search

andry08 / ArubaOTP-seed-extractor

Extract TOTP seed instead of using ArubaOTP app
MIT License
83 stars 9 forks source link

Error During of the validation of the Seed #8

Closed alpesm closed 3 years ago

alpesm commented 3 years ago

Good moring, i'm experiencing this error:

Traceback (most recent call last): File "./scripts/main.py", line 95, in main extract(args.activation_code, args.only_output, args.show_qr) File "./scripts/main.py", line 23, in extract seed = extractor.extract_otp(activation_code) File "/root/ArubaOTP-seed-extractor/scripts/request.py", line 44, in extract_otp raise Exception('Error occured in seed validation: [{}] {}'.format(resp2['returncode'], resp2['description'])) Exception: Error occured in seed validation: [0005] Validazione licenza fallita sync non riuscito

I've tryed checking the requirement and tried to reinstall the script but is not working.. any suggestion?

zuzzurro commented 3 years ago

Same for me here. It worked fine in early September, but now it doesn't anymore. Help would be appreciated as I had to use it again for another family member. Of course I can try to help in the testing.

paolo-caroni commented 3 years ago

Same for me. Maybe line 9 and line 10 on request.py need an update? ArubaOTP actual version is 2.6.1.

alpesm commented 3 years ago

Same for me. Maybe line 9 and line 10 on request.py need an update? ArubaOTP actual version is 2.6.1.

I think that's the problem too. I've managed to decompile the apk of the app, but i need more guidance on how to find the encryption key.

EDIT: I've compared the two version of the app to find what was changed; those file are changed: Comparison

And in every file modified, this command:

{ throw new Runtime("d2j fail translate: java.lang.RuntimeException: fail exe a4 = a3\n\tat com.googlecode.dex2jar.ir.ts.an.BaseAnalyze.exec(BaseAnalyze.java:92)\n\tat com.googlecode.dex2jar.ir.ts.an.BaseAnalyze.exec(BaseAnalyze.java:1)\n\tat com.googlecode.dex2jar.ir.ts.Cfg.dfs(Cfg.java:255)\n\tat com.googlecode.dex2jar.ir.ts.an.BaseAnalyze.analyze0(BaseAnalyze.java:75)\n\tat com.googlecode.dex2jar.ir.ts.an.BaseAnalyze.analyze(BaseAnalyze.java:69)\n\tat com.googlecode.dex2jar.ir.ts.UnSSATransformer.transform(UnSSATransformer.java:274)\n\tat com.googlecode.d2j.dex.Dex2jar$2.optimize(Dex2jar.java:163)\n\tat com.googlecode.d2j.dex.Dex2Asm.convertCode(Dex2Asm.java:414)\n\tat com.googlecode.d2j.dex.ExDex2Asm.convertCode(ExDex2Asm.java:42)\n\tat com.googlecode.d2j.dex.Dex2jar$2.convertCode(Dex2jar.java:128)\n\tat com.googlecode.d2j.dex.Dex2Asm.convertMethod(Dex2Asm.java:509)\n\tat com.googlecode.d2j.dex.Dex2Asm.convertClass(Dex2Asm.java:406)\n\tat com.googlecode.d2j.dex.Dex2Asm.convertDex(Dex2Asm.java:422)\n\tat com.googlecode.d2j.dex.Dex2jar.doTranslate(Dex2jar.java:172)\n\tat com.googlecode.d2j.dex.Dex2jar.to(Dex2jar.java:272)\n\tat com.googlecode.dex2jar.tools.Dex2jarCmd.doCommandLine(Dex2jarCmd.java:108)\n\tat com.googlecode.dex2jar.tools.BaseCmd.doMain(BaseCmd.java:288)\n\tat com.googlecode.dex2jar.tools.Dex2jarCmd.main(Dex2jarCmd.java:32)\nCaused by: java.lang.NullPointerException\n"); }

Was modified with this value:

