Login fails without `_n` parameter (ar_nonce)

[thejsa]

I just found your project whilst researching the Hub 3 as a fellow sufferer of the rather subpar Liberty Global/Arris firmware work and am rather impressed by what you've done so far!

However, when attempting to try this out with my Hub (firmware version 9.1.1802.613), login fails (empty response) despite using the correct password.

After a bit of tinkering, I found that the web client appends two extra query string parameters to the request:

• _n. which is a random five-digit nonce which persists across a session from login to logout (stored in session storage as ar_nonce)
• _, which seems to be the current Unix epoch timestamp (to prevent caching, I imagine; this parameter is apparently optional)

The _n nonce parameter is of particular interest as login requests fail on my Hub unless it is set. Here is the relevant code for generating it, from the web client (in base_95x.js):

function getNonce() {
    var n = getSessionStorage("ar_nonce");
    if (!n) {
        n = "_n="+(""+Math.random()).substr(2,5);
        setSessionStorage("ar_nonce", n);
    }
    return n;
}

Based on this, it looks like we can just generate a random 5-digit integer for this at login and unset it following logout - I'll try to write a patch to do this when I get a moment.

In any case, fabulous work (:

[thejsa]

I should have read the source code more closely - it seems you already generate a nonce parameter! 🤭 It seems something else must be amiss...

[thejsa]

Turned out to be an issue where the firmware can't handle a urlencoded arg parameter on login - fixed by PR #2