search

mswhirl / autoflashgui

Utility to flash firmware to modems and run setup commands after the flash has completed
GNU General Public License v3.0
70 stars 17 forks source link

Auth script #14

Closed alfonsocaponi closed 5 years ago

alfonsocaponi commented 5 years ago

Hi all,

I would like create a simple script only for the authentication. I've customized "libautoflashgui.py" but I've a problem with my Technicolor AGTHP_1.1.2:


import sys
import mysrp as srp
from urllib.parse import urlencode
import binascii, json, urllib, socket, time
from robobrowser import RoboBrowser

host = '1.1.1.1'
username = 'user'
password = 'pass'

br = RoboBrowser(history=True, parser="html.parser")

try:

  br.open('http://' + host)
  token = br.find(lambda tag: tag.has_attr('name') and tag['name'] == 'CSRFtoken')['content']
  print('Got CSRF token: ' + token)

  usr = srp.User(username, password, hash_alg = srp.SHA256, ng_type = srp.NG_2048)
  uname, A = usr.start_authentication()
  print(("A value ") + str(binascii.hexlify(A)))

  br.open('http://' + host + '/authenticate', method='post', data = urlencode({'CSRFtoken' : token, 'I' : uname, 'A' : binascii.hexlify(A)}))
  print("br.response " + str(br.response))
  j = json.decoder.JSONDecoder().decode(br.parsed.decode())
  print(("Challenge received: ") + str(j))

  M = usr.process_challenge(binascii.unhexlify(j['s']), binascii.unhexlify(j['B']))
  print(("M value ") + str(binascii.hexlify(M)))

  br.open('http://' + host + '/authenticate', method='post', data = urlencode({'CSRFtoken' : token, 'M' : binascii.hexlify(M)}))
  print("br.response " + str(br.response))

  j = json.decoder.JSONDecoder().decode(br.parsed.decode())
  print("Got response " + str(j))

  if 'error' in j:
    raise Exception(("Unable to authenticate (check password?), message:"), j)

  usr.verify_session(binascii.unhexlify(j['M']))
  if not usr.authenticated():
    raise Exception(("Unable to authenticate"))
  else:
    print("Autenticato!")

except Exception:
  print(("Authentication failed, debug values are: "))
  print(("Exception: ") + str(sys.exc_info()[0]))
  traceback.print_exc()
  raise

It produces:

Got CSRF token: 8f06b22c00b9767cf42c2daa1a575e1bd63727332db8c304288edefc127acfe3
A value b'0b68d22f491829bf8517303de617925be6cef22abfaa8a922b26410868c696aa4985958e3075f0af1dab2_bbd240fde23558fef91591be9a2212b69813bf07678d5c0fbe7f6a3131eb794cdf25d7edc34295e90179e96e13f7e4435985e2627cbe2b5efcb826584f07cc8d19e35d310e816b6a1451575c62e26cfcb208a5529c2276159927b28a9f72f9cbf9142030b4ee30c8f06308930bcd7fa0fcd78a10aa89c052417f8c56a7d779bcb0752cb651526033f0f7ba3652dc986f761e2a1b34b28330689d812989eac15da87fddef51b3d76726aa4293655279c8b36e4242750430a36a39c37696bcdd23f1d563f8494603932c3dbd94be8ee61f293c5cb247d'
br.response <Response [200]>
Challenge received: {'B': '6E8A096DE3C9CCA5239827A74DF36B930F9D421D4789331287B2745B4B1ED8C61C1E0A436A8E26F5A2339CD20CF0F9F1A755C0622DCE0143ED1B468EF98FE8736BE099BDF94118625F2241BB9BA22C7FA3A010634635F82114764D669C95A4128F2803E65069557EB545014E07B9C60D6217D919BE3F81C3195C3833EEF7F34D37F5D3DC768DED014B38DB751E0B752E95C42B553F16E8AF8F04B3F45CAC417BD962C1ADEBA42F9C43E1ED131E01E3AFCFA4B09D159843267147A66744D4B14652E1738108C63D59F18229C3F3279565615A5735E8ED5B356AED07E08AC9787EE131C8EFCE8ECE4E3ACD10A5825597CD38B76FA1F99A6D9EF5208C18FFF99234', 's': 'c3e027d8'}
Authentication failed, debug values are:
Exception: <class 'TypeError'>
Traceback (most recent call last):
  File "auth.py", line 30, in <module>
    M = usr.process_challenge(binascii.unhexlify(j['s']), binascii.unhexlify(j['B']))
  File "/home/yo/autoflashgui/autoflashgui-master/mysrp.py", line 304, in process_challenge
    self.x = gen_x( hash_class, self.s, self.I, self.p )
  File "/home/yo/autoflashgui/autoflashgui-master/mysrp.py", line 194, in gen_x
    return H( hash_class, salt, H( hash_class, username + six.b(':') + password ) )
TypeError: Can't convert 'bytes' object to str implicitly

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "auth.py", line 51, in <module>
    traceback.print_exc()
NameError: name 'traceback' is not defined

Any tips? Thank you very much!

mswhirl commented 5 years ago

Hi Alfonso,

You need the following line at the start of your program to fix the exception handling routine: import traceback

The problem you are hitting with 'TypeError: Can't convert 'bytes' object to str implicitly' is that a string and bytes are treated differently. Strings needed to be encoded/decoded to bytes (i.e. unicode to binary storage) but for your simple script you should be able to add the 'b' prefix to the username and password as required i.e. username = b'user' password = b'pass'

The original calling program uses .encode() on strings from the config and GUI as required when calling the library: res = libautoflashgui.mainScript(self.host.get(), self.username.get().encode(), self.password.get().encode(), self.flashfirmware.get(), self.firmwarefile.get(), self.flashSleepDelay, self.methodAction.get(), self.command.get(), self.splitActive.get(), self.ddnsService.get(), self.connectRetryDelay, self.interCommandDelay)

Can you please try defining your username and password with b'' and see if it fixes your error?

Regards, Mark.

mswhirl commented 5 years ago

Closing, please re-open if you need more help. :) Cheers, Mark.