All Projects

ID Project Opened Task Type Category Status Summary  desc
39911Freebox Server (Ultra V9/ Pop V8/ Delta V7 / Revolution V6 / Mini 4K)15/12/2024AnomalieAPINouveauFreebox API Login Track "/api/v8/login/authorize/" Task Description

Bonjour,

Contre toute attente, l’API de Track login sur un id de track inexistant retourne pas mal d’informations qu’elle ne devrait pas forcément retourner dont un password salt et beaucoup de code échappés.
Est-ce la documentation de l’API qui n’est pas à jour ? Où est-ce normal que l’API dump du code en JS ?

NB : Les “XXXX” remplace le code échappé et le sel a été retiré.

Freebox OS : 4.8.16

http://mafreebox/api/v8/login/authorize/666

{
   "success":true,
   "result":{
      "status":"unknown",
      "challenge":[
         "var _tddrqb = '_fzutptw';var _hvlvi = new RegExp(_tddrqb.charAt(eval(unescape('%37'))), 'g');String.fromCharCode(_tddrqb.replace(_hvlvi, 'z').charCodeAt(eval(unescape('XXXXX'))))",
         "var _aethnyfs = '_mtjsaiih';var _nxxvroo = new RegExp(_aethnyfs.charAt(eval(unescape('XXXXX'))), 'g');String.fromCharCode(_aethnyfs.replace(_nxxvroo, 'p').charCodeAt(eval(unescape('%35'))))",
         "var _xphsj = '_agfkirx';var _uobvx = new RegExp(_xphsj.charAt(eval(unescape('%37'))), 'g');String.fromCharCode(_xphsj.replace(_uobvx, 'k').charCodeAt(eval(unescape('%37'))))",
         "var _hotru = { _rehs: '_6rkhldig' }; _hotru._rehs.charAt(eval(unescape('XXXX')))",
         "var _ebcy = { _neoqqe: '_tah\/' }; _ebcy._neoqqe.charAt(eval(unescape('%34')))",
         "var _vxcbrq = { _unqxlpz: '_mvqkbjw' }; _vxcbrq._unqxlpz.charAt(eval(unescape('XXXXX')))",
         "decodeURIComponent('%' + (eval(unescape('%35%37'))).toString(eval(unescape('XXXX'))))",
         "'g'",
         "'p'",
         "decodeURIComponent('%' + (eval(unescape('XXXXX'))))",
         "var _xfozdxm = { _etauaqab: '_pqSd' }; _xfozdxm._etauaqab.charAt(eval(unescape('XXXX')))",
         "var _jsqs = '_fuzldxcj';var _emmk = new RegExp(_jsqs.charAt(eval(unescape('XXXXX'))), 'g');String.fromCharCode(_jsqs.replace(_emmk, 'J').charCodeAt(eval(unescape('%35'))))",
         "'c'",
         "decodeURIComponent('%' + (eval(unescape('XXXX'))).toString(eval(unescape('XXXX'))))",
         "var _fczmbd = { _guhhz: '_dehqlq' }; _fczmbd._guhhz.charAt(eval(unescape(XXXX')))",
         "var _afewzzt = { _mnpstx: '_yu1d' }; _afewzzt._mnpstx.charAt(eval(unescape('XXXXX')))",
         "decodeURIComponent('%' + (eval(unescape('%35%35'))).toString(eval(unescape(XXXX'))))",
         "var _qawcojla = '_bwzhef';var _rulszp = new RegExp(_qawcojla.charAt(eval(unescape('%33'))), 'g');String.fromCharCode(_qawcojla.replace(_rulszp, 'E').charCodeAt(eval(unescape('XXXXX'))))",
         "decodeURIComponent('%' + (eval(unescape('XXXX'))).toString(eval(unescape('XXXX'))))",
         "'G'",
         "var _gcxvax = { _nsfg: '_wdyhcr' }; _gcxvax._nsfg.charAt(eval(unescape('XXXXX')))",
         "var _xtwup = '_jakip';var _factsbsx = new RegExp(_xtwup.charAt(eval(unescape('XXXX'))), 'g');String.fromCharCode(_xtwup.replace(_factsbsx, 'P').charCodeAt(eval(unescape('XXXX'))))",
         "var _pwunhjcf = '_mxno';var _mmoqgw = new RegExp(_pwunhjcf.charAt(eval(unescape('XXXX'))), 'g');String.fromCharCode(_pwunhjcf.replace(_mmoqgw, 'M').charCodeAt(eval(unescape('XXXX'))))",
         "var _wndta = { _bfgrhge: '_zujuQ' }; _wndta._bfgrhge.charAt(eval(unescape('%35')))",
         "var _qbfepmi = '_iwms';var _uffbilk = new RegExp(_qbfepmi.charAt(eval(unescape('%33'))), 'g');String.fromCharCode(_qbfepmi.replace(_uffbilk, 'e').charCodeAt(eval(unescape('%33'))))",
         "var _rijvnj = '_syixk';var _sqaicfto = new RegExp(_rijvnj.charAt(eval(unescape('XXXX'))), 'g');String.fromCharCode(_rijvnj.replace(_sqaicfto, 'b').charCodeAt(eval(unescape('XXXXX'))))",
         "'E'",
         "decodeURIComponent('%' + (eval(unescape('XXXX'))).toString(eval(unescape('XXXX'))))",
         "'s'",
         "var _kjihqn = '_mjyeewoc';var _zktqloe = new RegExp(_kjihqn.charAt(eval(unescape('XXXX'))), 'g');String.fromCharCode(_kjihqn.replace(_zktqloe, 'E').charCodeAt(eval(unescape('XXXXX'))))",
         "'n'",
         "var _rzmbme = { _zmysndbt: '_odcjxnG' }; _rzmbme._zmysndbt.charAt(eval(unescape('XXXX')))"
      ],
      "password_salt":"SALT"
   }
}
15008Freebox Server (Ultra V9/ Pop V8/ Delta V7 / Revolution V6 / Mini 4K)13/05/2014ÉvolutionWiFiNouveauDocumentation des paramètres Wifi Avancés Task Description

Je n’ai trouvé aucune documentation expliquant le fonctionnement des paramètres de configuration Wifi avancés : Greenfield, shortgi ...
Un pointeur vers une doc technique en ligne serait un plus dans la compréhension de ces paramètres.

Merci ;-)

Showing tasks 1 - 2 of 2 Page 1 of 1

Available keyboard shortcuts

Tasklist

Task Details

Task Editing