Sending SMS messages via bash script using a Huawei E8372 hilink

Question

I am attempting to send an SMS message from a Huawei E8372, which unlike older versions of this product now requires a login (username/password) before it will allow API calls to be made. From https://github.com/arska/e3372/issues/1 I have been able to update the code written by arasaahov as below which gets me past the login step (I can get a SESSION_ID cookie and token)

#!/bin/sh
# Script updated from example here: https://github.com/arska/e3372/issues/1

MODEM_IP="192.168.8.1"
message="Hello world"
phone="PHONE NUMBER HERE"

echo "Get the Session token information from http://$MODEM_IP/api/webserver/SesTokInfo"
curl -s -X GET "http://$MODEM_IP/api/webserver/SesTokInfo" > ses_tok.xml


# Echo the ses_tok.xml file
#cat ses_tok.xml

# Now pull out the important stuff
echo ""
echo ""
echo "Now pull the important stuff out"
COOKIE=`grep "SessionID=" ses_tok.xml | cut -b 10-147`
TOKEN=`grep "TokInfo" ses_tok.xml | cut -b 10-41`
LOGIN_REQ="<request><Username>admin</Username><Password>YWRtaW4=</Password><password_type>3</password_type></request>"

echo "COOKIE: $COOKIE"
echo "TOKEN: $TOKEN"
echo "LOGIN REQ: $LOGIN_REQ"
echo "\n"

# Now lets actually login
curl -v -X POST -d $LOGIN_REQ "http://$MODEM_IP/api/user/login" \
 -H "Cookie: $COOKIE" -H "__RequestVerificationToken: $TOKEN" -H "Content-Type: text/xml" -H 'Connection: keep-alive' \
 --dump-header login_resp_hdr.txt # > /dev/null

# Pull the important parts out
SESSION_ID=$(grep "SessionID=" login_resp_hdr.txt | cut -d ':' -f2 | cut -d ';' -f1)
ADM_TOKEN=$(grep "__RequestVerificationTokenone" login_resp_hdr.txt | cut -d ':' -f2)

echo "\n"
echo "admin SESSION_ID is: $SESSION_ID"
echo "admin TOKEN is: $ADM_TOKEN"

message_data="<request><Index>-1</Index><Phones><Phone>$phone</Phone></Phones><Sca></Sca><Content>hello</Content><Length>5</Length><Reserved>1</Reserved><Date>1</Date></request>"

# Send an SMS
#curl -X POST -d $message_data "http://$MODEM_IP/api/sms/send-sms" -H "Cookie: $SESSION_ID" -H "__RequestVerificationToken: $ADM_TOKEN" -H "Content-Type: text/xml" #--dump-header send_result.txt

curl -v http://192.168.8.1/api/sms/send-sms \
 -H "Cookie: $SESSION_ID" \
 -H "__RequestVerificationToken: $ADM_TOKEN" \
 -H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8" \
 -H "Accept: */*" \
 -H "Referer: http://192.168.8.1/html/smsinbox.html" \
 -H "Content-Type: text/xml" \
 -H "Connection: keep-alive" \
 -H "Origin: http://192.168.8.1" \
 --data $message_data \
 --dump-header send_result.txt

However, I get a error back "100005" which I think means my send-sms command is incorrect. Full output of the script is below:

Get the Session token information from http://192.168.8.1/api/webserver/SesTokInfo


Now pull the important stuff out
COOKIE: SessionID=bqveiiBGuCLn8kzilf/7JGUbly53F9EaGFpcJL5gNkg+HvkhC5NpE51pyC7wrTaZQGOJKfdYqnhGWEGU06BPyyknGvsPZvD2QbPzKPh7GvXIiBBL6N9BW7SnrFYh/X0J
TOKEN: pFAF3FZcWziTDWlthllgIDRGbPSFERuH
LOGIN REQ: <request><Username>admin</Username><Password>YWRtaW4=</Password><password_type>3</password_type></request>


Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying 192.168.8.1...
* TCP_NODELAY set
* Connected to 192.168.8.1 (192.168.8.1) port 80 (#0)
> POST /api/user/login HTTP/1.1
> Host: 192.168.8.1
> User-Agent: curl/7.52.1
> Accept: */*
> Cookie: SessionID=bqveiiBGuCLn8kzilf/7JGUbly53F9EaGFpcJL5gNkg+HvkhC5NpE51pyC7wrTaZQGOJKfdYqnhGWEGU06BPyyknGvsPZvD2QbPzKPh7GvXIiBBL6N9BW7SnrFYh/X0J
> __RequestVerificationToken: pFAF3FZcWziTDWlthllgIDRGbPSFERuH
> Content-Type: text/xml
> Connection: keep-alive
> Content-Length: 106
>
* upload completely sent off: 106 out of 106 bytes
< HTTP/1.1 200 OK
< Date: Thu, 01 Jan 1970 00:00:00 GMT
< Server: WebServer
< Connection: close
< X-Download-Options: noopen
< X-Frame-Options: deny
< X-XSS-Protection: 1; mode=block
< Strict-Transport-Security: max-age=31536000; includeSubdomains
< Cache-Control: no-cache
< Content-Type: text/html
< Content-Length: 61
< __RequestVerificationTokenone:xDaZ9B6udQl7GRMyrfaI7WDKF6hM3Icr
< __RequestVerificationTokentwo:oTKseE/iBAYbF1FUJ8XJ9+/X0ulxh+jt
< __RequestVerificationToken:xDaZ9B6udQl7GRMyrfaI7WDKF6hM3Icr#oTKseE/iBAYbF1FUJ8XJ9+/X0ulxh+jt#4M8V6iAWXbfDDlKW0WSForGtB2ZhuUyC#0FWYnCHKcKRX36MD1tgOkiStsT6OF5+O#iLyskoatpK+Ch6pH4PpgZ8Pr8zErrg9P#0yBQ0bbowQL2iZ3QW3FN4q0Adls16LTR#5P6wjHVOMNgGQYkdvBqohZGyQRTr0968#xEdi5v1dsQerDVYXz1fH4HCHMYnEiwy2#BAMuBOJoiJOY33vUENbN+cnSc3yueLQ6#Or4N+mktvSse35qIh6YqLB3lbf2LccFf#il1DNPB/0iEjUMPBgN9icxp58dkHYdNB#ZkltJCROvVHhKf676y+bhBy1Sv27M2Np#tdZgoksZu2o1q3dvS/oYNRYoH+7kTcuv#oqML4IGNmrS06DR5n6jWjzTA4yYakO0S#5di87l60XdJF0xPs3QSKMt2LELP+pEJA#fhRNe9lpisoy+3hhJyM/FWhKVQ13Lu+k#AagfENLE7/Hqm/RReQi7fKhASsaX6qm8#BL3sFmPVQl4RUYwROo3pY31I1ee0sgCM#u+VyGVo2GBe1tX81gJK+hXoYi2jOo+iE#Y//frYpRi+BaeZ7ziflACD1KNgI7SsNI#KAyJoAu0c9reXYf3oBDyl11rU8pkj16h#Ohc04aUEkes0qw/UaGFwK3l5brC9kfEb#GJS9B0d9cFbi2ChCxD16KxpiCx2H3UZT#ECxR86GG9rxnYkVpENGR8Km0srn/Nc6W#cvBDKis3DNqw7a1mtJkvei/NhyPfg3vw#YBQeG0Btnf03ejEhMp/ciQ2T5Lj93bnL#uJ3K1UMLwjSQw+kq6L7slBZcwHFRDcBf#edK//KWWp6BmUsufzVeIG2TmgBqvZ6gL#12TMh7qa/AuBO+EkgXlvzSax/p4wRAAm#CiZltXfOF4jrSoiUm5MKffam0hBU55+s#FNoUhUP7xQtnyNO3tjX01pTjQbzqwkz9#HgPuo6xLxkBcQ3z7LwReWEohfnrlJNZI#
< Set-Cookie:SessionID=vfyx1z/vIhtiTPJxA3gnptVVeCVwYo18IIuolHeAIbHbsn8xphH++92zOgu4selkbQ+1CyuuC4nvzyrRj/DV/12Jma+nVsewcQyinv9eXGzsxtQcihQeqCp2RMEmm0xy;path=/;HttpOnly;
<
* Curl_http_done: called premature == 0
* Closing connection 0
<?xml version="1.0" encoding="UTF-8"?><response>OK</response>

