search

Art-of-WiFi / UniFi-API-browser

Tool to browse data exposed by Ubiquiti's UniFi Controller API
MIT License
1.1k stars 150 forks source link

Access to WLAN password #94

Closed KetchupBomb closed 2 years ago

KetchupBomb commented 2 years ago

When you load the Unifi Controller > Network web UI, you can navigate to WiFi, load an individual network, and peek at the password in plain text:

image

Within the Unifi API Browser, the closest Collection I can find is list wlan configuration, but there is no reference to the WLAN password in the output.

Is there another Collection I should be viewing? Is this field something the Unifi API Browser can gain access to?

malle-pietje commented 2 years ago

The key to look for is x_passphrase.

KetchupBomb commented 2 years ago

@malle-pietje , there is no x_passphrase key in the list wlan configuration Collection. Is it in another Collection? The only key in list wlan configuration that has "pass" in its name is radius_macacl_empty_password.

Is this field only accessible through the Unifi API Client?

Edit: The Unifi API Client also doesn't list this field with the ->list_wlanconf() call. I'll keep searching other API Collections, but I think this question needs another answer since x_password isn't seemingly available.

malle-pietje commented 2 years ago

@KetchupBomb it should actually be there if the SSID is protected with a WPA2 password/passphrase.

malle-pietje commented 2 years ago

@KetchupBomb If this is password to be entered through the captive portal you can find it in the guest_access section of the list site settings output.

I personally find the new interface very confusing when it comes to setting up guest networks and always switch to the classic interface to get access to all controls.

KetchupBomb commented 2 years ago

@malle-pietje, this is a WPA2 network that I made on the UDM-Pro web UI. It is not associated with any captive or guest portals. And the "x_passphrase" is definitely not present -- both the API Browser web UI, and the API Client do not list this key for any of my WiFi networks.

Is there a PHP recipe I can run to convince you? Is there additional information I can provide to debug why it's not showing when it seems like it should be?

malle-pietje commented 2 years ago

No need to convince me😉 Can you share a screenshot of the list of wireless networks using the classic interface?

malle-pietje commented 2 years ago

Also, which version of the Network Application are you running and which UDM firmware version?

KetchupBomb commented 2 years ago

UDM-Pro Unifi OS Version: 1.10.4 Unifi Network Version: 6.4.54

The WiFi in question is "Aperture Science" (though they're all configured the same, save the network/VLAN with which they're associated). Images attached. Screen Shot 2021-11-06 at 4 30 20 PM Screen Shot 2021-11-06 at 4 30 37 PM Screen Shot 2021-11-06 at 4 31 16 PM

