive
> Content-Length: 106
>
* upload completely sent off: 106 out of 106 bytes
< HTTP/1.1 200 OK
< Date: Thu, 01 Jan 1970 00:00:00 GMT
< Server: WebServer
< Connection: close
< X-Download-Options: noopen
< X-Frame-Options: deny
< X-XSS-Protection: 1; mode=block
< Strict-Transport-Security: max-age=31536000; includeSubdomains
< Cache-Control: no-cache
< Content-Type: text/html
< Content-Length: 61
< __RequestVerificationTokenone:xDaZ9B6udQl7GRMyrfaI7WDKF6hM3Icr
< __RequestVerificationTokentwo:oTKseE/iBAYbF1FUJ8XJ9+/X0ulxh+jt
< __RequestVerificationToken:xDaZ9B6udQl7GRMyrfaI7WDKF6hM3Icr#oTKseE/iBAYbF1FUJ8XJ9+/X0ulxh+jt#4M8V6iAWXbfDDlKW0WSForGtB2ZhuUyC#0FWYnCHKcKRX36MD1tgOkiStsT6OF5+O#iLyskoatpK+Ch6pH4PpgZ8Pr8zErrg9P#0yBQ0bbowQL2iZ3QW3FN4q0Adls16LTR#5P6wjHVOMNgGQYkdvBqohZGyQRTr0968#xEdi5v1dsQerDVYXz1fH4HCHMYnEiwy2#BAMuBOJoiJOY33vUENbN+cnSc3yueLQ6#Or4N+mktvSse35qIh6YqLB3lbf2LccFf#il1DNPB/0iEjUMPBgN9icxp58dkHYdNB#ZkltJCROvVHhKf676y+bhBy1Sv27M2Np#tdZgoksZu2o1q3dvS/oYNRYoH+7kTcuv#oqML4IGNmrS06DR5n6jWjzTA4yYakO0S#5di87l60XdJF0xPs3QSKMt2LELP+pEJA#fhRNe9lpisoy+3hhJyM/FWhKVQ13Lu+k#AagfENLE7/Hqm/RReQi7fKhASsaX6qm8#BL3sFmPVQl4RUYwROo3pY31I1ee0sgCM#u+VyGVo2GBe1tX81gJK+hXoYi2jOo+iE#Y//frYpRi+BaeZ7ziflACD1KNgI7SsNI#KAyJoAu0c9reXYf3oBDyl11rU8pkj16h#Ohc04aUEkes0qw/UaGFwK3l5brC9kfEb#GJS9B0d9cFbi2ChCxD16KxpiCx2H3UZT#ECxR86GG9rxnYkVpENGR8Km0srn/Nc6W#cvBDKis3DNqw7a1mtJkvei/NhyPfg3vw#YBQeG0Btnf03ejEhMp/ciQ2T5Lj93bnL#uJ3K1UMLwjSQw+kq6L7slBZcwHFRDcBf#edK//KWWp6BmUsufzVeIG2TmgBqvZ6gL#12TMh7qa/AuBO+EkgXlvzSax/p4wRAAm#CiZltXfOF4jrSoiUm5MKffam0hBU55+s#FNoUhUP7xQtnyNO3tjX01pTjQbzqwkz9#HgPuo6xLxkBcQ3z7LwReWEohfnrlJNZI#
< Set-Cookie:SessionID=vfyx1z/vIhtiTPJxA3gnptVVeCVwYo18IIuolHeAIbHbsn8xphH++92zOgu4selkbQ+1CyuuC4nvzyrRj/DV/12Jma+nVsewcQyinv9eXGzsxtQcihQeqCp2RMEmm0xy;path=/;HttpOnly;
<
* Curl_http_done: called premature == 0
* Closing connection 0
<?xml version="1.0" encoding="UTF-8"?><response>OK</response>
admin SESSION_ID is: SessionID=vfyx1z/vIhtiTPJxA3gnptVVeCVwYo18IIuolHeAIbHbsn8xphH++92zOgu4selkbQ+1CyuuC4nvzyrRj/DV/12Jma+nVsewcQyinv9eXGzsxtQcihQeqCp2RMEmm0xy
admin TOKEN is: xDaZ9B6udQl7GRMyrfaI7WDKF6hM3Icr
* Trying 192.168.8.1...
