标题: ZyNOS GenerateATENPassword()及GenerateATLBPassword()伪代码 创建: 2015-01-28 13:59 更新: 2015-03-04 10:41 链接: https://scz.617.cn/misc/201501281359.txt 很多ZyNOS支持一个ATLB命令 ATLBx xmodem upload bootbase,x is password 这个命令需要一个bootbase password,不同于常规password ATBS show the bootbase seed of password generator 对比: ATENx,(y) set BootExtension Debug Flag (y=password) ATSE show the seed of password generator "bootbase password"算法与常规password算法很类似,有三处差别,一是MAC地址的 使用不同,二是MAGIC值不同,三是seed源不同。 GenerateATENPassword()伪代码: -------------------------------------------------------------------------- #define MAGIC 0xA11F5AC6 unsigned int GenerateATENPassword ( /* * 由ATSE命令产生,如未执行ATSE命令,seed为0 * * the seed of password generator */ unsigned int seed, /* * MAC地址的最后一个字节 */ unsigned char mac_last_byte ) { seed &= 0x00FFFFFF; return( ror( seed + MAGIC, mac_last_byte & 0x7 ) ^ seed ); } /* end of GenerateATENPassword */ -------------------------------------------------------------------------- 算法中只使用了MAC地址的最低3-bits,不要执行ATSE命令,于是生成的口令只有8种 可能。 -------------------------------------------------------------------------- 0 or 8 : A11F5AC6 1 or 9 : 508FAD63 2 or A : A847D6B1 3 or B : D423EB58 4 or C : 6A11F5AC 5 or D : 3508FAD6 6 or E : 1A847D6B 7 or F : 8D423EB5 -------------------------------------------------------------------------- GenerateATLBPassword()伪代码: -------------------------------------------------------------------------- #define MAGIC 0xA78198AF unsigned int GenerateATLBPassword ( /* * 由ATBS命令产生,如未执行ATBS命令,seed为0 * * the bootbase seed of password generator */ unsigned int seed, unsigned char MAC[6] ) { unsigned char sum; sum = ( MAC[3] + MAC[4] + MAC[5] ) & 0xFF; sum = hi_4bits( sum ) + low_4bits( sum ); seed &= 0x00FFFFFF; return( ror( seed + MAGIC, sum & 0x7 ) ^ seed ); } /* end of GenerateATLBPassword */ --------------------------------------------------------------------------