The commented out section is a "proper" way to do it.
It inserts a new textbox into which you would type your password, then a button to press that hashes the password using the Westpac-provided one time pad and inserts the result into the real password box.
It doesn't work for me and I gave it a shot at fixing it but could not.
Instead I rewrote the bit at the end to just insert the password that's in the source code. This does mean that your password is stored on disk.
// ==UserScript==< >
// @name Westpac Logon< >
// @namespace joelhockey.com< >
// @version 1.4< >
// @description Fix the Westpac logon page to allow normal password entry< >
// @include https://online.westpac.com.au/esis/Login/* < >
// @grant none< >
// ==/UserScript==< >
// new submit function < >
// function newsubmit(event) { < >
// var typedPwd = document.getElementById('pwdinput').value; < >
// var pwdFix = ''; < >
// for (i = 0; i < 6; i++) { < >
// pwdFix += keypadDef['malgm'].charAt(keypadDef['keys'][typedPwd.charAt(i).toUpperCase()]); < >
// } < >
// document.getElementById('password_temp').value=pwdFix; < >
// // alert("hello"); < >
// } < >
< >
// window.addEventListener('btn-submit', newsubmit, true); < >
< >
// // put the pwd box on the screen after username < >
// var username_temp = document.getElementById('username_temp'); < >
// var pwd = document.createElement('div'); < >
// pwd.innerHTML = ''; < >
// username_temp.parentNode.insertBefore(pwd, username_temp.nextSibling); < >
// put your username and password here if you want to < >
// IT IS A SECURITY RISK IF YOU DO!!! < >
document.getElementById('username_temp').value='44455666'; < >
var pwdfix = ''; < >
var typedPwd = 'hunter2'; < >
// console.log(keypadDef['keys']); < >
// console.log(keypadDef['malgm']); < >
for (i = 0; i < 6; i++) { < >
pwdfix += keypadDef['malgm'].charAt(keypadDef['keys'][typedPwd.charAt(i).toUpperCase()]); < >
} < >
// console.log(pwdfix); < >
document.getElementById('password_temp').value=pwdfix;}}} < >