-
Notifications
You must be signed in to change notification settings - Fork 2
OIDs Documentation
Authentication
The SuperHub 3's API is designed in an SNMP-compatible way, using OIDs under Arris Interactive LLC's 1.3.6.1.4.1.4115. Unfortunately this OID isn't publicly documented in detail, so any information regarding it can only be discovered through reverse engineering.
- The SuperHub 3 only utilises GET requests to complete operations
- Invalid parameters will result in erroneus HTTP status responses, alongside immature remarks from the firmware writers in the HTTP header
/login?arg=[A]&_n=[B]
The arg parameter is your hub's username and password encoded in Base64. The default username is admin, so assuming your password is 12341234, encoding admin:12341234 would be sufficent.
The _n parameter is a 5-digit nonce, between 10000 and 99999. This is generated by the client, and must be included at the end of all GET requests made to the SuperHub 3. It must remain the same during the duration of the session. For this example, the nonce code used will be 74162.
/login?arg=YWRtaW46MTIzNDEyMzQ=&_n=74162
Using the previous information, we should now be able to log into the router. If the response is empty, it means the password is incorrect. If the password is correct, the response will look similar to the following:
eyAidW5pcXVlIjoiR0NWUHBFTWUiLCAiZmFtaWx5IjoiODUyIiwgIm1vZGVsbmFtZSI6IlRHMjQ5MkxHLTg1IiwgIm5hbWUiOiJhZG1pbiIsICJ0ZWNoIjpmYWxzZSwgIm1vY2EiOjAsICJ3aWZpIjo1LCAiY29uVHlwZSI6IkxBTiIsICJnd1dhbiI6ImYiLCAiRGVmUGFzc3dkQ2hhbmdlZCI6Ik5PIiB9
This encoded response needs to be written to a cookie called 'credential', which along with the nonce generated earlier, will be used to verify your login throughout the session.
It's worth noting that the response data is actually a base64 encoded string - containing model information of your hub, an unique identifier and other miscellaneous information.