Here's the JSON WLAN configuration for Aperture Science in the API Browser (the API Client seems to be very similar, if not exactly the same):

``` { "_id": "REDACTED", "ap_group_ids": [ "REDACTED" ], "enabled": true, "fast_roaming_enabled": false, "hide_ssid": false, "name": "Aperture Science", "networkconf_id": "REDACTED", "pmf_mode": "disabled", "usergroup_id": "REDACTED", "wlan_band": "both", "wpa_enc": "ccmp", "wpa3_support": false, "wpa3_transition": false, "wpa3_fast_roaming": false, "wpa3_enhanced_192": false, "group_rekey": 0, "uapsd_enabled": false, "mcastenhance_enabled": false, "no2ghz_oui": false, "bss_transition": true, "proxy_arp": false, "l2_isolation": false, "b_supported": false, "dtim_mode": "default", "minrate_ng_enabled": true, "minrate_ng_data_rate_kbps": 6000, "minrate_ng_advertising_rates": false, "minrate_na_enabled": false, "minrate_na_data_rate_kbps": 6000, "minrate_na_advertising_rates": false, "mac_filter_enabled": false, "mac_filter_policy": "allow", "mac_filter_list": [], "radius_mac_auth_enabled": false, "radius_macacl_format": "none_lower", "security": "wpapsk", "wpa_mode": "wpa2", "radius_das_enabled": false, "site_id": "REDACTED", "iapp_enabled": true, "auth_cache": false, "bc_filter_enabled": false, "bc_filter_list": [], "country_beacon": false, "dpi_enabled": false, "element_adopt": false, "is_guest": false, "p2p": false, "p2p_cross_connect": false, "radius_macacl_empty_password": false, "rrm_enabled": false, "sae_groups": [], "sae_psk": [], "sae_psk_vlan_required": false, "schedule": [], "schedule_enabled": false, "schedule_reversed": false, "schedule_with_duration": [], "tdls_prohibit": false, "vlan_enabled": false, "optimize_iot_wifi_connectivity": true, "dtim_ng": 1, "dtim_na": 3 } ```
malle-pietje commented 2 years ago

OK, I fired up the UDM PRO in our test lab and can see the password for a newly created SSID using the API Browser tool:

    {
        "_id": "6187d73ff392af04e887cac5",
        "enabled": true,
        "wpa3_support": false,
        "wpa3_transition": false,
        "security": "wpapsk",
        "wep_idx": 1,
        "wpa_mode": "wpa2",
        "wpa_enc": "ccmp",
        "pmf_mode": "disabled",
        "pmf_cipher": "auto",
        "usergroup_id": "6107bdff7fe01f067b62b78e",
        "wlan_band": "both",
        "ap_group_ids": [
            "6107bdff7fe01f067b62b798"
        ],
        "dtim_mode": "default",
        "dtim_ng": 1,
        "dtim_na": 3,
        "minrate_ng_enabled": false,
        "minrate_ng_advertising_rates": false,
        "minrate_ng_data_rate_kbps": 1000,
        "minrate_na_enabled": false,
        "minrate_na_advertising_rates": false,
        "minrate_na_data_rate_kbps": 6000,
        "mac_filter_enabled": false,
        "mac_filter_policy": "allow",
        "mac_filter_list": [],
        "bc_filter_enabled": false,
        "bc_filter_list": [],
        "group_rekey": 3600,
        "hotspot2conf_enabled": false,
        "bss_transition": true,
        "auth_cache": true,
        "schedule_enabled": false,
        "name": "My test WPA SSID",
        "x_passphrase": "dezeisgeheim",
        "networkconf_id": "6107bdff7fe01f067b62b78d",
        "radius_das_enabled": false,
        "site_id": "6107bdf97fe01f067b62b77a",
        "iapp_enabled": true,
        "x_iapp_key": "40c5a28515861cc58685abfe39db3942",
        "optimize_iot_wifi_connectivity": false,
        "dtim_6e": 3,
        "wlan_bands": [
            "2g",
            "5g"
        ]
    }

The SSID was created through the Classic interface like so: Screenshot 2021-11-07 144338

Versions are:

malle-pietje commented 2 years ago

The same applies to our software-based controller running version 6.4.54.

malle-pietje commented 2 years ago

The only remaining thing I can think of is the permissions of the admin account you're using to connect through the API.

KetchupBomb commented 2 years ago

The only remaining thing I can think of is the permissions of the admin account you're using to connect through the API.

You're right. I set the account to be "View Only" initially. When I switch it to "Administrator" (or "Site Admin"), I am able to see the x_password field. I may have missed documentation that points this out (sorry!). It's strange that this nuance of read vs write permissions causes some fields to display or not. 🤷‍♂️

Thanks for your patience and help.

malle-pietje commented 2 years ago

Thanks for the feedback, good to hear. Will add a note to the README for the PHP API client to reflect your findings (not something I’d seen before myself).

KetchupBomb commented 2 years ago

@malle-pietje, btw, I bet this is exactly what was happening in https://github.com/Art-of-WiFi/UniFi-API-client/issues/129.

cc @NickDunas

malle-pietje commented 2 years ago

Yes, correct. I've added a note on this to the README files for both the API Client and the API Browser. Thanks for your help with this!