search

DavidFW1960 / Aussie-Broadband-Usage-Meter

Usage Meter for Aussie Broadband
5 stars 4 forks source link

Authentication problems #1

Closed nclemeur closed 6 years ago

nclemeur commented 6 years ago

I am experiencing problems to authenticate. I think it can come from 2 sources:

o the encryption/decryption mechanism does work properly for complicated passwords o (quite likely) the parameters send in the request are not URL encoded

DavidFW1960 commented 6 years ago

I have a pretty complicated password and have not seen any issue. When I changed my password at Aussie it didn't like that much though..... Ha.

The password is stored in an encrypted text file at C:\Users\user-name-here\AppData\Roaming\Rainmeter-ABB Maybe try closing rainmeter and deleting the files in there and restarting it.

My password is upper, lower, numbers and a special character and is 16 digits long. I have had issues with characters in other programs that don't like 'reserved' characters and need them to be escaped (like < or >). You also might have put in the wrong password when you initially entered it? If you want to email me your password I can try changing my password at Aussie to that and testing it there. david@wilfam.net

nclemeur commented 6 years ago

I am pretty sure my password was correct. I tried twice by deleting the files containing the password. I also tried to return the password as is from the Decrypt function, but it still did not work. So I just used a browser and recorded the value that was sent for my password (in the network log) and the password is definitely URL encoded. So I just copied the Url encoded version and hard coded it in the usage script and it worked.

To give you an idea, my password is along the line of:

RM]%9^t('+>K3!dC^zW(:

So in summary, I am pretty sure it is broken. The encrypt/decrypt function might work correctly, but the url encoding is missing (unless you are doing it the encrypt function, and then the encrypt/decrypt mechanism is broken).

DavidFW1960 commented 6 years ago

OK I changed my password to your 'idea' above, deleted my config files and refreshed the skin. Entered the new username and password and it is working as normal. Can't find an issue.

EDIT: Scratch that. It doesn't work. Not sure what I can do about that.

DavidFW1960 commented 6 years ago

Hmm..... I might post a job on upwork to see if someone can debug the encrypt/de-encrypt function but of course I'm not selling this usage meter. I'll see if I can get it fixed economically.

nclemeur commented 6 years ago

I manage to get it to work by simply adding a URLEncode function. Seems that the decrypt/encrypt function work.

Then you need to use that function right after you have decrypted the password.

https://www.experts-exchange.com/questions/26732683/UrlEncode-Using-Wscript.html

Function URLEncode(StringToEncode)
  Dim TempAns, CurChr, iChar
  CurChr = 1
  Do Until CurChr - 1 = Len(StringToEncode)
    iChar = Asc(Mid(StringToEncode, CurChr, 1))
    If (iChar > 47 And iChar < 58)  Or (iChar > 64 And iChar < 91) Or (iChar > 96 And iChar < 123) Then
      TempAns = TempAns & Mid(StringToEncode, CurChr, 1)
    ElseIf iChar = 32 Then
      TempAns = TempAns & "%" & Hex(32)      
    Else
      TempAns = TempAns & "%" & Right("00" & Hex(Asc(Mid(StringToEncode, CurChr, 1))), 2)
    End If
    CurChr = CurChr + 1
  Loop
  URLEncode = TempAns
End Function
DavidFW1960 commented 6 years ago

So - if I open up the ABB-usage.vbs and insert that function at line 222 is that all I need to do? Do I need to edit the values being parsed in that function at all? Do I need to make any other changes to the script so that function is called? Are you able to email me the whole vbs file you are using? (that is working)

I did actually post a job for this on upwork but if you've got a working solution I'll update the script for the benefit of everyone.

nclemeur commented 6 years ago

Just send you a pull request

DavidFW1960 commented 6 years ago

ok if all went well I just merged it. I'll download it and see how we go here and then I'll update the rmskin

DavidFW1960 commented 6 years ago

It doesn't like chr on line 217 Invalid Procedure Call or Argument

nclemeur commented 6 years ago

Sorry I did not do it properly or the merge did not work... But the lines 106 and 107 should actually be after reading the password (ie before line 115 [Set wxml = CreateObject(..])

Cheers

On Fri, May 18, 2018 at 1:48 PM DavidFW1960 notifications@github.com wrote:

It doesn't like chr on line 217 Invalid Procedure Call or Argument

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/DavidFW1960/Aussie-Broadband-Usage-Meter/issues/1#issuecomment-390086032, or mute the thread https://github.com/notifications/unsubscribe-auth/AGzW2hWtKT0z_J3wWx8xjpBeYwScO-I4ks5tzkR-gaJpZM4UC8qo .

nclemeur commented 6 years ago

Just created another pull request that should fix it

DavidFW1960 commented 6 years ago

ok! no error now. Just trying to change my aussie password to test that...... Thanks. Fingers crossed.