Toxicantidote D-link DIR-505 Shareport file download

D-link DIR-505 Shareport file download

September 2017


Proof of concept code for download of files from a D-link DIR-505 with USB stick using the Shareport service via HTTP. Probably works for similar models too, but might need adjustment of the USB path.

Tested against DIR-505 running firmware version 1.09.

DIR-505 authentication process

When authenticating (using a web browser), the DIR-505 shareport system will direct the user to make a GET request to the login URL with no parameters. This returns a JSON response with several parameters. The two parameters to look out for in this response are 'uid' and 'challenge'. The former will serve as an access key once authenticated, and the latter will be used to hash the password from the login form. The 'uid' value should be saved to a cookie for future use.

Once this JSON reply has been received, the 'challenge' parameter is added to the end of the username and hashed with HMAC-MD5, with the key for this hash being the plaintext password. This operation occurs in javascript on the client side. The hashed value forms the 'password' value for the final login request.

Now that the challenge has been completed, the username and hashed value are posted to the login URL. If successful, the cookie created earlier can now serve as an authentication token for future requests.

You can now make direct requests to the file API to discover files and directories on the connected USB stick. The same token can be used to download files from the USB stick.

Interface bug and limitations

The DIR-505 Shareport system seems to have a bug where read-only users cannot actually view any files on the interface. Because of this, the user used for this example must have read and write access on the Shareport system.

This is a fairly basic example, and does not download files recursively. Feel free to extend the code to support this.

Paths on device

/dws/api/LoginGenerates the challenge key for password hashing and handles the login process.
/dws/api/ListFileLists files on the connected USB device.
/usb_dev/usb_A1/Root folder of the USB device for downloads once authenticated. Note that there are no directory indexes (use the ListFile API above). This path might be different for different devices.


Hosted on Github