Initial commit

This commit is contained in:
Han Dai 2020-02-23 14:40:09 -05:00
commit 703908309c
6 changed files with 158 additions and 0 deletions

47
HOTP.js Normal file
View File

@ -0,0 +1,47 @@
function hotp(key, counter) {
function SHA1(message) {
var m = [], w = [], r = new String(), l = message.length * 8, H = [0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476, 0xC3D2E1F0];
for (var c = 0, l = 0; c < message.length; c++, l += 8)
m[l >>> 5] |= message.charCodeAt(c) << (24 - l % 32);
m[l >> 5] |= 0x80 << (24 - l % 32), m[((l + 64 >>> 9) << 4) + 15] = l;
for (var i = 0; i < m.length; i += 16) {
var a = H[0], b = H[1], c = H[2], d = H[3], e = H[4];
for (var j = 0; j < 80; j++) {
if (j < 16) w[j] = m[i + j];
else {
var n = w[j-3] ^ w[j-8] ^ w[j-14] ^ w[j-16];
w[j] = (n << 1) | (n >>> 31);
}
var t = ((a << 5) | (a >>> 27)) + e + (w[j] >>> 0) + (
j < 20 ? (b & c | ~b & d) + 0x5A827999 : j < 40 ? (b ^ c ^ d) + 0x6ED9EBA1 :
j < 60 ? (b & c | b & d | c & d) + 0x8F1BBCDC : (b ^ c ^ d) + 0xCA62C1D6);
e = d, d = c, c = (b << 30) | (b >>> 2), b = a, a = t;
}
H[0] += a, H[1] += b, H[2] += c, H[3] += d, H[4] += e;
}
for (var b = 0; b < 20; b += 1) r += (String.fromCharCode((H[b >>> 2] >>> ((3 - b % 4) << 3)) & 0xFF));
return r;
};
function HMAC_SHA1(message, key) {
key = key.length > 64 ? SHA1(key) : key.padEnd(64, '\0');
var okey = new String(), ikey = new String();
for (var i = 0; i < 64; i++)
okey += String.fromCharCode(key.charCodeAt(i) ^ 0x5C), ikey += String.fromCharCode(key.charCodeAt(i) ^ 0x36);
var hmacbytes = SHA1(okey + SHA1(ikey + message));
return hmacbytes;
};
function formatCounter(counter) {
var hex = parseInt(counter).toString(16).padStart(16, '0'), str = new String();
for(var i = 0; i < hex.length; i += 2)
str += String.fromCharCode(parseInt(hex.substr(i, 2), 16));
return str;
}
function truncate(h) {
offset = h.charCodeAt(19) & 0xF;
return ((h.charCodeAt(offset++) & 0x7F) << 24
| h.charCodeAt(offset++) << 16
| h.charCodeAt(offset++) << 8
| h.charCodeAt(offset++)).toString().slice(-6);
}
return truncate(HMAC_SHA1(formatCounter(counter), key));
}

1
README.md Normal file
View File

@ -0,0 +1 @@
Boiler AutoLogin

21
casLoginInjection.js Normal file
View File

@ -0,0 +1,21 @@
window.onload=function(){
document.getElementById("boilerKeyLogo").innerHTML = "<button>Bypass BoilerKey, Login NOW</button>";
function processForm(e) {
e.preventDefault();
chrome.storage.sync.get(["counter", "alias", "pin", "key"], function(result) {
if(result.key && result.counter && result.alias && result.pin){
otp = hotp(result.key, result.counter);
document.getElementById("username").value = result.alias;
document.getElementById("password").value = result.pin + "," + otp;
chrome.storage.sync.set({"counter": parseInt(result.counter) + 1});
document.getElementsByName("submit")[0].click();
}else{
alert("Please complete auto login setup before continuing.");
}
});
return false;
}
var form = document.getElementById('boilerKeyLogo');
form.addEventListener("click", processForm);
}

17
manifest.json Normal file
View File

@ -0,0 +1,17 @@
{
"name": "Boiler AutoLogin",
"version": "0.1.0",
"description": "Bypass BoilerKey.",
"options_page": "options.html",
"permissions": [
"https://api-1b9bef70.duosecurity.com/",
"storage"
],
"content_scripts": [
{
"matches": ["https://www.purdue.edu/apps/account/cas/login*"],
"js": ["HOTP.js", "casLoginInjection.js"]
}
],
"manifest_version": 2
}

23
options.html Normal file
View File

@ -0,0 +1,23 @@
<!DOCTYPE html>
<html>
<head>
<script src="options.js"></script>
</head>
<body>
<h2>Settings</h2>
<form id="settings" method="post">
<label for="fname">Purdue Login: </label><br>
<input type="text" id="alias" name="alias" placeholder="pete123">@purdue.edu<br>
<label for="lname">BoilerKey PIN:</label><br>
<input type="password" id="pin" name="pin" placeholder="1234"><br>
<label for="lname">Duo Mobile Activation Code:</label><br>
<input type="text" id="activationCode" name="activationCode" placeholder="LoR3mIP5um"><br>
<label for="lname">HOTP Secret (Advanced):</label><br>
<input type="text" id="key" name="key"><br>
<label for="lname">HOTP Counter (Advanced):</label><br>
<input type="text" id="counter" name="counter"><br><br>
<input type="submit" value="submit">
</form>
<br><hr>
</body>
</html>

49
options.js Normal file
View File

@ -0,0 +1,49 @@
window.onload=function(){
var activationCode;
var form = document.getElementById('settings');
form.addEventListener("submit", processForm);
chrome.storage.sync.get(["alias", "pin", "activationCode", "key", "counter"], function(result) {
if(result.alias) document.getElementById("alias").value = result.alias;
if(result.pin) document.getElementById("pin").value = result.pin;
if(result.activationCode) document.getElementById("activationCode").value = activationCode = result.activationCode;
if(result.key) document.getElementById("key").value = result.key;
if(result.counter) document.getElementById("counter").value = result.counter;
});
function processForm(e) {
e.preventDefault();
chrome.storage.sync.set({ "alias": document.getElementById("alias").value,
"pin": document.getElementById("pin").value,
"activationCode": document.getElementById("activationCode").value,
"key": document.getElementById("key").value,
"counter": document.getElementById("counter").value
}, function() {
if(activationCode != document.getElementById("activationCode").value){
activateDuoMobile(document.getElementById("activationCode").value);
}else{
alert("SAVED!");
}
});
return true;
}
function activateDuoMobile(activationCode){
var data = "jailbroken=false&architecture=armv7&region=US&app_id=com.duosecurity.duomobile&full_disk_encryption=true&passcode_status=true&platform=Android&app_version=3.23.0&app_build_number=323001&version=8.1&manufacturer=unknown&language=en&model=Pixel C&security_patch_level=2018-12-01";
var xhr = new XMLHttpRequest();
xhr.addEventListener("readystatechange", function() {
if(this.readyState === 4) {
result = JSON.parse(this.responseText);
if(result["stat"] == "OK"){
chrome.storage.sync.set({ "key": result["response"]["hotp_secret"], "counter": 10 });
prompt("Success!", this.responseText);
}else{
alert(this.responseText);
}
}
});
xhr.open("POST", "https://api-1b9bef70.duosecurity.com/push/v2/activation/" + activationCode);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.setRequestHeader("User-Agent'", "okhttp/2.7.5");
xhr.send(data);
}
}