S
Stroller
Hi there,
Please be gentle - I'm never used Javascript, but I need to
reverse-engineer my router, which my ISP (whom I bought it from) have
helpfully locked to their service.
I managed to find a hidden webpage on the router which allows one to
enter an unlock code, and if I enter (say) 999 in this box it takes me
to a webpage with the address <http://192.168.1.200/brdg.cgi?brdg=999>.
That page helpfully shows a message announcing "Your router is still
locked."
It was my intention to brute-force the unlock code, by writing a
bash-script to download every URL from
<http://192.168.1.200/brdg.cgi?brdg=0> to
<http://192.168.1.200/brdg.cgi?brdg=999999> (or whatever), until
parsing it reveals the word "unlocked" but it's probably obvious to
more experienced haX0rz that my script just gets the source of the
page, including both "locked" and "unlocked" display strings.
This is where it gets (for me) interesting. The code on the page is:
<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<link rel=stylesheet href='stylemain.css' type='text/css'>
<link rel=stylesheet href='colors.css' type='text/css'>
<title>ISP Lock status</title>
<script language="javascript" src="util.js"></script>
<script language="javascript">
<!-- hide
function frmLoad()
{
with ( document.forms[0] )
{
if ('1' == '0')
{
writit("Your router is successfully unlocked.","brdg");
}
else
{
writit("Your router is still locked.","brdg");
}
}
}
// done hiding -->
</script>
</head>
<body onLoad='frmLoad()'>
<form>
<b>ISP Lock status of your router.<br>
<div id='brdg'></div>
<br>
</form>
</body>
</html>
Am I right in thinking that the "if ('1' == '0')" above equates to "if
true is false"? And that consequently the router will never display the
unlocked message? Or am I misreading this code completely? I obviously
have access to the util.js script, so I'm going to take a look at that
now, but I'd be very grateful if anyone could indicate whether I'm
working along the right lines.
Thanks in advance for any comments,
Stroller.
Please be gentle - I'm never used Javascript, but I need to
reverse-engineer my router, which my ISP (whom I bought it from) have
helpfully locked to their service.
I managed to find a hidden webpage on the router which allows one to
enter an unlock code, and if I enter (say) 999 in this box it takes me
to a webpage with the address <http://192.168.1.200/brdg.cgi?brdg=999>.
That page helpfully shows a message announcing "Your router is still
locked."
It was my intention to brute-force the unlock code, by writing a
bash-script to download every URL from
<http://192.168.1.200/brdg.cgi?brdg=0> to
<http://192.168.1.200/brdg.cgi?brdg=999999> (or whatever), until
parsing it reveals the word "unlocked" but it's probably obvious to
more experienced haX0rz that my script just gets the source of the
page, including both "locked" and "unlocked" display strings.
This is where it gets (for me) interesting. The code on the page is:
<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<link rel=stylesheet href='stylemain.css' type='text/css'>
<link rel=stylesheet href='colors.css' type='text/css'>
<title>ISP Lock status</title>
<script language="javascript" src="util.js"></script>
<script language="javascript">
<!-- hide
function frmLoad()
{
with ( document.forms[0] )
{
if ('1' == '0')
{
writit("Your router is successfully unlocked.","brdg");
}
else
{
writit("Your router is still locked.","brdg");
}
}
}
// done hiding -->
</script>
</head>
<body onLoad='frmLoad()'>
<form>
<b>ISP Lock status of your router.<br>
<div id='brdg'></div>
<br>
</form>
</body>
</html>
Am I right in thinking that the "if ('1' == '0')" above equates to "if
true is false"? And that consequently the router will never display the
unlocked message? Or am I misreading this code completely? I obviously
have access to the util.js script, so I'm going to take a look at that
now, but I'd be very grateful if anyone could indicate whether I'm
working along the right lines.
Thanks in advance for any comments,
Stroller.