Skip to content

Instantly share code, notes, and snippets.

@jkctech
Created January 16, 2023 15:51
Show Gist options
  • Save jkctech/9a54951c4401f1d0b507b361c8b4bc92 to your computer and use it in GitHub Desktop.
Save jkctech/9a54951c4401f1d0b507b361c8b4bc92 to your computer and use it in GitHub Desktop.
Bypass for Ziggo modems forced password strength

Bypass for Ziggo modems forced password strength

In my use case I HAD to implement an 8 character password for my WiFi network. However, this was not accepted since Ziggo modems require you to have at least 10 characters as a password.

I fixed that :)

In the sourcecode of the WebUI it's easy to spot where the strength validation is happening. By simply disabling the return statements (Therefore just ignoring the errors) we can force the modem to accept the new password even though it does not meet the required limits.

How to use:

  1. Navigate to the Wireless page and fill in your desired (weak) password / SSID
  2. Copy the raw contents of passfix.js
  3. Open your browser's debug window using F12
  4. Paste the contents of your clipboard into the JavaScript console and press Enter
  5. Click the Save button on the bottom of the Wireless page and ignore any warnings that come up
  6. After about a minute, reload the page if it has not done so by itself
  7. Enjoy your freedom :)
// Disabled returns on SSID and password checks...
// Did not bother to remove them for the sake of keeping stuff together
function setWirelessAccessFix(){
$(bubblecontent).empty();
if(!checkPskey(0) && ($("#wlSecurity").val() != "0")){
NoticeStrart("w_sec01","setWirelessBasic()");
$('.PasswordErrorMessage2G').hide();
$('#PasswordErrorMessage2G,.WifiSufficient2G').show();
$('#wlSecKey').addClass('error');
//return changeBoth['TriggerClick']=false;
}
if(!checkPskey(1) && ($("#wlSecurity5G").val() != "0")){
NoticeStrart("w_sec01","setWirelessBasic()");
$('.PasswordErrorMessage5G').hide();
$('#PasswordErrorMessage5G,.WifiSufficient5G').show();
$('#wlSecKey5G').addClass('error');
//return changeBoth['TriggerClick']=false;
}
if(!checkSSID(0)){
//console.log('SSID error');
//return changeBoth['TriggerClick']=false;
}
if(!checkSSID(1)){
//console.log('SSID error');
//return changeBoth['TriggerClick']=false;
}
if(PWstrength2G==0 && ($("#wlSecurity").val() != "0")){
NoticeStrart("w_sec01","setWirelessBasic()");
$('.PasswordErrorMessage2G').hide();
$('#PasswordErrorMessage2G,.WifiSufficient2G').show();
$('#wlSecKey').addClass('error');
//return changeBoth['TriggerClick']=false;
}
if(PWstrength5G==0 && ($("#wlSecurity5G").val() != "0")){
NoticeStrart("w_sec01","setWirelessBasic()");
$('.PasswordErrorMessage5G').hide();
$('#PasswordErrorMessage5G,.WifiSufficient5G').show();
$('#wlSecKey5G').addClass('error');
//return changeBoth['TriggerClick']=false;
}
//set security
var wlSecurity2g = 0;
var wlWpaalg2g = 0; //NONE
var wlSecurity5g = 0;
var wlWpaalg5g = 0;
switch($('#wlSecurity').val()){
case '0': //disable(0);
wlSecurity2g=0;
wlWpaalg2g=0
break;
case '4': //WPA2PSK
wlSecurity2g=4;
wlWpaalg2g=2
break;
case '8': //WPAPSK/WPA2PSK
wlSecurity2g=8;
wlWpaalg2g=3
break;
}
switch($('#wlSecurity5G').val()){
case '0': //disable(0);
wlSecurity5g=0;
wlWpaalg5g=0
break;
case '4': //WPA2PSK
wlSecurity5g=4;
wlWpaalg5g=2
break;
case '8': //WPAPSK/WPA2PSK
wlSecurity5g=8;
wlWpaalg5g=3
break;
}
var wlBandMode2g = BssEnable2g;
var wlBandMode5g = BssEnable5g;
var wlSsid2g = $('#wlSsid').val();
var wlSsid5g = $('#wlSsid5G').val();
var wlHiden2g = $('input[name=BroadRadio2G]:checked').val();
var wlHiden5g = $('input[name=BroadRadio5G]:checked').val();
var wlPSkey2g = $('#wlSecKey').val();
var wlPSkey5g = $('#wlSecKey5G').val();
if(CheckPrimaryGuestPWIsSame(wlPSkey2g))
{
$('.PasswordErrorMessage2G').hide();
$('#PasswordErrorMessage2G,.WifiSamePwd2G').show();
return changeBoth['TriggerClick']=false;
}
if(CheckPrimaryGuestPWIsSame(wlPSkey5g))
{
$('.PasswordErrorMessage5G').hide();
