#!/usr/bin/perl -w use LWP::UserAgent; use XML::Simple; use Data::Dumper; use MIME::Base64; use Digest::MD5 qw(md5); my $ua = LWP::UserAgent->new; my $sid; my $host = "192.168.50.6"; my $user = "admin"; my $pass = "admin"; my @fw_vars = qw(ENABLE_LAN_AUTONEG ENABLE_LAN_100 ENABLE_LAN_FDUPLEX GATEWAY IP_ADDRESS NETMASK TFTP_FIRMWARE_FILE TFTP_ADDR_FIRMWARE ENABLE_DHCP ENABLE_DNS DNS_SERVER DNS_DOMAIN_NAME DHCP_CONFIGURE_DNS ACCESS_CONTROL_SERVER_1 ACCESS_CONTROL_SERVER_2 ACCESS_CONTROL_SERVERS ACPI_DISABLE_BIOS_SCAN ACPI_FORCE_RSDP_ADDRESS ACPI_FORCE_RSDT_ADDRESS ACPI_RSDP_BIOS_ROM_ADDRESS ACPI_SCAN_DELAY_SECONDS AMR_AUTH_METHOD AMR_DISABLE_PCI AMR_ENABLE_ISCSI_TIMEOUT AMR_ENABLED AMR_HOST_INTERFACE AMR_SERVER_LIST AMR_USB_FDD_CBI_UFI_TRANSPORT AMR_USB_R2T_TIMEOUT_MSEC AVR_4BIT_ACTION AVR_4BIT_SAMPLE_TIME AVR_ARCHITECTURE AVR_CHIP_TYPE AVR_CLIENT_LANGUAGE AVR_DISABLE_SVR_MOUSE_ON_SESSION_START AVR_KB_VERSION AVR_MAX_SESSION_COUNT AVR_MOUSE_ACCELERATION AVR_MOUSE_MAX_STEP_SIZE AVR_NUMB_MOUSE_PACKETS AVR_PCI_PATTERN_HANDS_OFF_ENABLED AVR_PREF_KB_STICKY_KEY_MODE_ON AVR_PREF_KB_TYPING_MODE_ON AVR_PREF_KB_WARN_UNID_EV AVR_REGISTERS_BASE_ADDR AVR_RESET_PAUSE AVR_SCREEN_REFRESH AVR_SUPPORTED_CHIP AVR_TILE_TIMEOUT AVR_VIDEO_MEM_BASE_ADDR BAUDRATE BAUDRATE_MODEM BAUDRATE_PPP BMC_SUPPORTS_GRACEFULL BMC_TIMESYNC_INTERVAL CARD_NAME CONSOLE_IPMI_MOUSE_BYTE_TIME CONSOLE_KEYBOARD_ACCESS_MODE CONSOLE_MOUSE_ACCESS_MODE CONSOLE_VIDEO_PARAM_MODE CONTACT CONTACT_PHONE CRIT_TEMP_SHUTDOWN CRIT_VOLT_SHUTDOWN DHCP_ADD_EXTENSION DHCP_ADD_SERIAL DHCP_CONFIGURE_DNS DHCP_HOSTNAME_EXT DHCP_SERVER DHCP_USE_CARDNAME DIAG_URL DNS_DOMAIN_NAME DNS_SERVER ENABLE_ANON_IPMI ENABLE_ANON_PCI ENABLE_ANON_WEB ENABLE_AVR_CHIP_DETECT ENABLE_BMC_AUTODETECT ENABLE_BMC_TIMESYNC ENABLE_CRTC_FETCH ENABLE_DHCP ENABLE_DHCP_HOSTNAME ENABLE_DNS ENABLE_DS_CONNECTIVITY ENABLE_IO_UART_DECODER ENABLE_LAN_100 ENABLE_LAN_AUTONEG ENABLE_LAN_FDUPLEX ENABLE_MEM_UART_DECODER ENABLE_PPP ENABLE_REMOTE_FLOPPY_BOOT ENABLE_SELF_DELETE ENABLE_SERIAL_DBG ETHDRIVER_SID EXPROM_BANNER EXPROM_EBDA_COMPATIBILITY EXPROM_ENTRY EXPROM_EXIT_DELAY_SEC EXPROM_F3_DELAY_SEC EXPROM_INT13_COMPATIBILITY EXPROM_SETUP_BANNER FIRMWARE_REVISION FP_ACDC FP_AMR FP_AVR_ASR FP_AVR_GRAPHIC_CONSOLE FP_AVR_TEXT_CONSOLE FP_AVRMANCONF_4BIT_SAMPLE FP_AVRMANCONF_ACCESS_MODES FP_AVRMANCONF_CHIP