#!/usr/bin/perl # $Id: challenge.cgi,v 2.6 2020/03/23 21:59:22 jeff Exp $ use strict; use Socket; use CGI; sub get_response { my $server_ip_address = inet_aton('ll.arpa.net') or return ''; my $server_port = (getservbyname('nntp', 'tcp') or 119); socket(REMOTE, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or return ''; select REMOTE; $| = 1; select STDOUT; # make network writes unbuffered alarm 600; connect(REMOTE, sockaddr_in($server_port, $server_ip_address)) or return ''; $SIG{PIPE} = 'IGNORE'; print REMOTE @_ or return ''; shutdown(REMOTE, 1) or return ''; local $/ = undef; $_ = ; close REMOTE; $SIG{PIPE} = 'DEFAULT'; return $_; } print << 'EOF'; Content-type: text/html Alcatel Challenge/Response Security

Alcatel "EXPERT" Mode Challenge/Response

This page computes and displays the appropriate response to the challenge string presented by an Alcatel ADSL modem when entering "EXPERT" mode from the command line interpreter.

EOF my $particle = 'the'; my $c = CGI::param('c'); CGI::delete('c'); if (defined $c and length $c and defined $ENV{'REQUEST_METHOD'} and $ENV{'REQUEST_METHOD'} eq 'POST') { print '

'; my $agreements = 0; foreach my $i (1 .. 7) { $_ = CGI::param("q$i"); if (defined) { $agreements++ if ($_ eq 'y'); CGI::delete("q$i"); } } if (defined CGI::param) { print "Unexpected CGI parameters.
\nPlease do not hack this script."; } elsif ($agreements != 7) { print 'You must agree to ALL of the statements below.'; } elsif ($c =~ /^[- A-Za-z0-9\(\)\']{20,40}$/) { my $response = get_response $c; if (defined $response) { if (length $response) { print "For challenge string\n$c
\nthe response is $response"; $particle = 'another'; } else { print "Server failure while computing the response.\nTry again later."; } } else { print "Unable to determine the response for challenge string\n$c
\nYou may have typed it incorrectly or your modem may be too new for our algorithm."; } } else { print "Syntax error in challenge string\n$c"; } print "
\n\n"; } print "
\n\nTo receive $particle \"EXPERT\" mode response you must agree to the following\nstatements.

\n"; print << 'EOF';
 YES
 NO		 I understand that "EXPERT" mode exists primarily for (Alcatel) experts to perform low level troubleshooting. Use of this mode can cause loss of service, or damage to or destruction of the Speed Touch device. It was not intended for end-user use.
 YES
 NO		 I understand that "EXPERT" mode provides facilities by which the device can easily be damaged or rendered permanently useless, either accidentally or intentionally. I accept full responsibility for any damage or destruction that may result from my use of this information.
 YES
 NO		 I choose to use this information at MY own risk, and that my service provider may then refuse to give me any support, regardless of whether or not it disrupts my service or renders my equipment unusable.
 YES
 NO		 I understand that using this information may void my warranty or be in violation of my contractual agreement with my service provider.
 YES
 NO		 I will not use -- nor permit others to use -- this information to gain unauthorized access to any Speed Touch, 1000 ADSL, or similar device.
 YES
 NO		 I absolve SDSC and the information providers from any responsibility for loss, damage or inconvenience, or breach of contract that may result from my use of this information.
 YES
 NO		 THIS INFORMATION AND/OR SOFTWARE IS PROVIDED BY THE AUTHOR OF THIS ARCHIVE "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. I ABSOLVE THE AUTHORS, SDSC, AND UCSD FROM ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

IN NO EVENT SHALL THE PARTIES DESCRIBED ABOVE BE LIABLE FOR THIRD PARTY INTERFERENCE WITH CONTRACTUAL RELATIONS AS BETWEEN MYSELF, MY SERVICE PROVIDER, AND/OR ALCATEL.

Enter challenge string:
Example: 'SpeedTouch (00-90-D0-00-00-00)'

[ return to Alcatel self-help guide ]
EOF 1;