update for new modem firmware

mdonoughe · Oct 21, 2021 · b8e0cba · b8e0cba
1 parent 83f3d91
commit b8e0cba
Show file tree

Hide file tree

Showing 4 changed files with 232 additions and 21 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "modem_status"
-version = "0.1.0"
+version = "0.2.0"
 authors = ["Matthew Donoughe <mdonoughe@gmail.com>"]
 edition = "2018"
 
@@ -12,7 +12,7 @@ name = "modem_status"
 [dependencies]
 base64 = "0.13"
 lazy_static = "1"
-reqwest = "0.10"
+reqwest = { version = "0.10", features = ["cookies"] }
 serde = { version = "1", features = ["derive"] }
 tokio = { version = "0.2", features = ["macros", "rt-threaded"] }
 unhtml = { version = "0.8", features = ["derive"] }

diff --git a/README.md b/README.md
@@ -5,18 +5,18 @@ This is a small tool to workaround a firmware upgrade Comcast pushed out to my A
 The modem firmware is pretty terrible, so the process is:
 
 1. Send HTTP Basic authorization *and* the same "user:password" token as a query string (not a query string parameter) to the status page. On success, the status page will be replaced by a token. On failure, the status page will be replaced by the login page.
-2. Request the status page again, sending the token as an HTTP cookie.
+2. Request the status page again, sending the token as a query string (again, not a query parameter).
 3. Request logout.html to clean up resources. If you do not do this, a resource will be exhausted and you will no longer be able to log in until logout.html is requested.
 
-The modem interface is loaded over TLS 1.2, but using an expired, insecure, self-signed certificate that is not valid for the modem IP or even server identification. I assume all users have the same private key embedded in their firmware. The security is so bad that actually Windows software may refuse to connect, probably because of the md5RSA signature algorithm.
+The modem interface is loaded over TLS 1.2, but using a self-signed certificate that is not valid for the modem IP or even server identification. I assume all users have the same private key embedded in their firmware.
 
 ## Usage
 
 Configure the environment variables:
 
 - `MODEM_IP`: The IP address of the modem. The default of 192.168.100.1 is probably correct.
 - `MODEM_USER`: The username for authenticating to the modem. The default of admin is probably correct.
-- `MODEM_PASSWORD`: The password for authenticating to the modem. If you haven't changed it, it is the last eight characters of the serial number printed on the bottom of the modem, in uppercase.
+- `MODEM_PASSWORD`: The password for authenticating to the modem. If you haven't changed it already, it is the last eight characters of the serial number printed on the bottom of the modem, in uppercase. You must log in to the modem and change the password at least once before using this program.
 
 Run modem_status.