FP_AVRMANCONF_MOUSE_ACCELERATION FP_AVRMANCONF_MOUSE_TYPE FP_AVRMANCONF_RESET_PAUSE FP_AVRMANCONF_SCREEN_REFRESH FP_BATTERY FP_BOARDRESET_BUTTON FP_COMREDIRECT FP_F3_PPP FP_I2C FP_ICMB FP_INSTR FP_INTERNAL_LAN FP_KEY_CONSOLE FP_LAN_SPEED FP_LAST_BOARD_POWER_WARNING_ENABLED FP_NO_BLADE_PANEL FP_NO_CARDCONF_PANEL FP_NO_DIAG_PANEL FP_NO_DSAUTHCONF_PANEL FP_NO_MANAGE_PANEL FP_NO_MEMORY_PANEL FP_NO_SENSOR_PANEL FP_NO_SERVERCONF_PANEL FP_NO_SSL_PANEL FP_NO_SYSLOG_PANEL FP_NO_USERCONF_PANEL FP_PAGING_EMAIL FP_PAGING_SERIAL FP_PAGING_SNMP FP_PCI_CONFIG FP_PPP FP_PROP_BAUDRATE_REQBOOT FP_PROP_PPP_INIT_REQBOOT FP_PROP_PS_REQBOOT FP_PROP_TERM_DIRECT_CONNECT_REQBOOT FP_REMOTE_BOOT FP_REMOTE_DISK FP_REMOTE_POWER FP_SAC_CONSOLE FP_SEL FP_SENSOR_HISTORY FP_SEQ_SEL FP_SERVER_POWER FP_SERVER_REBOOT FP_SERVER_RESET FP_SERVER_SHUTDOWN FP_SMM FP_SSL FP_STATUS_DIAG_PANEL FP_STATUS_MEMORY_PANEL FP_STATUS_PCI_CONFIG FP_STATUS_SAC_CONSOLE FP_SYSTEM_LAN FP_TEXT_ASR FP_TEXT_CONSOLE FP_TUI FP_VERSION FP_VGA_ASR FP_VGA_CONSOLE FP_VT100_CONSOLE GATEWAY GATEWAY_MAC GRATUITOUS_ARP_INTERVAL HELP_LOCATION HIST0_SAMPLE_TIME HIST0_SENSOR_ID HIST1_SAMPLE_TIME HIST1_SENSOR_ID HIST2_SAMPLE_TIME HIST2_SENSOR_ID HIST3_SAMPLE_TIME HIST3_SENSOR_ID HTTP_PORT_NUM HTTP_SSL_PORT_NUM I2C_ADDR_8BIT_CHASSIS_BMC I2C_ADDR_8BIT_MY_BMC I2C_ADDR_8BIT_THIS_CARD INFOTXT_BPROP_ACCESS INFOTXT_DB_ACCESS IP_ADDRESS IP_ADDRESS_SOURCE IPMB_RETRY_TIMEOUT IPMB_SEQ_NUM_TIMEOUT IPMB_TX_RETRIES IPMI_COUNTRY_SELECT IPV4_HEADER_PARAMETERS ISCSI_DEVICE_VENDOR ISCSI_PRODUCT_EMUL_BD ISCSI_PRODUCT_EMUL_CD ISCSI_PRODUCT_EMUL_FD LAST_CARD_NAME LAST_ENABLE_DHCP LAST_GATEWAY LAST_IP_ADDRESS LAST_NETMASK LOCATION MAC_ADDRESS MODEM_CONNECT MODEM_CONNECT2 MODEM_SEPARATOR NETMASK PAGE_RETRIES PAGE_RETRY_DELAY_SEC POST_ERRCODE POST_PROP PPP_AVAILABLE PPP_INIT PPP_IP_ADDR PPP_NETMASK PPP_PORT PPP_STATUS PPP_STAY_ALIVE_SECS PPP_WELCOME PPP2_BAUDRATE PPP2_INIT PPP2_IP_ADDR PPP2_NETMASK PPP2_PORT PPP2_STAY_ALIVE_SECS PRODUCT PRODUCT_ABBR PS_ASR PS_DISK PS_FAN PS_HARDWARE PS_MEMORY PS_NETWORK PS_OTHER PS_POST PS_RMC PS_SECURITY PS_SYS_POWER PS_SYS_STATUS PS_TEMPERATURE PS2_ADAPTER_POWER_UP_MODE PS2_FW_UPDATE_CMD PS2_FW_UPDATE_IMG_NAME PS2_FW_UPDATE_STATUS RMC_DS_GROUP SAC_PORT SERVER_CODEPAGE SERVER_HARD_RESET_PULSE_MS SERVER_HARD_RESET_VIA_IPMI SERVER_ID SERVER_IP