innovaphone Forum

You are here

Help with Search (new window)
Picture of Uwe 2460
Registered 9 years 253 days
Uwe 2460 Monday, 15 March 2021, 10:39 PM
Talking to v13 Application Platform using C#: password for innovaphone-devices AddDomain
Summary: How do I calculate domain password for a new domain in innovaphone-devices, when WebSocket connection was established with UserPBXLoginWithAppAutomaton?

The details: I have a C# application, that tries to implement the content of websocket.class.php described here: https://wiki.innovaphone.com/index.php?title=Reference13r1:Concept_Talking_to_the_v13_Application_Platform_using_PHP

I use the UserPBXLoginWithAppAutomaton to Login to PBX and App innovaphone-devices. After the complex login stuff I have two WebSocket connections, one to PBX and one to innovaphone-devices. Now a new domain is added with WebSocketMessage {"mt":"AddDomain","seed":"V13test”,…} on the innovaphone-devices WebSocket connection. The new domain is finally there, but the calculated password is obviously wrong (I cannot login to devices of this domain).

I carefully read following helpful thread, describing similar problem:
I get the same values described there, when using sha256 and RC4 with the examples. So I assume, that encryption is implemented correctly. The thread describes, that I initially have to get SessionKey which is
SHA256 of the string "innovaphoneAppSessionKey:challenge:password".
The “innovaphoneAppSessionKey” is a fixed string. As “challenge” I use the challenge value in AppChallengeResult message, received from innovaphone-devices WebSocket. But what is the “password” here? There seems not to exist password on this innovaphone-devices-WebSocket connection, because login was done with user/password via PBX-WebSocket connection.

I tried following SessionKeys without success:
  • SHA256 of: AppChallengeResult.challenge and “password”=Password used for PBX login on PBX-WebSocket connection; e.g.: “innovaphoneAppSessionKey:6ecfe66d12556d36:pwd”
  • SHA256 of: AppChallengeResult.challenge and Empty password; e.g.: “innovaphoneAppSessionKey:6ecfe66d12556d36:”
  • SHA256 of: AppChallengeResult.challenge and Empty password; e.g.: “innovaphoneAppSessionKey:6ecfe66d12556d36”
  • SHA256 of: PBX-WebSocket.Authenticate.challenge + “password” = Password used for PBX login on PBX WebSocket connection; e.g.: “innovaphoneAppSessionKey:55e0b97755e0b950:pwd”
  • Using received message value PBX-WebSocket.AppGetLoginResult.key on PBX WebSocket connection as SessionKey

After assuming to have correct SessionKey, I use RC4 encryption. The seed is the same value as used in WebSoketMessage that is used to add domain {"mt":"AddDomain","seed":"V13test”,…}:
RC4.Encrypt(clearTextPassword, String.Format("{0}:{1}", seed, SessionKey));

Any help is appreciated!

Kind regards
Uwe
Picture of Daniel Deterding (innovaphone)
Moderator Registered 15 years 178 days
Daniel Deterding (innovaphone) Tuesday, 16 March 2021, 07:43 AM
Re: Talking to v13 Application Platform using C#: password for innovaphone-devices AddDomain
Hi Uwe,

the Login answer from the PBX contains a property "key". This is your session key, but this key property is itself encrypted.

You must decrypt it first:
  • key is the key property of the json message AppGetLoginResult
  • salt is the salt property of the json message AppGetLoginResult
  • password is the password used to login to the PBX
RC4.Decrypt(key, String.Format("innovaphoneAppClient:key:{0}:{1}", salt, password));

Greetings,
Daniel
Picture of Uwe 2460
Registered 9 years 253 days
Uwe 2460 Tuesday, 16 March 2021, 09:57 PM
Re: Talking to v13 Application Platform using C#: password for innovaphone-devices AddDomain
Hi Daniel,

thank you for fast reply!
I changed implementation, but my calculated domain password is obviously still incorrect.

I have two uncertainties:
(1) What is StringToByteArray(string data) doing?
My RC4.Decrypt(string data, string key) may possibly have a flaw, as the returned (decrypted) session key contains non printable chars. The session key looks like “��- I� ~�y �2*� `;�~� ��3*#~�� </3h'����Q82��q�F��C2�I� ��a”. Your RC4.Decrypt function contains function call “byte[] dataBytes = main.StringToByteArray(data)”. I implemented this function in a way, that a string (=data) is interpreted as string of hex values (e.g.: “a2d442..”). The return value is an array byte[] with the byte values (e.g,: [162, 212, 66,…]). Is there anything else the StringToByteArray(string data) function should do?

(2) Is the encryption of domain password as described above?
The calculation/encryption of session key is different to the description here: https://forum.innovaphone.com/moodle2/mod/forum/discuss.php?d=25628 .
Is there also a different RC4 encryption of domain password? I’m using:
RC4.Encrypt(clearTextPassword, String.Format("{0}:{1}", seed, sessionKey));

kind regards
Uwe

Picture of Daniel Deterding (innovaphone)
Moderator Registered 15 years 178 days
Daniel Deterding (innovaphone) Wednesday, 17 March 2021, 06:33 AM
Re: Talking to v13 Application Platform using C#: password for innovaphone-devices AddDomain
1) I attached my RC4 code
2) Your call is correct. The internal websocket encryption works like this for everything.

