BCM50 / BCM200 / BCM400 / BCM450 nnsupport Password Of The Day

The following was discovered by Zman37 on the TekTips forum. I’ve reposted it here to ensure it’s survival!

Alright, I figured it out! The “shared sec” turned out to be the Nortel Support Challenge key. I tested this algorithm on a BCM50 R3 and R6 and it works on both of them, so I believe it is the one for all BCM’s.

————————————————————–

(Note from Alex: I’ve tested R2, R3 and R5 systems and it works. R1 uses a different algorithm which is noted below. I have not tested R1 personally, but am told it works. R6 has been tested and is known to work. BCM400 Release 4.0 onwards works using this generator (verified using existing passwords of the day which match the generator output) so should work for BCM200 Release 4.0 onwards also and BCM450. If you have any passwords and the dates, run them through the generator – if they match, try today’s date and system ID and give it a whirl. Let me know your results!)
————————————————————–

nnsupport Password of the day (potd) algorithm for the bcm50

Three components are needed for the password of the day calculation:
-The date in the form dd/mm/yyyy
-The system ID
-Nortel Support Challenge key (default is “trust no one”, can be found in the element manager under Configuration->Administrator Access->Security Policies)

1. Enter the date
The date is entered into the string “W — POD dd/mm/yyyy — BCM — C”
2. Generate an SHA-1 hash of the components
R1:SHA-1(date string + challenge key + system id + “nnsupport”)
R2-R6: SHA-1(“nnsupport” + challenge key + date string + system id)
3. Take every other byte of the first 16 bytes of the SHA-1 hash so you have 8 bytes total
4. Retrieve the 10’s place from each byte (Ex. 6D would get 6)
5. Use as index to retrieve value from the following array:
“01234567890876540”
(6th index would be 6)
6. Take value and multiply by 10 (6*10 = 60)
7. Retrieve 1’s place from each byte (Ex. 6D would get D)
8. Use as index to retrieve value from the same array
“01234567890876540”
(Dth (13th) index would be 6)
9. Add the two numbers together (60 + 6 = 66)
10. Append to password of the day output string. If number is less than 10, prepend a zero. (Ex if the number was 7, print 07)
After 8 iterations, one for each byte, you end up with a 16 digit password of the day.

——————————————————————————————-
Complete example for a R2-R6 system.

Date: 15/3/2013
System ID: 001122334455
Challenge key: trust no one

1. Enter date

“W — POD 15/03/2013 — BCM — C”

2. SHA-1 Hash

SHA-1(“nnsupporttrust no oneW — POD 15/03/2013 — BCM — C001122334455”)

SHA-1 Hash 32db0ef4561237cb289587df81b3766fccdb86de

3. Select every other of the first 16 bytes

32 0e 56 37 28 87 81 76

4. Get 10’s place

3 0 5 3 2 8 8 7

5. Select from array

Array:01234567890876540
Index:0123456789abcdef

3 0 5 3 2 8 8 7

6. Multiply by 10

30 0 50 30 20 80 80 70

7. Get 1’s place

2 e 6 7 8 7 1 6

8. Select from array

Array:01234567890876540
Index:0123456789abcdef

2 5 6 7 8 7 1 6

9. Add the two numbers

30 00 50 30 20 80 80 70
2 5 6 7 8 7 1 6
———————+
32 05 56 37 28 87 81 76

10. Combine prepending 0 to all single digit numbers

32 05 56 37 28 87 81 76

3205563728878176

Congratulations, you now have the password of the day!

 

I have written a password generator, available here: http://www.cyberprog.net/bcm/potd.asp

Posted in BCM50, Phone Systems

One Response to “BCM50 / BCM200 / BCM400 / BCM450 nnsupport Password Of The Day”


Leave a Reply


Powered by WordPress. Designed by Försäkra Online.