add HTTPS support and let'sencrypt cert generation via duckdns

dist/dhcp/index.js

@@ -1,17 +1,20 @@
-var path, server, toHexArray;
+var args, path, server, toHexArray;
 
 server = require('./server');
 
 path = require('path');
 
+args = require('../args');
+
 toHexArray = function(str) {
   return str.split('').map(function(d, i) {
     return str.charCodeAt(i);
   });
 };
 
 module.exports = function(ip, acsurl, acspass) {
-  var vendor;
+  var fullip, vendor;
+  fullip = ip;
   ip = ip.split('.');
   ip.pop();
   ip = ip.join('.');
@@ -24,6 +27,7 @@ module.exports = function(ip, acsurl, acspass) {
     randomIP: true,
     vendor: vendor,
     netmask: '255.255.255.0',
+    dns: args.dnsserver ? [fullip] : ['8.8.8.8', '8.8.4.4'],
     router: [ip + '.1'],
     hostname: 'second.gateway',
     broadcast: ip + '.255',

dist/http/index.js

@@ -1,10 +1,12 @@
-var Duplex, args, createServer, cwmp, existsSync, file, path, readFileSync, ref, route, statSync;
+var Duplex, args, createHttpsServer, createServer, cwmp, file, path, readFileSync, route;
 
 Duplex = require('stream').Duplex;
 
 createServer = require('http').createServer;
 
-ref = require('fs'), readFileSync = ref.readFileSync, existsSync = ref.existsSync, statSync = ref.statSync;
+createHttpsServer = require('https').createServer;
+
+readFileSync = require('fs').readFileSync;
 
 path = require('path');
 
@@ -17,7 +19,7 @@ args = require('../args');
 cwmp = require('./cwmp');
 
 module.exports = function(ip, port, url) {
-  var e, srv;
+  var e, httpsoptions, srv;
   if (args.file) {
     file.name = path.basename(args.file);
     try {
@@ -43,21 +45,30 @@ module.exports = function(ip, port, url) {
     stream = new Duplex();
     stream.push(file.data);
     stream.push(null);
-    return stream.pipe(res);
-  }).get('/done', function(req, res) {
+    stream.pipe(res).get('/done', function(req, res) {});
     console.log('>>> WPS CALLBACK');
     console.log("\n\nAll done,\n\n- change network card settings back to dhcp and move the cable back to a lan port\n- try ssh connection to the gateways ip (usually 192.168.0.1) with username root and password root (change password immediately with passwd!)\n\nssh root@192.168.0.1");
     setTimeout(function() {
       return process.exit(1);
     }, 20000);
     res.writeHead(200);
-    return res.end();
-  }).post('/', cwmp(url));
-  srv = createServer(route);
+    return res.end().post('/', cwmp(url));
+  });
+  if (args.https) {
+    console.log("Starting HTTPS server...");
+    httpsoptions = {
+      key: readFileSync('./key.key'),
+      cert: readFileSync('./cert.cert')
+    };
+    srv = createHttpsServer(httpsoptions, route);
+  } else {
+    console.log("Starting HTTP server...");
+    srv = createServer(route);
+  }
   srv.keepAliveTimeout = 30000;
   srv.on('error', function(e) {
-    var ref1;
-    if ((ref1 = e.code) === 'EADDRINUSE' || ref1 === 'EADDRNOTAVAIL') {
+    var ref;
+    if ((ref = e.code) === 'EADDRINUSE' || ref === 'EADDRNOTAVAIL') {
       console.log(e.code + ', retrying...');
       return setTimeout(function() {
         srv.close();