SERVER_KEYBOARD SERVER_KEYBOARD_LANGUAGES_LIST SERVER_MEMORY SERVER_NAME SERVER_POWER_CHANGE_VIA_IPMI SERVER_POWER_OFF_MODE SERVER_POWER_OFF_PULSE_MS SERVER_POWER_ON_MODE SERVER_POWER_ON_PULSE_MS SERVER_TIMEZONE SERVER_URL SESSION_MANAGER_SESSION_TIMEOUT SI_DEF_POLL_INTERVAL_MS SI_DEF_POLL_OFFSET_MS SMTP_RESP_TIME_SEC SMTP_RETRIES SMTP_RETRY_DELAY_SEC SMTP_REVERSE_PATH SMTP_SERVER SNMP_AGENT_ENABLED SNMP_COMMUNITY SNMP_ENTERPRISE_ID SNMP_SERVER SNMP_SERVER_1 SNMP_SERVER_2 SNMP_SERVER_3 SNMP_SERVER_4 SNMP_SERVER_5 SNMP_SERVER_6 SNMP_SERVER_7 SNMP_SERVER_MAC SNMP_SYSOID SNMP_TRAP_MASK SNMP_TRAP_VERSION SSL_40_OR_128_ENCRYPTION SSL_CAPABLE_FIRMWARE SSL_ENABLE_ALOG SSL_ENABLE_ALOG_FALLBACK SSL_ENABLE_CLIENT_CERT SSL_ENABLE_HTTP SSL_ENABLE_HTTPS SSL_ENABLE_NOTIFY SSL_NOTIFICATION_TIME TELNET_ENABLE TELNET_PORT_NUM TERMINAL_DIRECT_CONNECT TERMINAL_ENCODING TEXT_CONSOLE_TIMEOUT TFTP_ADDR_FIRMWARE TFTP_ADDR_REBOOT TFTP_FIRMWARE_FILE TFTP_REBOOT_FILE TXT_REMOTE_CONSOLE_COLOR_MAP TXT_REMOTE_CONSOLE_FREQ USB_DEVICE_SETTINGS USE_SERVER_IP_ADDRESS USER_TIMEOUT VENDOR RMC_AUTODETECT RMC_FUNCTIONS RMC_MODULES AGENT_VERSION BIOS_VER BOARD_MFT BOARD_MODEL BOARD_PART_NUM BOARD_SERIAL BOARD_VER CAB_MFT CAB_MODEL CAB_PROD_NUM CAB_PROD_VER CAB_SERIAL CHA_MODEL CSV_ConfAlarmMailFrom CSV_ConfAlarmMailMessage CSV_ConfAlarmMailSubject CSV_ConfAlarmMailType CSV_ConfAlarmMailUserInfo0 CSV_ConfAlarmMailUserInfo1 PER_USER_PAGING RMC_SEL_FILTER SERVER_AD_NAME SERVER_AD_NAME2 SERVER_AD_NAME3 SERVER_AD_NAME4 SERVER_CONTACT SERVER_DESCRIPTION SERVER_IP_ADDRESS SERVER_IP_ADDRESS2 SERVER_IP_ADDRESS3 SERVER_IP_ADDRESS4 SERVER_IP_DHCP SERVER_IP_DHCP2 SERVER_IP_DHCP3 SERVER_IP_DHCP4 SERVER_IP_GATEWAY SERVER_IP_GATEWAY2 SERVER_IP_GATEWAY3 SERVER_IP_GATEWAY4 SERVER_IP_NETMASK SERVER_IP_NETMASK2 SERVER_IP_NETMASK3 SERVER_IP_NETMASK4 SERVER_LOCATION SERVER_MAC_ADDRESS SERVER_MAC_ADDRESS2 SERVER_MAC_ADDRESS3 SERVER_MAC_ADDRESS4 SERVER_MAX_LAN_ADAPTER SERVER_OS SERVER_OS_VENDOR); sub _crc16 { my $str = shift; my $crc = 0; for my $k (0..length($str)-1) { $crc ^= ord(substr($str, $k, 1)) << 8; for (0..7) { $crc = (($crc & 0x8000) == 32768 ? ($crc<<1) ^ 0x1021 : $crc<<1); } } $crc = $crc & 0xFFFF; return $crc; } sub _hash { my ($password, $challenge) = @_; my @challenge_bytes = unpack 'c16', decode_base64($challenge); my @pwd_hash = unpack 'c16', md5($password); my @xor_bytes; for my $i (0..15) { $xor_bytes[$i] = $challenge_bytes[$i] ^ $pwd_hash[$i]; }; my $hash = md5(pack 'c16', @xor_bytes); my $crc = _crc16($hash); $hash .