New SB8200 firmware might have changed login

[mbentley]

It looks like I have a new firmware from Comcast where it is 1.) allowing me to change the password after manually logging in and 2.) it is changing the auth_url pattern. Instead of auth_url = url + '?' + auth_hash.decode(), it is inserting login_ so the code needs to be updated to auth_url = url + '?login_' + auth_hash.decode(). I am not 100% sure of the behavior but when I inspect the credential variable, it's getting the login page without it.

Here is the cmconnectionstatus.html page that I am currently receiving. It looks like on line 99 that it shows login_ being included but I also do not have a saved page from what it looked like before.

Adding login_ now returns what looks to be a valid credential but I am still not getting stats and am seeing this after getting what appears to be a valid credential:

2021-10-14 12:56:38,288 INFO     Retreiving stats from https://192.168.100.1/cmconnectionstatus.html
2021-10-14 12:56:38,290 DEBUG    Starting new HTTPS connection (1): 192.168.100.1:443
2021-10-14 12:56:38,368 DEBUG    https://192.168.100.1:443 "GET /cmconnectionstatus.html HTTP/1.1" 200 None
2021-10-14 12:56:38,416 ERROR    Authentication error, received login page.  Check username / password.  SB8200 has some kind of bug that can cause this after too many authentications, the only known fix is to reboot the modem.
2021-10-14 12:56:38,416 ERROR    No HTML to parse, giving up until next interval
2021-10-14 12:56:38,417 INFO     clear_auth_token_on_html_error is true, clearing credential token
2021-10-14 12:56:38,417 INFO     Sleeping for 120 second

It seems like something has changed where it might be sending an additional cookie. I see in dev tools in Chrome when trying to figure out what it is doing, it is sending a request header like: Cookie: HttpOnly: true, Secure: true; sessionId=W4y7qJL2bap3Ai3WSixrGU1PHSfXKiE. Not sure if that was the same as before but a quick test with curl shows that this is required For example, this is what it takes to hit the page and get stats:

curl -kvL \
  -H "Cookie: HttpOnly: true, Secure: true; sessionId=W4y7qJL2bap3Ai3WSixrGU1PHSfXKiE"\ 
  "https://192.168.100.1/cmconnectionstatus.html?ct_EpuyMr65P3xW8q9wtZxrv3158yzpfUt"

Also, it looks like it may be adding ct_ in front of the cookie. I didn't see that in the code. I'll try to plug away at it a little bit to see if I can figure out how to adapt it to work but even then, I'll probably need some help with the logic to work with this different auth method without breaking the previous.

[andrewfraley]

It's looking like mine is broken as well so I'm going to assume I also have the new firmware. I'll dig into it sometime in the next few days. Thanks!

[sarabveer]

I have implemented it here: https://github.com/Sarabveer/arris_cable_modem_stats, been running great for 2 weeks now.

[andrewfraley]

Should be good to go with the latest release. @mbentley thanks for alerting me to this. @Sarabveer thanks for your reference, I implemented this a little differently, but you saved me some time for sure.

[mbentley]

Awesome, thanks for the quick work!