Skip to content

Add klap lv2 #550

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Add klap lv2 #550

wants to merge 1 commit into from

Conversation

sdb9696
Copy link
Collaborator

@sdb9696 sdb9696 commented Nov 21, 2023
edited
Loading

Untested PR to add klap lv2 support to klapprotocol. Not tested on a device but based on #477 (comment) and this TAPO PR.

Could be used to test whether it fixes this issue although I don't think it will because AES seems to be the protocol that TAPO uses.

Superseded by #552 and #557

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 21, 2023
View reviewed changes
kasa/klapprotocol.py
@@ -74,6 +77,12 @@
return hash


def _sha1(payload: bytes) -> bytes:
digest = hashes.Hash(hashes.SHA1()) # noqa: S303
digest.update(payload)

Check failure

Code scanning / CodeQL

Use of a broken or weak cryptographic hashing algorithm on sensitive data

[Sensitive data (id)](1) is used in a hashing algorithm (SHA1) that is insecure. [Sensitive data (password)](2) is used in a hashing algorithm (SHA1) that is insecure for password hashing, since it is not a computationally expensive hash function.
@rytilahti
Copy link
Member

rytilahti commented Nov 21, 2023
edited
Loading

The auth fails on my tapoplug:

DEBUG    [DISCOVERY] 192.168.250.245 << {'result': {'device_id': 'xx', 'owner': 'xx', 'device_type': 'SMART.TAPOPLUG',                                                                                                                   
         'device_model': 'P110(EU)', 'ip': '192.168.250.245', 'mac': '48-22-xx', 'is_support_iot_cloud': True, 'obd_src': 'tplink', 'factory_default': False, 'mgt_encrypt_schm': 
         {'is_support_https': False, 'encrypt_type': 'AES', 'http_port': 80, 'lv': 2}}, 'error_code': 0}
DEBUG    Initializing 192.168.250.245 of type <class 'kasa.smartplug.SmartPlug'>  
DEBUG    Adding module <Module Schedule (schedule) for 192.168.250.245>                        
DEBUG    Adding module <Module Usage (schedule) for 192.168.250.245>
DEBUG    Adding module <Module Antitheft (anti_theft) for 192.168.250.245>                                                                                                                
DEBUG    Adding module <Module Time (time) for 192.168.250.245>                                                                                                                           
DEBUG    Adding module <Module Cloud (cnCloud) for 192.168.250.245>                                                                                                                       
DEBUG    Created KLAP object for 192.168.250.245
DEBUG    Performing the initial update to obtain sysinfo    
DEBUG    Starting handshake with 192.168.250.245   
DEBUG    connect_tcp.started host='192.168.250.245' port=80 local_address=None timeout=5 socket_options=None
DEBUG    connect_tcp.complete return_value=<httpcore._backends.anyio.AnyIOStream object at 0x7fcfd49047d0> 
DEBUG    send_request_headers.started request=<Request [b'POST']>
DEBUG    send_request_headers.complete 
DEBUG    send_request_body.started request=<Request [b'POST']>
DEBUG    send_request_body.complete 
DEBUG    receive_response_headers.started request=<Request [b'POST']> 
DEBUG    receive_response_headers.complete return_value=(b'HTTP/1.1', 200, b'OK', [(b'Server', b'SHIP 2.0'), (b'Content-Length', b'49'), (b'Content-Type', b'text/html')]) 
DEBUG    receive_response_body.started request=<Request [b'POST']> 
DEBUG    receive_response_body.complete   
DEBUG    response_closed.started
DEBUG    response_closed.complete
DEBUG    Handshake1 posted at 2023-11-21 15:13:16.797393. Host is 192.168.250.245, Responsestatus is 200, Request was e93ed2474538c6ad452ae294933371ac   
DEBUG    Handshake1 success at 2023-11-21 15:13:16.798421. Host is 192.168.250.245, Server remote_seed is: 3c68746d6c3e3c626f64793e3c63656e, server hash is:  
         7465723e323030204f4b3c2f63656e7465723e3c2f626f64793e3c2f68746d6c3e 
DEBUG    Server response doesn't match our challenge on ip 192.168.250.245 
DEBUG    Unable to complete handshake for device 192.168.250.245, authentication failed
DEBUG    Unable to authenticate with 192.168.250.245, not retrying 
Got error: AuthenticationException("Server response doesn't match our challenge on ip 192.168.250.245")

