Closed AnthonMS closed 3 years ago
It looks like this model is using HTTP Signed Authentication to encrypt the data. Would you mind doing the following:
Additionally, run this test script that attempts to fetch the encryption key and attach the output here
@menahishayan I couldn't get the script working on Windows. But I booted up a Linux VM and ran the script and I get this response (Yes I changed the password string at the bottom of the script):
[VR600] Loading wireless clients...
Retrieving PublicKey...
Pub key fetch failed
Failed to get AuthTokens. Retrying in 3 secs.
Retrieving PublicKey...
Pub key fetch failed
So I guess it couldn't retrieve the key.
Regarding searching the responses I get after logging in.
In every request there is something that looks like this: ?code=7&asyn=0&id=WbX%3EZqOZ%2CGk4V%2CmFxb4y%2B03DEEO3%2CbsF
I'm guessing it's not the string after 'id='?
In one of the first POST requests after starting to use that id, it sends this request payload: set 5b9ce938b2603bbe2c94eb7d621a90e60ddbd5b0ab508d8135cff4edfba822c9127e38adbae50460f1d2503c404489d8c45a33678c049831408213872d2ee920
After requesting all the javascripts, css files and json files it sends a POST request to this URI: ?code=2&asyn=1&id=WbX%3EZqOZ%2CGk4V%2CmFxb4y%2B03DEEO3%2CbsF
In this request it sends the payload:
sign=2749f11f2cc86057c02e8bfe3c8013d78c7159e81431d548afc2456d6a305ad148c104700f14d233483ce0d8472a9ca2b54cbfb18eefbcda42d23252282f8a99
data=MfuiZht56mUnl377o4Bj5Q==
And it gets this response:
UWLJf+0LwTji/UuOD3w7dwfTySBqxDs8eEq03gWAiTIDQDCOI7RZ8lJ0ATHZ9PxfVutufQ20zljUOxme2P7l6SZM1Aeo7mYPVPZ6N7AqCPsqbkRYKRPF0kpPpnwdTL3FxbtgZgB4uC5KJMz/PLtQwMw5MCbdXX5X/enY+tzg7bFtE/tCRW3h6eh4P32B7Hs/x6t8H2AOBVbkGNRil8FyJFV3C+12aVr+adH8XO+nvQM=
It sends this POST request a lot of times sometimes to code=2, sometimes code=0 and a couple times code=8. It sends different sign values and data values in the request payload and it gets different values in the responses on each request. Some of it looks like Base64 encoded values, but I can't seem to decode it to anything that does not look encrypted.
I have attached the .HAR file, so you can take a look if you want. This is only for logging in. after login was successful, I stopped recording.
Can you get a hold of the following files and add them here:
http://192.168.0.1/js/su/frame1.js?t=2a4db6cb
http://192.168.0.1/js/su/frame2.js?t=2a4db6cb
http://192.168.0.1/js/libs/tpEncrypt.min.js?t=2a4db6cb
Here you go
Replicating the authentication process via code seems tedious, given the complexity of these encryption files.
I would suggest trying out the solution provided in this StackOverflow thread to see if you're able to retrieve the auth token.
Once we have the auth token, replicating the commands should be pretty straightforward.
The auth flow used by this model is unusual so it's highly unlikely that this model will be supported unless someone is willing to do some tedious reverse engineering on these files.
If you use Home Assistant, you could give home-assistant-tplink_router a shot. If that works with your model then that would provide some reassurance that this could work, otherwise, this issue should best be closed.
Here you go
did you manage to find some API for tp-link Archer C80?
did you manage to find some API for tp-link Archer C80?
No I didn't get it to work, and didn't find anything that worked. But I also couldn't make firewall rules on that router, so ended up buying a Ubiquiti EdgeRouter. And there are integrations to get that router into HA and it's so much better than using the TP-Link as router. So I'm only using the AP mode on all my TP-Link routers now.
I have documented what I clicked and did in order. I have attached a compressed file with a couple images of the interface, to give a view of what it looks like. Hope this helps, let me know if I need to do anything else.
Navigating around The Web Interface:
Logged in Clicked wireless Tab Clicked Advanced Tab
Clicked Network Clicked Status Clicked Internet Clicked LAN Clicked DHCP Server Clicked Dynamic DNS Clicked Routing
Clicked Wireless Settings Clicked Guest Network Clicked Wireless Schedule Clicked WPS Clicked Additional Settings
Clicked NAT Forwarding Clicked Port Forwarding Clicked Port Triggering Clicked UPnP Clicked DMZ
Clicked Parental Controls
Clicked QoS
Clicked Security Clicked Firewall Clicked Access Control Clicked IP & MAC Binding Clicked ALG
Clicked IPv6
Clicked System Clicked Firmware Upgrade Clicked Backup & Restore Clicked Administration Clicked System Log Clicked Diagnostics Clicked Time & Language Clicked Reboot Clicked LED Control
Changing settings and saving after each change:
Disabled 5Ghz and saved Enabled 5GHz and saved Hide 5GHz SSID and saved Unhide 5GHz SSID and saved Enabled 2.4GHz guest network without security and saved Disable 2.4GHz guest network without security and saved Enabled 5GHz guest network without security and saved Disable 5GHz guest network without security and saved Enabled 2.4GHz guest network with security and saved Disable 2.4GHz guest network with security and saved Enabled 5GHz guest network with security and saved Disable 5GHz guest network with security and saved Disabled WPS (Did not need saving) Enabled WPS (Did not need saving) Added port forwarding rule to forward external port 80 TCP & UDP to internal port 80 TCP & UDP to internal IP 192.168.0.10 Disabled that port forwarding rule Enabled that port forwarding rule Deleted rule Disabled SPI Firewall Enabled SPI Firewall Disabled Repond to Pings from LAN Enabled Repond to Pings from LAN Enabled Repond to Pings from WAN Disabled Repond to Pings from WAN Disabled Access Control Enabled Access Control Added Access Control rule to blacklist device with MAC C0-EE-FB-D5-56-09 Deleted that ACL rule again
Logged out of the router Logged in again Rebooted device
Exported .HAR file
Images.zip 192.168.0.1.zip