使用华为E8372 hilink通过bash脚本发送短信

问题描述 投票:0回答:3

我正在尝试从华为 E8372 发送短信,与该产品的旧版本不同,它现在需要登录(用户名/密码)才能允许进行 API 调用。从https://github.com/arska/e3372/issues/1我已经能够更新由arasaahov编写的代码,如下所示,这让我通过了登录步骤(我可以获得SESSION_ID cookie和令牌)

#!/bin/sh
# Script updated from example here: https://github.com/arska/e3372/issues/1

MODEM_IP="192.168.8.1"
message="Hello world"
phone="PHONE NUMBER HERE"

echo "Get the Session token information from http://$MODEM_IP/api/webserver/SesTokInfo"
curl -s -X GET "http://$MODEM_IP/api/webserver/SesTokInfo" > ses_tok.xml


# Echo the ses_tok.xml file
#cat ses_tok.xml

# Now pull out the important stuff
echo ""
echo ""
echo "Now pull the important stuff out"
COOKIE=`grep "SessionID=" ses_tok.xml | cut -b 10-147`
TOKEN=`grep "TokInfo" ses_tok.xml | cut -b 10-41`
LOGIN_REQ="<request><Username>admin</Username><Password>YWRtaW4=</Password><password_type>3</password_type></request>"

echo "COOKIE: $COOKIE"
echo "TOKEN: $TOKEN"
echo "LOGIN REQ: $LOGIN_REQ"
echo "\n"

# Now lets actually login
curl -v -X POST -d $LOGIN_REQ "http://$MODEM_IP/api/user/login" \
 -H "Cookie: $COOKIE" -H "__RequestVerificationToken: $TOKEN" -H "Content-Type: text/xml" -H 'Connection: keep-alive' \
 --dump-header login_resp_hdr.txt # > /dev/null

# Pull the important parts out
SESSION_ID=$(grep "SessionID=" login_resp_hdr.txt | cut -d ':' -f2 | cut -d ';' -f1)
ADM_TOKEN=$(grep "__RequestVerificationTokenone" login_resp_hdr.txt | cut -d ':' -f2)

echo "\n"
echo "admin SESSION_ID is: $SESSION_ID"
echo "admin TOKEN is: $ADM_TOKEN"

message_data="<request><Index>-1</Index><Phones><Phone>$phone</Phone></Phones><Sca></Sca><Content>hello</Content><Length>5</Length><Reserved>1</Reserved><Date>1</Date></request>"

# Send an SMS
#curl -X POST -d $message_data "http://$MODEM_IP/api/sms/send-sms" -H "Cookie: $SESSION_ID" -H "__RequestVerificationToken: $ADM_TOKEN" -H "Content-Type: text/xml" #--dump-header send_result.txt

curl -v http://192.168.8.1/api/sms/send-sms \
 -H "Cookie: $SESSION_ID" \
 -H "__RequestVerificationToken: $ADM_TOKEN" \
 -H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8" \
 -H "Accept: */*" \
 -H "Referer: http://192.168.8.1/html/smsinbox.html" \
 -H "Content-Type: text/xml" \
 -H "Connection: keep-alive" \
 -H "Origin: http://192.168.8.1" \
 --data $message_data \
 --dump-header send_result.txt

但是,我收到错误“100005”,我认为这意味着我的发送短信命令不正确。脚本的完整输出如下:

Get the Session token information from http://192.168.8.1/api/webserver/SesTokInfo


Now pull the important stuff out
COOKIE: SessionID=bqveiiBGuCLn8kzilf/7JGUbly53F9EaGFpcJL5gNkg+HvkhC5NpE51pyC7wrTaZQGOJKfdYqnhGWEGU06BPyyknGvsPZvD2QbPzKPh7GvXIiBBL6N9BW7SnrFYh/X0J
TOKEN: pFAF3FZcWziTDWlthllgIDRGbPSFERuH
LOGIN REQ: <request><Username>admin</Username><Password>YWRtaW4=</Password><password_type>3</password_type></request>


Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying 192.168.8.1...
* TCP_NODELAY set
* Connected to 192.168.8.1 (192.168.8.1) port 80 (#0)
> POST /api/user/login HTTP/1.1
> Host: 192.168.8.1
> User-Agent: curl/7.52.1
> Accept: */*
> Cookie: SessionID=bqveiiBGuCLn8kzilf/7JGUbly53F9EaGFpcJL5gNkg+HvkhC5NpE51pyC7wrTaZQGOJKfdYqnhGWEGU06BPyyknGvsPZvD2QbPzKPh7GvXIiBBL6N9BW7SnrFYh/X0J
> __RequestVerificationToken: pFAF3FZcWziTDWlthllgIDRGbPSFERuH
> Content-Type: text/xml
> Connection: keep-alive
> Content-Length: 106
>
* upload completely sent off: 106 out of 106 bytes
< HTTP/1.1 200 OK
< Date: Thu, 01 Jan 1970 00:00:00 GMT
< Server: WebServer
< Connection: close
< X-Download-Options: noopen
< X-Frame-Options: deny
< X-XSS-Protection: 1; mode=block
< Strict-Transport-Security: max-age=31536000; includeSubdomains
< Cache-Control: no-cache
< Content-Type: text/html
< Content-Length: 61
< __RequestVerificationTokenone:xDaZ9B6udQl7GRMyrfaI7WDKF6hM3Icr
< __RequestVerificationTokentwo:oTKseE/iBAYbF1FUJ8XJ9+/X0ulxh+jt
< __RequestVerificationToken:xDaZ9B6udQl7GRMyrfaI7WDKF6hM3Icr#oTKseE/iBAYbF1FUJ8XJ9+/X0ulxh+jt#4M8V6iAWXbfDDlKW0WSForGtB2ZhuUyC#0FWYnCHKcKRX36MD1tgOkiStsT6OF5+O#iLyskoatpK+Ch6pH4PpgZ8Pr8zErrg9P#0yBQ0bbowQL2iZ3QW3FN4q0Adls16LTR#5P6wjHVOMNgGQYkdvBqohZGyQRTr0968#xEdi5v1dsQerDVYXz1fH4HCHMYnEiwy2#BAMuBOJoiJOY33vUENbN+cnSc3yueLQ6#Or4N+mktvSse35qIh6YqLB3lbf2LccFf#il1DNPB/0iEjUMPBgN9icxp58dkHYdNB#ZkltJCROvVHhKf676y+bhBy1Sv27M2Np#tdZgoksZu2o1q3dvS/oYNRYoH+7kTcuv#oqML4IGNmrS06DR5n6jWjzTA4yYakO0S#5di87l60XdJF0xPs3QSKMt2LELP+pEJA#fhRNe9lpisoy+3hhJyM/FWhKVQ13Lu+k#AagfENLE7/Hqm/RReQi7fKhASsaX6qm8#BL3sFmPVQl4RUYwROo3pY31I1ee0sgCM#u+VyGVo2GBe1tX81gJK+hXoYi2jOo+iE#Y//frYpRi+BaeZ7ziflACD1KNgI7SsNI#KAyJoAu0c9reXYf3oBDyl11rU8pkj16h#Ohc04aUEkes0qw/UaGFwK3l5brC9kfEb#GJS9B0d9cFbi2ChCxD16KxpiCx2H3UZT#ECxR86GG9rxnYkVpENGR8Km0srn/Nc6W#cvBDKis3DNqw7a1mtJkvei/NhyPfg3vw#YBQeG0Btnf03ejEhMp/ciQ2T5Lj93bnL#uJ3K1UMLwjSQw+kq6L7slBZcwHFRDcBf#edK//KWWp6BmUsufzVeIG2TmgBqvZ6gL#12TMh7qa/AuBO+EkgXlvzSax/p4wRAAm#CiZltXfOF4jrSoiUm5MKffam0hBU55+s#FNoUhUP7xQtnyNO3tjX01pTjQbzqwkz9#HgPuo6xLxkBcQ3z7LwReWEohfnrlJNZI#
< Set-Cookie:SessionID=vfyx1z/vIhtiTPJxA3gnptVVeCVwYo18IIuolHeAIbHbsn8xphH++92zOgu4selkbQ+1CyuuC4nvzyrRj/DV/12Jma+nVsewcQyinv9eXGzsxtQcihQeqCp2RMEmm0xy;path=/;HttpOnly;
<
* Curl_http_done: called premature == 0
* Closing connection 0
<?xml version="1.0" encoding="UTF-8"?><response>OK</response>

admin SESSION_ID is: SessionID=vfyx1z/vIhtiTPJxA3gnptVVeCVwYo18IIuolHeAIbHbsn8xphH++92zOgu4selkbQ+1CyuuC4nvzyrRj/DV/12Jma+nVsewcQyinv9eXGzsxtQcihQeqCp2RMEmm0xy
admin TOKEN is: xDaZ9B6udQl7GRMyrfaI7WDKF6hM3Icr
*   Trying 192.168.8.1...
* TCP_NODELAY set
* Connected to 192.168.8.1 (192.168.8.1) port 80 (#0)
> POST /api/sms/send-sms HTTP/1.1
> Host: 192.168.8.1
> User-Agent: curl/7.52.1
> Cookie: SessionID=vfyx1z/vIhtiTPJxA3gnptVVeCVwYo18IIuolHeAIbHbsn8xphH++92zOgu4selkbQ+1CyuuC4nvzyrRj/DV/12Jma+nVsewcQyinv9eXGzsxtQcihQeqCp2RMEmm0xy
> __RequestVerificationToken: xDaZ9B6udQl7GRMyrfaI7WDKF6hM3Icr
> Content-Type: application/x-www-form-urlencoded; charset=UTF-8
> Accept: */*
> Referer: http://192.168.8.1/html/smsinbox.html
> Content-Type: text/xml
> Connection: keep-alive
> Origin: http://192.168.8.1
> Content-Length: 167
>
* upload completely sent off: 167 out of 167 bytes
< HTTP/1.1 200 OK
< Date: Thu, 01 Jan 1970 00:00:00 GMT
< Server: WebServer
< Connection: close
< X-Download-Options: noopen
< X-Frame-Options: deny
< X-XSS-Protection: 1; mode=block
< Strict-Transport-Security: max-age=31536000; includeSubdomains
< Cache-Control: no-cache
< Content-Type: text/html
< Content-Length: 101
< __RequestVerificationToken:QKB4o80G00DALXLfhiwqjhJBhaSuE0mM
<
<?xml version="1.0" encoding="UTF-8"?>
<error>
<code>100005</code>
<message></message>
</error>
* Curl_http_done: called premature == 0
* Closing connection 0
HTTP/1.1 200 OK
Date: Thu, 01 Jan 1970 00:00:00 GMT
Server: WebServer
Connection: close
X-Download-Options: noopen
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 101
__RequestVerificationToken:QKB4o80G00DALXLfhiwqjhJBhaSuE0mM

