标题: ZyNOS GenerateATENPassword()及GenerateATLBPassword()伪代码

创建: 2015-01-28 13:59 更新: 2015-03-04 10:41 链接: http://scz.617.cn/misc/201501281359.txt

很多ZyNOS支持一个ATLB命令

ATLBx xmodem upload bootbase,x is password

这个命令需要一个bootbase password，不同于常规password

ATBS show the bootbase seed of password generator

对比:

ATENx,(y) set BootExtension Debug Flag (y=password) ATSE show the seed of password generator

"bootbase password"算法与常规password算法很类似，有三处差别，一是MAC地址的使用不同，二是MAGIC值不同，三是seed源不同。

GenerateATENPassword()伪代码:

#define MAGIC 0xA11F5AC6

unsigned int GenerateATENPassword ( /* * 由ATSE命令产生，如未执行ATSE命令，seed为0 * * the seed of password generator / unsigned int seed, / * MAC地址的最后一个字节 / unsigned char mac_last_byte ) { seed &= 0x00FFFFFF; return( ror( seed + MAGIC, mac_last_byte & 0x7 ) ^ seed ); } / end of GenerateATENPassword */

算法中只使用了MAC地址的最低3-bits，不要执行ATSE命令，于是生成的口令只有8种可能。

0 or 8 : A11F5AC6 1 or 9 : 508FAD63 2 or A : A847D6B1 3 or B : D423EB58 4 or C : 6A11F5AC 5 or D : 3508FAD6 6 or E : 1A847D6B 7 or F : 8D423EB5

GenerateATLBPassword()伪代码:

#define MAGIC 0xA78198AF

unsigned int GenerateATLBPassword ( /* * 由ATBS命令产生，如未执行ATBS命令，seed为0 * * the bootbase seed of password generator */ unsigned int seed, unsigned char MAC[6] ) { unsigned char sum;

sum     = ( MAC[3] + MAC[4] + MAC[5] ) & 0xFF;
sum     = hi_4bits( sum ) + low_4bits( sum );
seed   &= 0x00FFFFFF;
return( ror( seed + MAGIC, sum & 0x7 ) ^ seed );

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

201501281359.txt.md

201501281359.txt.md

0 or 8 : A11F5AC6 1 or 9 : 508FAD63 2 or A : A847D6B1 3 or B : D423EB58 4 or C : 6A11F5AC 5 or D : 3508FAD6 6 or E : 1A847D6B 7 or F : 8D423EB5

} /* end of GenerateATLBPassword */

Files

201501281359.txt.md

Latest commit

History

201501281359.txt.md

File metadata and controls

0 or 8 : A11F5AC6 1 or 9 : 508FAD63 2 or A : A847D6B1 3 or B : D423EB58 4 or C : 6A11F5AC 5 or D : 3508FAD6 6 or E : 1A847D6B 7 or F : 8D423EB5

} /* end of GenerateATLBPassword */