= chr($crc & 0xff) . chr($crc >> 8 & 0xff); return encode_base64($hash, ""); } sub _req { my $xml = shift; $request = HTTP::Request->new(POST => "http://${host}/cgi/bin"); $request->header(Cookie => "sid=$sid"); $request->content_type('application/x-www-form-urlencoded'); $request->content($xml); $response = $ua->request($request); die("Error in request: " . $response->status_line . "\n") unless ($response->is_success); XMLin($response->content); } sub _getprop { my $property = shift; my $reqstr=''; my $resp = _req($reqstr); if ($resp->{RESP}->{RC} ne '0x0') { $resp->{RESP}->{RC}; } else { $resp; } } sub logout { print "Logout\n"; my $request = HTTP::Request->new(GET => "http://${host}/cgi/logout"); $request->header(Cookie => "sid=$sid"); my $response = $ua->request($request); die("While trying to logout: " . $response->status_line . "\n") unless ($response->is_success); my $xmlin = XMLin($response->decoded_content); die "Error logging out: ".$xmlin->{RC} if ($xmlin->{RC} ne '0x0'); } sub setprop { my $property = shift; my $value = shift; my $oldval = _getprop($property)->{RESP}->{PROPLIST}->{PROP}->{VAL}; if ($value eq $oldval) { print "${property} is already ${value}\n"; return; } my $reqstr=''.$value.''; my $res = _req($reqstr); if ($res->{RESP}->{RC} ne '0x0') { print "Error setting ${property} to ${value}: ".$res->{RESP}->{RC}."\n"; } else { print "${property}: ${oldval} -> ${value}\n"; } } sub serveraction { my $action = shift; print "${action}...\n"; my $reqstr=''.$action.''; my $res = _req($reqstr); if ($res->{RESP}->{RC} ne '0x0') { print "FAILED:".$res->{RESP}->{RC}."\n"; } } sub showprop { my $property = shift; my $phash = _getprop($property)->{RESP}->{PROPLIST}->{PROP}; print "${property}: " . ${phash}->{VAL} . " (" . ${phash}->{PERMS} . ")\n"; } sub board_properties { my $reqstr=''; my $resp = _req($reqstr); print " * Board Properties:\n"; foreach my $bprop (@{$resp->{RESP}->{BPROPLIST}->{BPROP}}) { print " * " . ${bprop}->{NAME} . ": " . ${bprop}->{VAL} . "\n"; } } sub show_all_vars { foreach my $fwvar (@fw_vars) { showprop($fwvar); } } #Login... my $response = $ua->get("http://${host}/cgi/challenge"); die $response->status_line if (!