* TCP_NODELAY set
* Connected to 192.168.8.1 (192.168.8.1) port 80 (#0)
> POST /api/sms/send-sms HTTP/1.1
> Host: 192.168.8.1
> User-Agent: curl/7.52.1
> Cookie: SessionID=vfyx1z/vIhtiTPJxA3gnptVVeCVwYo18IIuolHeAIbHbsn8xphH++92zOgu4selkbQ+1CyuuC4nvzyrRj/DV/12Jma+nVsewcQyinv9eXGzsxtQcihQeqCp2RMEmm0xy
> __RequestVerificationToken: xDaZ9B6udQl7GRMyrfaI7WDKF6hM3Icr
> Content-Type: application/x-www-form-urlencoded; charset=UTF-8
> Accept: */*
> Referer: http://192.168.8.1/html/smsinbox.html
> Content-Type: text/xml
> Connection: keep-alive
> Origin: http://192.168.8.1
> Content-Length: 167
>
* upload completely sent off: 167 out of 167 bytes
< HTTP/1.1 200 OK
< Date: Thu, 01 Jan 1970 00:00:00 GMT
< Server: WebServer
< Connection: close
< X-Download-Options: noopen
< X-Frame-Options: deny
< X-XSS-Protection: 1; mode=block
< Strict-Transport-Security: max-age=31536000; includeSubdomains
< Cache-Control: no-cache
< Content-Type: text/html
< Content-Length: 101
< __RequestVerificationToken:QKB4o80G00DALXLfhiwqjhJBhaSuE0mM
<
<?xml version="1.0" encoding="UTF-8"?>
<error>
<code>100005</code>
<message></message>
</error>
* Curl_http_done: called premature == 0
* Closing connection 0
HTTP/1.1 200 OK
Date: Thu, 01 Jan 1970 00:00:00 GMT
Server: WebServer
Connection: close
X-Download-Options: noopen
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 101
__RequestVerificationToken:QKB4o80G00DALXLfhiwqjhJBhaSuE0mM
任何人都可以帮助解决我做错的事吗?谢谢你!
答案 0 :(得分:2)
知道了!您必须将SESSION_ID cookie传递给/ api / webserver / sesTokInfo才能获得新的TOKEN(TokInfo) - 这将取代以前版本固件的/ api / webserver / token调用。所以登录后,
以下内容获取一个新令牌,存储为ADM_TOKEN
curl -s -X GET "http://$MODEM_IP/api/webserver/SesTokInfo" \
-H "Cookie: $SESSION_ID" > ses_tok2.xml
ADM_TOKEN=`grep "TokInfo" ses_tok2.xml | cut -b 10-41`
然后您可以使用该ADM_TOKEN运行下一个命令
curl -v http://192.168.8.1/api/sms/send-sms \
-H "Cookie: $SESSION_ID" \
-H "__RequestVerificationToken: $ADM_TOKEN" \
-H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8" \
-H "Accept: */*" \
-H "Referer: http://192.168.8.1/html/smsinbox.html" \
-H 'X-Requested-With: XMLHttpRequest' \
-H "Connection: keep-alive" \
-H "Origin: http://192.168.8.1" \
--data $message_data \
--dump-header send_result.txt
看起来你想要运行的每个命令都必须先获得一个新的令牌
答案 1 :(得分:0)
如果要登录到调制解调器,则必须比简单的base64多一些操作代码。这就是我发现的:通常密码是“ admin”,所以我将从这里开始。
psd = sha256("admin");
psd = b64(psd);
psd = name + psd + token;
psd = sha256(psd);
psd = b64(psd);
我花了很多时间在自己的项目中找到它。现在您可以正确登录到E8372。
希望对其他人有帮助。
PS:名称通常也是“ admin”。 sha256是一种哈希方法,您可以很容易地找到它。
编辑:此答案并非适用于所有类型的密码,在您在问题中使用3型后,我看到了它。这种回应是针对类型4的。我认为仍然可以帮助其他人。