search

leikoilja / glocaltokens

Python 3 package to fetch google home local authentication tokens and IP using google username/password or google master token
MIT License
46 stars 11 forks source link

App Password Errors #205

Open bwees opened 2 years ago

bwees commented 2 years ago

I am trying to retrieve the master token as found in your examples. I have put the part before "@gmail.com" in for the username and an app password for my password (I have 2FA on). I get the following error:

ERROR:glocaltokens.client:[!] Could not get master token.
[*] Master token None

I have tried numerous other token retrieval methods including the gist found here: https://rithvikvibhu.github.io/GHLocalApi. Is there some setting I need to update in my google account? I have tried using your ha-google-home library and that seems to not work either as a device does not show up. I have tried it multiple times with the same app password, could this be the issue? Any help would be appreciated. Thanks!

KapJI commented 2 years ago

Have you tried using full address as a login?

egburr commented 2 years ago

I also am having this same problem using the script in the "security recommendation" section of the readme. My google account does have 2FA enabled, and I have setup an app password to use. I have tried using just my username and my full email (username@gmail.com). In both cases, I get the exact same error:

 # python3 ./gh_test.py
ERROR:glocaltokens.client:[!] Could not get master token.
[*] Master token None
 #

I can't figure out how to enable the verbose or debug options I see in the source code.

KapJI commented 2 years ago

Can you try this script and add print(res) after line 26? https://gist.github.com/rithvikvibhu/952f83ea656c6782fbd0f1645059055d

bwees commented 2 years ago

I figured out the issue. There seems to be some compatability issues with newer versions of Python (specifically the requests module). I used Python 3.5.9 in a docker container (not needed just was easier than installing another version of Python on my computer) and was able to retrieve both tokens successfully. I was getting a BadAuthentication error as the response from google. I then just used the master token instead of username/password on Python 3.9 and the rest of the module works fine. Seems to be an issue with user agent handling on googles end.

Brandon Wees On Dec 13, 2021, 8:11 AM -0500, Ruslan Sayfutdinov @.***>, wrote:

Are you using this script? https://gist.github.com/rithvikvibhu/952f83ea656c6782fbd0f1645059055d Can you add print(res) after line 26? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

egburr commented 2 years ago

Can you try this script and add print(res) after line 26? https://gist.github.com/rithvikvibhu/952f83ea656c6782fbd0f1645059055d

I had tried that first, since that was what I was going for. Changing line 18 to DEBUG=True enables the print(res) on line 24, and I get:

[*] Getting master token...
{'Error': 'BadAuthentication'}
[!] Could not get master token.
[*] Master token: None

[*] Getting access token...
{'Error': 'BadAuthentication'}
[!] Could not get access token.
[*] Access token: None

[*] Done.
egburr commented 2 years ago

I figured out the issue. There seems to be some compatability issues with newer versions of Python (specifically the requests module). I used Python 3.5.9 in a docker container (not needed just was easier than installing another version of Python on my computer) and was able to retrieve both tokens successfully. I was getting a BadAuthentication error as the response from google. I then just used the master token instead of username/password on Python 3.9 and the rest of the module works fine. Seems to be an issue with user agent handling on googles end. Brandon Wees 

# python3 --version
Python 3.6.8
# python3 -m pip show requests
Name: requests
Version: 2.25.1  (also tried at 2.23.0)
# python3 -m pip show glocaltokens
Name: glocaltokens
Version: 0.2.5
# python3 -m pip show gpsoauth
Name: gpsoauth
Version: 0.4.3
KapJI commented 2 years ago

It could be related to list of used cyphers: https://github.com/simon-weber/gpsoauth/blob/master/gpsoauth/__init__.py#L30-L45 Maybe something is wrong with ssl on your system.

egburr commented 2 years ago

Okay, it looks like you're getting that from gpsoauth version 1.0.0 ? And while I find other references to version 1.0.0, on my CentOS Stream 8 system, pip can only find 0.4.3 as the latest:

# python3 -m pip install gpsoauth==1.0.0
Collecting gpsoauth==1.0.0
  Could not find a version that satisfies the requirement gpsoauth==1.0.0 (from versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.1.0, 0.2.0, 0.3.0, 0.4.0, 0.4.1, 0.4.2, 0.4.3)
No matching distribution found for gpsoauth==1.0.0
KapJI commented 2 years ago

It should be able to find 1.0.0 if you have python3.8+ https://pypi.org/project/gpsoauth/ Home Assistant minimum required python is 3.8.

egburr commented 2 years ago

I've tried python 3.8.8 and 3.9.6 now. Still receiving the BadAuthentication error.

# python3.9 --version
Python 3.9.6
# python3.9 -m pip show glocaltokens
Name: glocaltokens
Version: 0.6.0
python3.9 -m pip show gpsoauth
Name: gpsoauth
Version: 1.0.0
# python3.9 -m pip show requests
Name: requests
Version: 2.25.1  (same error with 2.26.0, too)
[*] Getting master token...
{'Error': 'BadAuthentication'}
[!] Could not get master token.
[*] Master token: None

A tcpdump trace shows the encryption handshake is settling on TLS 1.2 and cipher suite 0x1302 TLS_AES_256_GCM_SHA384, ECDH, AESGCM, 256 which would seem to fit with the "EDCH+AES" requirement from the ciphers list mentioned earlier. The handshake appears good, but as the rest of the communication is encrypted I cannot tell what happens beyond that.