($response->is_success)); my $xmlin = XMLin($response->decoded_content); die "Error getting Challenge: ".$xmlin->{RC} if ($xmlin->{RC} ne '0x0'); my $challenge = $xmlin->{CHALLENGE}; print "Challenge: ${challenge}\n"; $sid = $response->headers->header('Set-Cookie'); die "No SessionID!" if (!defined($sid)); chomp($sid); $sid =~ s/.*sid=(.*);.*/$1/; print "SID: ${sid}\n"; my $login_hash = _hash($pass, $challenge); print "Hash: ${login_hash}\n"; my $request = HTTP::Request->new(GET => "http://${host}/cgi/login?user=${user}&hash=${login_hash}"); $request->header(Cookie => "sid=$sid"); $response = $ua->request($request); die("While trying to login: " . $response->status_line . "\n") unless ($response->is_success); $xmlin = XMLin($response->decoded_content); die "Error logging in: ".$xmlin->{RC} if ($xmlin->{RC} ne '0x0'); $reqstr=''; my $boarddesc64 = _req($reqstr)->{RESP}->{BPROPLIST}->{BPROP}->{VAL}; my $boarddesc = decode_base64($boarddesc64); my @board = split(//, $boarddesc); foreach my $byte (@board) { printf ("0x%02x ", ord($byte)); } print "\n"; printf("byte 22: 0x%x\n", ord($board[22])); #showprop("FP_REMOTE_POWER"); #showprop("FP_REMOTE_BOOT"); #showprop("SERVER_HARD_RESET_VIA_IPMI"); #showprop("SERVER_HARD_RESET_PULSE_MS"); #showprop("SERVER_POWER_CHANGE_VIA_IPMI"); #showprop("SERVER_POWER_ON_MODE"); #showprop("SERVER_POWER_ON_PULSE_MS"); #showprop("SERVER_POWER_OFF_MODE"); #showprop("SERVER_POWER_OFF_PULSE_MS"); #showprop("FP_COMREDIRECT"); board_properties(); #show_all_vars(); #server_power_on modes: (com/agilent/rmc/mgui/panels/PowerMgmtConf.class) #0: l_pmconf_option_disabled #1: l_pmconf_option_atx #2: l_pmconf_option_relay #default: disabled my $pmode = 2; setprop("SERVER_HARD_RESET_VIA_IPMI", "FALSE"); setprop("SERVER_POWER_CHANGE_VIA_IPMI", "FALSE"); #Power Mgmt. Pane setprop("FP_REMOTE_POWER", "TRUE"); #PM Mode setprop("SERVER_POWER_ON_MODE", sprintf("0x%x", $pmode)); setprop("SERVER_POWER_OFF_MODE", sprintf("0x%x", $pmode)); #Hack: Abuse powercycloe for powerup and down... setprop("SERVER_POWER_ON_PULSE_MS", "0x0"); #$reqstr=''.$boarddesc_new.''; #print $reqstr."\n"; #print Dumper(_req($reqstr)); serveraction("hardreset"); #serveraction("powerup"); #serveraction("powerdown"); serveraction("powercycle"); logout();