Decrypt /data/devicelist.json fails

[foxmulder4223]

Hey Aaron,

love the work you have done. For getting the status everything works like a charm, but now I am facing a new problem. I want to build a monitor for all my devices listed in my network. The url http://192.168.2.1/data/devicelist.json should give me said list. Unfortunately if I try your status code on the devicelist url the output is

Decryption or JSON parsing failed: MAC check failed

Since you have a pretty amazing knowledge about defferent router addresses, is there some other page than http://192.168.2.1/js/jquery-addons.js where I can check the key? Because this one does not seem to work for devices...

[aaronk6]

Hi Daniel,

Here is my guess: The device list is probably only available when you’re logged in, and therefore not using the default encryption key. Instead, there could be a session token that is used for the encryption. If properly implemented, this token should change on every login. So you will need to update your script to also handle the login. I suggest you open your browser’s dev tools and log in to the web UI. Check the response of the login route if this gives you something that could be the encryption key. Maybe it’s more complicated than that—if so, I’d try debugging through the JavaScript to understanding where the encryption key is coming from. A starting point could be the decryptccm function.

I can’t test this since my Speedport is running in modem mode where no login functionality exists.

[foxmulder4223]

Hi Aaron,

you are right. From what I get is inside of the local storage the var key = getFromLocal("challenge_val"); gets after every login a new value to decrypt the data. This key overwrites the default key, whenever it is not empty/NULL. I try to get it, but so far no luck. I will notify you, if anything changes :-)