Here's how it looks with plugp100:

DEBUG:plugp100.protocol.securepassthrough_transport:Will perform handshaking...
DEBUG:plugp100.protocol.securepassthrough_transport:Generating keypair
DEBUG:plugp100.protocol.securepassthrough_transport:Handshake params: {"key": "-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZxs+mhtv3497ysu+xxxx/fZ/pP2qBQJt0yywdG7XQzUCR0cmSVNhSAV0DYjv6DQzMESyPyw3fmtkcCO4EADJhJxfobJsb4UP1AuwIDAQAB\n-----END PUBLIC KEY-----\n"}
DEBUG:plugp100.protocol.securepassthrough_transport:Request {'method': 'handshake', 'params': {'key': '-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZxs+mhtv3497ysu+xxas/fZ/pP2qBQJt0yywdG7XQzUCR0cmSVNhSAV0DYjv6DQzMESyPyw3fmtkcCO4EADJhJxfobJsb4UP1AuwIDAQAB\n-----END PUBLIC KEY-----\n'}}
DEBUG:plugp100.protocol.securepassthrough_transport:Device responded with: {'error_code': 0, 'result': {'key': 'Ku7O/1PgJ4ta4hE/xx+asxas+68+cxbUjScGz6r4qZyO9VzNaqbRWAL7BYciFyernhyDyPPkvQ1bHC2jYyOlH7YjvaR7BlnpyKx8qpUXaoSTF4v38='}}
DEBUG:plugp100.protocol.securepassthrough_transport:Got Handshake cookies: ...{'TP_SESSIONID': '484F729A7E1272B523097DB5B827FDB2', 'TIMEOUT': '86400'}
DEBUG:plugp100.protocol.securepassthrough_transport:Decoding handshake key...
DEBUG:plugp100.protocol.securepassthrough_transport:Raw request: {"method": "login_device", "params": {"password": "dGxxyMzQk", "username": "NzRlMDk4YTYwMGsdadsdaxsE0M2FmYzIwMDdkNw=="}, "requestID": 1176647963427082240, "request_time_milis": 1700576335543, "terminal_uuid": "/uBzMc9xFKxRvkM28fXaGA=="}
DEBUG:plugp100.protocol.securepassthrough_transport:Request body: {'method': 'securePassthrough', 'params': {'request': 'Lmq+lc10OUQRxxxWOItB/BXdO1mvQtEkaofwqyzckW0EqFo5MUXWMukV0627pyieaVuRL+lPaZaeIuUJ+u7lhZ199XineN7UfhXYxxZd0UEEekw5v8gaC0hJOQyR00HUJwmFh8CSKr0WoxRa6141ZfGzMpScFaZ/mpcPV2EUJChv9g7C/VjGGtT7uJ0sEncxaww6FjO9FrcIjC1vqVzwiv3pRqcNO8hlBl/5e46QA7D2TSt+96z8qbbriWkMdMKG698dayEygqLX7i82dqyTFx3U8URAFtVMGf2rpx5vHasasaJk1tG7Bmw=='}}
DEBUG:plugp100.protocol.securepassthrough_transport:Device responded with: {'error_code': 0, 'result': {'response': 'AivmfCiTRv2DhsGuaGl5rFkp5JbZEONAlyoRl2n0jLjQ0+88j3xhm8oBKLiHCWJZEBhHhLLP2FTtgjQZcjTFj0PGWcyRhi8yybRLDtbhz1g='}}

so I suppose the protocol differs a bit more than just on those pieces that were changed in this PR?

@sdb9696
Copy link
Collaborator Author

sdb9696 commented Nov 21, 2023

The auth fails on my tapoplug:

so I suppose the protocol differs a bit more than just on those pieces that were changed in this PR?

This PR won't get a TAPO plug doing a handshake unless it has the KLAP encrypt_type, I just thought it might work with this EP25 KASA device but I'm not that hopeful.

@sdb9696 sdb9696 closed this Nov 30, 2023
@sdb9696 sdb9696 deleted the add_klap_lv2 branch December 6, 2023 19:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sdb9696 @rytilahti