$('#PasswordErrorMessage5G,.WifiSamePwd5G').show();
return changeBoth['TriggerClick']=false;
}
var CI = 0;// Current Interface
if((!checkIsChange("ACL")) && !checkIsChange("Basic")){
waitTimeScreen("../wifi_page/WirelessSecurity.html",1,"c_43","wait-massage");
return;
}
//note:the BandMode here is BssEnable for primary SSID,not real BandMode
for(var i=0; i<MacArray24G[CI].length; i++){
if(MacArray24G[CI][i] == "")
MacArray24G[CI][i] = "00:00:00:00:00:00";
}
for(var i=0; i<MacArray5G[CI].length; i++){
if(MacArray5G[CI][i] == "")
MacArray5G[CI][i] = "00:00:00:00:00:00";
}
var data = {
'fun': 321,
'wlBandMode2g':wlBandMode2g, 'wlBandMode5g':wlBandMode5g,
'wlSsid2g':wlSsid2g, 'wlSsid5g':wlSsid5g,
'wlHiden2g':wlHiden2g, 'wlHiden5g':wlHiden5g,
'wlPSkey2g':wlPSkey2g, 'wlPSkey5g':wlPSkey5g,
'wlSecurity2g':wlSecurity2g, 'wlSecurity5g':wlSecurity5g,
'wlWpaalg2g':wlWpaalg2g, 'wlWpaalg5g':wlWpaalg5g,
'WiFiAccessMode': $('input[name=2GMacFilter]:checked').val(),
'DeviceName_2G_01':DeviceNameArray24G[CI][ 0], 'DeviceName_2G_02':DeviceNameArray24G[CI][ 1],
'DeviceName_2G_03':DeviceNameArray24G[CI][ 2], 'DeviceName_2G_04':DeviceNameArray24G[CI][ 3],
'DeviceName_2G_05':DeviceNameArray24G[CI][ 4], 'DeviceName_2G_06':DeviceNameArray24G[CI][ 5],
'DeviceName_2G_07':DeviceNameArray24G[CI][ 6], 'DeviceName_2G_08':DeviceNameArray24G[CI][ 7],
'DeviceName_2G_09':DeviceNameArray24G[CI][ 8], 'DeviceName_2G_10':DeviceNameArray24G[CI][ 9],
'DeviceName_2G_11':DeviceNameArray24G[CI][10], 'DeviceName_2G_12':DeviceNameArray24G[CI][11],
'DeviceName_2G_13':DeviceNameArray24G[CI][12], 'DeviceName_2G_14':DeviceNameArray24G[CI][13],
'DeviceName_2G_15':DeviceNameArray24G[CI][14], 'DeviceName_2G_16':DeviceNameArray24G[CI][15],
'MAC_2G_By_01_08':(MacArray24G[CI][ 0]+MacArray24G[CI][ 1]+MacArray24G[CI][ 2]+MacArray24G[CI][ 3]+MacArray24G[CI][ 4]+MacArray24G[CI][ 5]+MacArray24G[CI][ 6]+MacArray24G[CI][ 7]).replace(/:/g,''),
'MAC_2G_By_09_16':(MacArray24G[CI][ 8]+MacArray24G[CI][ 9]+MacArray24G[CI][10]+MacArray24G[CI][11]+MacArray24G[CI][12]+MacArray24G[CI][13]+MacArray24G[CI][14]+MacArray24G[CI][15]).replace(/:/g,''),
'DeviceName_5G_01':DeviceNameArray5G[CI][ 0], 'DeviceName_5G_02':DeviceNameArray5G[CI][ 1],
'DeviceName_5G_03':DeviceNameArray5G[CI][ 2], 'DeviceName_5G_04':DeviceNameArray5G[CI][ 3],
'DeviceName_5G_05':DeviceNameArray5G[CI][ 4], 'DeviceName_5G_06':DeviceNameArray5G[CI][ 5],
'DeviceName_5G_07':DeviceNameArray5G[CI][ 6], 'DeviceName_5G_08':DeviceNameArray5G[CI][ 7],
'DeviceName_5G_09':DeviceNameArray5G[CI][ 8], 'DeviceName_5G_10':DeviceNameArray5G[CI][ 9],
'DeviceName_5G_11':DeviceNameArray5G[CI][10], 'DeviceName_5G_12':DeviceNameArray5G[CI][11],
'DeviceName_5G_13':DeviceNameArray5G[CI][12], 'DeviceName_5G_14':DeviceNameArray5G[CI][13],
'DeviceName_5G_15':DeviceNameArray5G[CI][14], 'DeviceName_5G_16':DeviceNameArray5G[CI][15],
'MAC_5G_By_01_08':(MacArray5G[CI][ 0]+MacArray5G[CI][ 1]+MacArray5G[CI][ 2]+MacArray5G[CI][ 3]+MacArray5G[CI][ 4]+MacArray5G[CI][ 5]+MacArray5G[CI][ 6]+MacArray5G[CI][ 7]).replace(/:/g,''),
'MAC_5G_By_09_16':(MacArray5G[CI][ 8]+MacArray5G[CI][ 9]+MacArray5G[CI][10]+MacArray5G[CI][11]+MacArray5G[CI][12]+MacArray5G[CI][13]+MacArray5G[CI][14]+MacArray5G[CI][15]).replace(/:/g,'')
};
var waitScreen = function(){
waitTimeScreen("",35,"c_43","wait-massage",updatesuccess);
setTimeout(function(){
CheckWifiStatus("wifi_page/WirelessSecurity.html");
}, 30 * 1000);
}
GlobalSt["waitTimeScreen"] = false;
ajaxSet(data,waitScreen,NoneAction,updateerror);
}
@Rafaeltheraven
Copy link

This didn't work for me anymore. With current firmware, pasting the following function in the console works:

function getPasswordStrengthLevel(x, y) {
    return true;
}

Cheers

@erikdendekker
Copy link

Method from @Rafaeltheraven was very simple and worked perfectly,.. small modification required for current firmware version:

function getPasswordStrengthLevel(x, y) {
    return 3;
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment