MCPcopy
hub / github.com/RUB-NDS/PRET / do_unlock

Method do_unlock

postscript.py:409–444  ·  view source on GitHub ↗

Unset startjob and system parameters password.

(self, arg)

Source from the content-addressed store, hash-verified

407
408 # ------------------------[ unlock <passwd>|"bypass" ]----------------
409 def do_unlock(self, arg):
410 "Unset startjob and system parameters password."
411 max = 2**20 # exhaustive key search max value
412 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
413 # note that only numeric passwords can be cracked right now
414 # according to the reference using 'reset' should also work:
415 # **********************************************************
416 # »if the system parameter password is forgotten, there is
417 # still a way to reset it [...] by passing a dictionary to
418 # setsystemparams in which FactoryDefaults is the only entry«
419 # **********************************************************
420 if not arg:
421 print("No password given, cracking.") # 140k tries/sec on lj4250!
422 output().chitchat("If this ain't successful, try 'unlock bypass'")
423 arg = self.timeoutcmd('/min 0 def /max ' + str(max) + ' def\n'
424 'statusdict begin {min 1 max\n'
425 ' {dup checkpassword {== flush stop}{pop} ifelse} for\n'
426 '} stopped pop', self.timeout * 100)
427 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
428 # superexec can be used to reset PostScript passwords on most devices
429 elif arg == 'bypass':
430 print("Resetting password to zero with super-secret PostScript magic")
431 self.supercmd('<< /SystemParamsPassword (0)'
432 ' /StartJobPassword (0) >> setsystemparams')
433 arg = '0' # assume we have successfully reset the passwords to zero
434 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
435 # finally unlock device with user-supplied or cracked password
436 str_recv = self.cmd('{ << /Password (' + arg + ')\n'
437 ' /SystemParamsPassword ()\n' # mostly harmless
438 ' /StartJobPassword ()\n' # permanent VM change
439 ' >> setsystemparams\n} stopped ==')
440 msg = "Use the 'reset' command to restore factory defaults"
441 if not 'false' in str_recv:
442 output().errmsg("Cannot unlock", msg)
443 else:
444 output().raw("Device unlocked with password: " + arg)
445
446 # ------------------------[ restart ]---------------------------------
447 def do_restart(self, arg):

Callers

nothing calls this directly

Calls 7

supercmdMethod · 0.95
cmdMethod · 0.95
outputClass · 0.90
timeoutcmdMethod · 0.80
errmsgMethod · 0.80
rawMethod · 0.80
chitchatMethod · 0.45

Tested by

no test coverage detected