Greetings,
Daniel
rc4.cs
Picture of Uwe 2460
Registered 9 years 253 days
Uwe 2460 Monday, 22 March 2021, 09:57 AM
Re: Talking to v13 Application Platform using C#: password for innovaphone-devices AddDomain
Hi Daniel,

unfortunately (1) is not solved. I still think, that there is something wrong with my “StringToByteArray(data)” in RC4.Decrypt (string data, string key).

As RC4 is symmetric encryption, I tried following. I decrypted received key value with
sessionKey = RC4.Decrypt(key, String.Format("innovaphoneAppClient:key:{0}:{1} ", salt, password)).
After this, I encrypted the sessionKey with with same key again:
rc4cryptedString = RC4.Encrypt(sessionKey, String.Format("innovaphoneAppClient:key:{0}:{1} ", salt, password))
The result should be finally the received key value, but it is not.

Can you please have a look at the attached debug values. Are the return values of StringToByteArray(data) correct? Am I using some parameter in wrong format?

Kind regards
Uwe
20210322_DeployInnoPBX.log
Picture of Daniel Deterding (innovaphone)
Moderator Registered 15 years 178 days
Daniel Deterding (innovaphone) Monday, 22 March 2021, 10:07 AM
Re: Talking to v13 Application Platform using C#: password for innovaphone-devices AddDomain
In your Log I see "innovaphoneAppClient:key:{0}:{1} "

There is a space after the {1} which is wrong. Is this just inside your debug log or also in your code?
Did you try my C# RC4 example above? This just works with strings as input and output.

Greetings,
Daniel
Picture of Uwe 2460
Registered 9 years 253 days
Uwe 2460 Monday, 22 March 2021, 04:24 PM
Re: Talking to v13 Application Platform using C#: password for innovaphone-devices AddDomain
attached is my StringToByteArray(data) implementation StringToByteArray.cs
Picture of Uwe 2460
Registered 9 years 253 days
Uwe 2460 Monday, 22 March 2021, 04:15 PM in response to Daniel Deterding (innovaphone)
Re: Talking to v13 Application Platform using C#: password for innovaphone-devices AddDomain
Hi Daniel,

sorry - you are right. In my test code, the was an invalid space. I removed it. New results are attached.

Yes I used your RC4 code. But the “StringToByteArray(data)” function is not part of it.

kind regards
Uwe
20210322_DeployInnoPBX-Kopie.log
Picture of Daniel Deterding (innovaphone)
Moderator Registered 15 years 178 days
Daniel Deterding (innovaphone) Tuesday, 23 March 2021, 07:16 AM
1 of 1 users consider this post helpful
Re: Talking to v13 Application Platform using C#: password for innovaphone-devices AddDomain
Hi Uwe,

sorry, I didn't see that I used an own method here ...

But my code also results in an invalid sessionkey. I looked further through the appclient javascript code and discovered, that the password used to decrypt the session key is not the clear text PBX user password (sorry, I'm also just reverse engineering here ...).

You need to create a string sessionPwd when you get the LoginResult (not the AppGetLoginResult) message:

string password = "18140815"; // cleartext PBX user password
string nonce = "..."; // nonce of the Login message
string pwd = info.session.pwd; // you must use the json info object from the LoginResult message here
string sessionPwd = RC4.Decrypt(pwd, String.Format("innovaphoneAppClient:pwd:{0}:{1}", nonce, password));

This sessionPwd must be now used to decrypt the sessionKey.

My StringToByteArray:
public static byte[] StringToByteArray(String hex)
{
int NumberChars = hex.Length;
byte[] bytes = new byte[NumberChars / 2];
for (int i = 0; i < NumberChars; i += 2)
bytes[i / 2] = Convert.ToByte(hex.Substring(i, 2), 16);
return bytes;
}


Btw.: we internally discussed the way how to login into an app with the PBX user and the way how you're trying to login is not the intended way. There will be a tutorial in the future which will explain the intended solution, which will be much easier, and the PHP sample will be changed too.

Greetings,
Daniel
Picture of Uwe 2460
Registered 9 years 253 days
Uwe 2460 Thursday, 25 March 2021, 10:48 PM
Re: Talking to v13 Application Platform using C#: password for innovaphone-devices AddDomain
Hi Daniel,

our “StringToByteArray(data)” implementations are obviously doing the same. Just to mention that yours has less code lines. Thanks for sharing!

The calculation and usage of sessionPwd instead of using cleartext password was finally the crucial hint! I now can login to device in new domain with the intended password.

Thank you for your patience! Unfortunately I think, I will have next password issue soon.

Kind regards
Uwe

← You can define your color theme preference here