任何人都可以帮助解决我做错的事情吗?谢谢大家!

bash curl huawei-mobile-services
3个回答
3
投票

明白了!您必须将 SESSION_ID cookie 传递到 /api/webserver/sesTokInfo 才能获取新的 TOKEN (TokInfo) - 这将替换以前版本固件中的 /api/webserver/token 调用。所以一旦登录,

下面获取一个新令牌,存储为 ADM_TOKEN

curl -s -X GET "http://$MODEM_IP/api/webserver/SesTokInfo" \
 -H "Cookie: $SESSION_ID" > ses_tok2.xml
ADM_TOKEN=`grep "TokInfo" ses_tok2.xml | cut -b 10-41`

然后您可以使用该 ADM_TOKEN 运行下一个命令

curl -v http://192.168.8.1/api/sms/send-sms \
 -H "Cookie: $SESSION_ID" \
 -H "__RequestVerificationToken: $ADM_TOKEN" \
 -H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8" \
 -H "Accept: */*" \
 -H "Referer: http://192.168.8.1/html/smsinbox.html" \
 -H 'X-Requested-With: XMLHttpRequest' \
 -H "Connection: keep-alive" \
 -H "Origin: http://192.168.8.1" \
 --data $message_data \
 --dump-header send_result.txt

看起来你想要运行的每个命令都必须首先获得一个新令牌


0
投票

如果您想登录调制解调器,您必须对代码进行更多操作,而不仅仅是简单的 base64。这就是我发现的:通常密码是“admin”,所以我将从这里开始。

psd = sha256("admin");
psd = b64(psd);
psd = name + psd + token;
psd = sha256(psd);
psd = b64(psd); 

我花了很多时间在我自己的项目中找到这个。现在您可以正确登录到您的 E8372 了。
我希望这对其他人有帮助。

PS:名称通常也是“admin”。 sha256 是一种哈希方法,您可以很容易地找到它。

编辑:这个答案并不适用于所有类型的密码,我在您的问题中使用类型 3 后看到了它。这个回复是针对类型 4 的。我认为这仍然可以帮助其他人。


0
投票

Короче,если ты читешь эту статью,то ты тоже пытаешься отправлять и читать смс с 华为 E8372... Лучше описания в инете я не нашел, но тут не все полностью описано.. LOGIN_REQ= из первого сообщения не совсем верно - пароль там рассчитывается по особенному, а именно

 psd = base64encode(SHA256(name + base64encode(SHA256($('#password').val())) + g_requestVerificationToken[0]));

Ближе всего к истине

"psd = sha256("admin");
psd = b64(psd);
psd = name + psd + token;
psd = sha256(psd);
psd = b64(psd); "

base64encode это не просто base64строка, асвоя функция расчета - стандартные методы не работают Вот кусок кода

//function base64encode(str) {
//    var out, i, len;
//    var c1, c2, c3;
//    len = str.length;
//    i = 0;
//    out = '';
//    while (i < len) {
//        c1 = str.charCodeAt(i++) & 0xff;
//        if (i == len) {
//            out += g_base64EncodeChars.charAt(c1 >> 2);
//            out += g_base64EncodeChars.charAt((c1 & 0x3) << 4);
//            out += '==';
//            break;
//        }
//        c2 = str.charCodeAt(i++);
//        if (i == len) {
//            out += g_base64EncodeChars.charAt(c1 >> 2);
//            out += g_base64EncodeChars.charAt(((c1 & 0x3) << 4) | ((c2 & 0xF0) >> 4));
//            out += g_base64EncodeChars.charAt((c2 & 0xF) << 2);
//            out += '=';
//            break;
//        }
//        c3 = str.charCodeAt(i++);
//        out += g_base64EncodeChars.charAt(c1 >> 2);
//        out += g_base64EncodeChars.charAt(((c1 & 0x3) << 4) | ((c2 & 0xF0) >> 4));
//        out += g_base64EncodeChars.charAt(((c2 & 0xF) << 2) | ((c3 & 0xC0) >> 6));
//        out += g_base64EncodeChars.charAt(c3 & 0x3F);
//    }
//    return out;
//}    

Короче отладке в браузере тебе читающий товарищ в помощь и исследуй sms.js и main.js - там по сути все ест

© www.soinside.com 2019 - 2024. All rights reserved.