{ throw new Runtime("d2j fail translate: java.lang.RuntimeException: fail exe a4 = a3\n\tat com.googlecode.dex2jar.ir.ts.an.BaseAnalyze.exec(BaseAnalyze.java:92)\n\tat com.googlecode.dex2jar.ir.ts.an.BaseAnalyze.exec(BaseAnalyze.java:1)\n\tat com.googlecode.dex2jar.ir.ts.Cfg.dfs(Cfg.java:255)\n\tat com.googlecode.dex2jar.ir.ts.an.BaseAnalyze.analyze0(BaseAnalyze.java:75)\n\tat com.googlecode.dex2jar.ir.ts.an.BaseAnalyze.analyze(BaseAnalyze.java:69)\n\tat com.googlecode.dex2jar.ir.ts.UnSSATransformer.transform(UnSSATransformer.java:274)\n\tat com.googlecode.d2j.dex.Dex2jar$2.optimize(Dex2jar.java:163)\n\tat com.googlecode.d2j.dex.Dex2Asm.convertCode(Dex2Asm.java:414)\n\tat com.googlecode.d2j.dex.ExDex2Asm.convertCode(ExDex2Asm.java:42)\n\tat com.googlecode.d2j.dex.Dex2jar$2.convertCode(Dex2jar.java:128)\n\tat com.googlecode.d2j.dex.Dex2Asm.convertMethod(Dex2Asm.java:509)\n\tat com.googlecode.d2j.dex.Dex2Asm.convertClass(Dex2Asm.java:406)\n\tat com.googlecode.d2j.dex.Dex2Asm.convertDex(Dex2Asm.java:422)\n\tat com.googlecode.d2j.dex.Dex2jar.doTranslate(Dex2jar.java:172)\n\tat com.googlecode.d2j.dex.Dex2jar.to(Dex2jar.java:272)\n\tat com.googlecode.dex2jar.tools.Dex2jarCmd.doCommandLine(Dex2jarCmd.java:108)\n\tat com.googlecode.dex2jar.tools.BaseCmd.doMain(BaseCmd.java:288)\n\tat com.googlecode.dex2jar.tools.Dex2jarCmd.main(Dex2jarCmd.java:32)\nCaused by: java.lang.NullPointerException\n\tat com.googlecode.dex2jar.ir.ts.UnSSATransformer$LiveA.onUseLocal(UnSSATransformer.java:552)\n\tat com.googlecode.dex2jar.ir.ts.UnSSATransformer$LiveA.onUseLocal(UnSSATransformer.java:1)\n\tat com.googlecode.dex2jar.ir.ts.an.BaseAnalyze.onUse(BaseAnalyze.java:166)\n\tat com.googlecode.dex2jar.ir.ts.an.BaseAnalyze.onUse(BaseAnalyze.java:1)\n\tat com.googlecode.dex2jar.ir.ts.Cfg.travel(Cfg.java:331)\n\tat com.googlecode.dex2jar.ir.ts.Cfg.travel(Cfg.java:387)\n\tat com.googlecode.dex2jar.ir.ts.an.BaseAnalyze.exec(BaseAnalyze.java:90)\n\t... 17 more\n"); }

someone can understand it?

paolo-caroni commented 3 years ago

Honestly I don't undestand it, but I have read that the app comunicate with the server with AES-256 and that the key was derived with PBKDF2 algorithm. I don't know what this mean, but maybe can be help.

andry08 commented 3 years ago

I don't think the issue is the key, otherwise it would have failed in the seed request, while the error occurs in the seed validation phase. Maybe they changed it, I will have to take a look at it, thanks for the report.

andry08 commented 3 years ago

So, took a look at the app, and they changed a lot of it. The code duration is now 60 seconds too... It will take me quite a bit of time to figure out all the changes they've made, but in the meanwhile this script is not working sadly. At least the key seems to not have changed, so the hardest part of the project (at the time) is already figured out (I hope). Now I'm studying for university too, so it will take longer for that matter.

andry08 commented 3 years ago

Ok, after a bit of trial and error while looking at the app, they didn't changed much. I will push a commit with a fix in a bit.

ale-saglia commented 2 years ago

I'm getting the same error even after the fix Traceback (most recent call last): File "./scripts/main.py", line 95, in main extract(args.activation_code, args.only_output, args.show_qr) File "./scripts/main.py", line 23, in extract seed = extractor.extract_otp(activation_code) File "/home/alessandro/ArubaOTP-seed-extractor/scripts/request.py", line 44, in extract_otp raise Exception('Error occured in seed validation: [{}] {}'.format(resp2['returncode'], resp2['description'])) Exception: Error occured in seed validation: [0005] Validazione licenza fallita sync non riuscito

Don't know if they changed the system again

ale-saglia commented 2 years ago

Ok, I've fixed the problem. The otp is again 30 seconds based, just needed to change back the 60 from this thread back to 30.