dist/http/lecerts.js

@@ -0,0 +1,88 @@
+var ACME, args, duckdns, existsSync, ref, writeFileSync;
+
+ref = require('fs'), writeFileSync = ref.writeFileSync, existsSync = ref.existsSync;
+
+ACME = require('@root/acme');
+
+duckdns = require('acme-dns-01-duckdns');
+
+args = require('../args');
+
+module.exports = function(domain) {
+  var acme, dns01;
+  if (existsSync('./key.key') && existsSync('./cert.cert')) {
+    console.log("key.key and key.key already exists!");
+    return;
+  }
+  if (args.duckdnstoken) {
+    dns01 = duckdns.create({
+      baseUrl: 'https://www.duckdns.org/update',
+      token: args.duckdnstoken
+    });
+    console.log("Requesting HTTPS certificate to LE via duckdns...");
+  } else {
+    console.log("No duckdns token!!");
+    return;
+  }
+  acme = ACME.create({
+    maintainerEmail: 'tch-exploit@github.com',
+    packageAgent: 'tch-exploit/v1.0'
+  });
+  return acme.init('https://acme-v02.api.letsencrypt.org/directory').then(function(r) {
+    var Keypairs;
+    Keypairs = require('@root/keypairs');
+    return Keypairs.generate({
+      kty: 'EC',
+      format: 'jwk'
+    }).then(function(accountKeypair) {
+      return acme.accounts.create({
+        subscriberEmail: 'tch-exploit@github.com',
+        agreeToTerm: true,
+        accountKey: accountKeypair["private"]
+      }).then(function(account) {
+        console.log("Starting LetsEncrypt DNS challenge via duckdns...");
+        return Keypairs.generate({
+          kty: 'RSA',
+          format: 'jwk'
+        }).then(function(serverKeypair) {
+          return Keypairs["export"]({
+            jwk: serverKeypair["private"]
+          }).then(function(privateKey) {
+            var CSR, PEM, punycode;
+            CSR = require('@root/csr');
+            PEM = require('@root/pem');
+            punycode = require('punycode');
+            return CSR.csr({
+              jwk: serverKeypair["private"],
+              domains: [punycode.toASCII(domain)],
+              encoding: 'der'
+            }).then(function(csrDer) {
+              var csr;
+              csr = PEM.packBlock({
+                type: 'CERTIFICATE REQUEST',
+                bytes: csrDer
+              });
+              return acme.certificates.create({
+                account: account,
+                accountKey: accountKeypair["private"],
+                csr: csr,
+                domains: [domain],
+                challenges: {
+                  'dns-01': dns01
+                }
+              }).then(function(pems) {
+                console.log("Key:");
+                console.log(privateKey);
+                console.log("Cert:");
+                console.log(pems.cert);
+                console.log("Certificate received, saving to key.key and cert.cert!");
+                writeFileSync('./key.key', privateKey);
+                return writeFileSync('./cert.cert', pems.cert);
+              });
+            });
+          });
+        });
+      });
+    });
+  });
+};

dist/index.js

@@ -1,4 +1,4 @@
-var args, ask, dhcpd, httpd, ip, pkg, port, rl, servers, tftp;
+var args, ask, dhcpd, httpd, ip, lecerts, ndns, pkg, port, rl, servers, tftp;
 
 pkg = require('../package.json');
 
@@ -14,25 +14,45 @@ dhcpd = require('./dhcp');
 
 httpd = require('./http');
 
+lecerts = require('./http/lecerts');
+
 port = require('./get-port');
 
 tftp = require('./tftp');
 
+ndns = require('node-named-fixed');
+
 servers = [];
 
 if (args.tftp) {
   servers.push.apply(servers, tftp(args));
 } else if (args.dhcponly) {
   servers.push(dhcpd(ip, args.acsurl, args.acspass));
+} else if (args.certonly) {
+  lecerts(new URL(args.acsurl).hostname);
 } else {
   ask(ip).then(port).then(function(p) {
-    var u, url;
+    var server, u, url;
     u = new URL(args.acsurl || ("http://" + ip));
     u.port = p;
     url = u.toString();
     console.log("listening for cwmp requests at " + url);
     servers.push(dhcpd(ip, url, args.acspass));
-    return servers.push(httpd(ip, p, url));
+    servers.push(httpd(ip, p, url));
+    if (args.dnsserver) {
+      server = ndns.createServer();
+      server.listen(53, ip, function() {
+        return console.log('DNS server started on port 53');
+      });
+      return server.on('query', function(query) {
+        var domain, target;
+        domain = query.name();
+        console.log('DNS Query: %s', domain);
+        target = new ndns.ARecord(ip);
+        query.addAnswer(domain, target, 10);
+        return server.send(query);
+      });
+    }
   });
 }