admin SESSION_ID is: SessionID=vfyx1z/vIhtiTPJxA3gnptVVeCVwYo18IIuolHeAIbHbsn8xphH++92zOgu4selkbQ+1CyuuC4nvzyrRj/DV/12Jma+nVsewcQyinv9eXGzsxtQcihQeqCp2RMEmm0xy
admin TOKEN is: xDaZ9B6udQl7GRMyrfaI7WDKF6hM3Icr
*   Trying 192.168.8.1...
* TCP_NODELAY set
* Connected to 192.168.8.1 (192.168.8.1) port 80 (#0)
> POST /api/sms/send-sms HTTP/1.1
> Host: 192.168.8.1
> User-Agent: curl/7.52.1
> Cookie: SessionID=vfyx1z/vIhtiTPJxA3gnptVVeCVwYo18IIuolHeAIbHbsn8xphH++92zOgu4selkbQ+1CyuuC4nvzyrRj/DV/12Jma+nVsewcQyinv9eXGzsxtQcihQeqCp2RMEmm0xy
> __RequestVerificationToken: xDaZ9B6udQl7GRMyrfaI7WDKF6hM3Icr
> Content-Type: application/x-www-form-urlencoded; charset=UTF-8
> Accept: */*
> Referer: http://192.168.8.1/html/smsinbox.html
> Content-Type: text/xml
> Connection: keep-alive
> Origin: http://192.168.8.1
> Content-Length: 167
>
* upload completely sent off: 167 out of 167 bytes
< HTTP/1.1 200 OK
< Date: Thu, 01 Jan 1970 00:00:00 GMT
< Server: WebServer
< Connection: close
< X-Download-Options: noopen
< X-Frame-Options: deny
< X-XSS-Protection: 1; mode=block
< Strict-Transport-Security: max-age=31536000; includeSubdomains
< Cache-Control: no-cache
< Content-Type: text/html
< Content-Length: 101
< __RequestVerificationToken:QKB4o80G00DALXLfhiwqjhJBhaSuE0mM
<
<?xml version="1.0" encoding="UTF-8"?>
<error>
<code>100005</code>
<message></message>
</error>
* Curl_http_done: called premature == 0
* Closing connection 0
HTTP/1.1 200 OK
Date: Thu, 01 Jan 1970 00:00:00 GMT
Server: WebServer
Connection: close
X-Download-Options: noopen
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubdomains
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 101
__RequestVerificationToken:QKB4o80G00DALXLfhiwqjhJBhaSuE0mM

Can anyone help with what I'm doing wrong? Thanks heaps!

Answer 1

Got it! You have to pass the SESSION_ID cookie to /api/webserver/sesTokInfo to get a new TOKEN (TokInfo) - this replaces the /api/webserver/token call from previous versions of the firmware. So once logged in,

the below gets a new token, stored as ADM_TOKEN

curl -s -X GET "http://$MODEM_IP/api/webserver/SesTokInfo" \
 -H "Cookie: $SESSION_ID" > ses_tok2.xml
ADM_TOKEN=`grep "TokInfo" ses_tok2.xml | cut -b 10-41`

and you can then use that ADM_TOKEN to run the next command

curl -v http://192.168.8.1/api/sms/send-sms \
 -H "Cookie: $SESSION_ID" \
 -H "__RequestVerificationToken: $ADM_TOKEN" \
 -H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8" \
 -H "Accept: */*" \
 -H "Referer: http://192.168.8.1/html/smsinbox.html" \
 -H 'X-Requested-With: XMLHttpRequest' \
 -H "Connection: keep-alive" \
 -H "Origin: http://192.168.8.1" \
 --data $message_data \
 --dump-header send_result.txt

it looks like every command you want to run you have to first get a new token

Answer 2

If you want to log to your modem you have to manipulate your code a little bit more than a simple base64. this is what I found : usually the password is "admin" so I'll start with this.

psd = sha256("admin");
psd = b64(psd);
psd = name + psd + token;
psd = sha256(psd);
psd = b64(psd); 

I took a lot of time to find this on my own project. And now you can log correctly to your E8372.
I hope that will be helpful for someone else.

PS: name is usually "admin" too. And sha256 is an hash method you can find this really easily.

Edit: this answer is not for all type of password, I saw it after you use the type 3 in your question. this response is for the type 4. I think that can still help someone else.