Hi all
on 7270/7240 after update x.4.76 several, probably all, auto-dial (Wählhilfe) programs fail. This is the case for the one I use (Voipdial) but I have seen other cases reported this last month.
I did some digging, and found out some technical details that I wanted to share to the various programmers and maintainers. End-users need not to read this, it will not bring any resolve to your failing autodial other than the advise to downgrade to x.4.70
I wrote this after careful debugging, and in true open-source spirit want to share the info. I do not have any autodial program under development, but am hoping it will help other programmers enabling theirs, even if they do not have a new FBF box to test against. I will probably not write my own, as a downgrade to x.4.70 suffices for me.
Alternatively, maybe someone can find a way to mod the FBF so it still accepts to old less secure login:command/password system. Some linux environment setting or so.
Good luck
[edit] Seems AVM has a nice official description of the same info.
====================================
Essentially, in x.4.76 firmware an "enhancement" was added that tightens security by adding a more secure challenge-response system to the web-gui login, as well as MD5 encryption of the password and a session ID with timeout on the session ID.
As a result, any software that relied on a simple POST login:command/password does not work anymore
Instead a POST login:command/response is needed
The login screen will provide a challenge, and the challenge together with an MD5 encryption of the password must be used to post the response. The next page will then provide a session-id. Any subsequent post must supply this session-id to be able to use the active signon. After 5 or 10 minutes the signon expires anyway, so the thing is repeated.
This means that any software that wants to do auto-dial needs to step up the interaction from a simple post to a full challenge-response:
- First the logon screen must be obtained.
- The challenge value of the login screen must be parsed, and used with the MD5 function to POST the response
- From the return screen, the session-id (sid) must be parsed
- If the sid is all zeros, the logon failed, repeat.
- Any auto-dial-attempt is done with reference to the sid
- Again the return screen should be parsed. If the return sid is all zeros, the logon failed or session timed out. Otherwise the return sid should be used for the next attempt, just in case AVM desides to alternate sid.
=========================
Reference info
=========================
The key java function from the login screen:
We can assume the makeDots() and hex_md5() functions are in the external .js files
The actual post made to return the logon response:
I think only the login and maybe the sid are actually important, so probably the post can be shortended to this:
When parsing the return screen, we need to find either sid or challenge value. The challenge is hardcoded in the javascript, so we need to parse for a string like var challenge = " (as in var challenge = "7781260f")
The sid is hardcoded in either javascript or forms, so either parse for string &sid= (as in &sid=49acddfef23bc0cc) or its alternate &sid= or when in forms, for name="sid" value=" (as in name="sid" value="49acddfef23bc0cc")
After all that, the following post will successfully dial with the new firmware (I tested this)
.
on 7270/7240 after update x.4.76 several, probably all, auto-dial (Wählhilfe) programs fail. This is the case for the one I use (Voipdial) but I have seen other cases reported this last month.
I did some digging, and found out some technical details that I wanted to share to the various programmers and maintainers. End-users need not to read this, it will not bring any resolve to your failing autodial other than the advise to downgrade to x.4.70
I wrote this after careful debugging, and in true open-source spirit want to share the info. I do not have any autodial program under development, but am hoping it will help other programmers enabling theirs, even if they do not have a new FBF box to test against. I will probably not write my own, as a downgrade to x.4.70 suffices for me.
Alternatively, maybe someone can find a way to mod the FBF so it still accepts to old less secure login:command/password system. Some linux environment setting or so.
Good luck
[edit] Seems AVM has a nice official description of the same info.
====================================
Essentially, in x.4.76 firmware an "enhancement" was added that tightens security by adding a more secure challenge-response system to the web-gui login, as well as MD5 encryption of the password and a session ID with timeout on the session ID.
As a result, any software that relied on a simple POST login:command/password does not work anymore
Instead a POST login:command/response is needed
The login screen will provide a challenge, and the challenge together with an MD5 encryption of the password must be used to post the response. The next page will then provide a session-id. Any subsequent post must supply this session-id to be able to use the active signon. After 5 or 10 minutes the signon expires anyway, so the thing is repeated.
This means that any software that wants to do auto-dial needs to step up the interaction from a simple post to a full challenge-response:
- First the logon screen must be obtained.
- The challenge value of the login screen must be parsed, and used with the MD5 function to POST the response
- From the return screen, the session-id (sid) must be parsed
- If the sid is all zeros, the logon failed, repeat.
- Any auto-dial-attempt is done with reference to the sid
- Again the return screen should be parsed. If the return sid is all zeros, the logon failed or session timed out. Otherwise the return sid should be used for the next attempt, just in case AVM desides to alternate sid.
=========================
Reference info
=========================
The key java function from the login screen:
Code:
<script type="text/javascript" src="../html/de/js/jsl.js">
</script>
<script type="text/javascript" src="../html/de/js/md5.js">
</script>
<script type="text/javascript">
function setResponse(pw) {
var challenge = "7781260f";
var str = challenge + "-" + makeDots(pw);
var response = challenge + "-" + hex_md5(str);
var frm = document.forms["uiPostForm"].elements["login:command/response"];
frm.value = response;
frm.disabled = false;
}
</script>The actual post made to return the logon response:
Code:
<form method="POST" action="../cgi-bin/webcm" target="_self" id="uiPostForm" name="uiPostForm">
<input type="hidden" name="sid" value="0000000000000000" id="uiPostSid">
<input type="hidden" name="getpage" value="../html/de/menus/menu2.html" id="uiPostGetPage">
<input type="hidden" name="errorpage" value="../html/de/menus/menu2.html" id="uiPostErrPage">
<input type="hidden" name="var:pagename" value="home" id="uiPostPageName">
<input type="hidden" name="var:menu" value="home" id="uiPostMenu">
<input type="hidden" name="var:pagemaster" value="" id="uiPostPageMaster">
<!--<input type="hidden" id="uiPostVarName" name="">-->
<!-- END Refresh control -->
<!-- Submit data -->
<input type="hidden" name="login:command/response" value="" id="uiPostResponse">
<input type="hidden" name="box:settings/webui_cookie" value="" disabled>
</form>
Code:
<form method="POST" action="../cgi-bin/webcm">
<input type="hidden" name="sid" value="0000000000000000">
<input type="hidden" name="login:command/response" value="xxxxx">
</form>When parsing the return screen, we need to find either sid or challenge value. The challenge is hardcoded in the javascript, so we need to parse for a string like var challenge = " (as in var challenge = "7781260f")
The sid is hardcoded in either javascript or forms, so either parse for string &sid= (as in &sid=49acddfef23bc0cc) or its alternate &sid= or when in forms, for name="sid" value=" (as in name="sid" value="49acddfef23bc0cc")
After all that, the following post will successfully dial with the new firmware (I tested this)
Code:
<form method="POST" action="http://fritz.box/cgi-bin/webcm" target="_self" id="uiPostForm" name="uiPostForm">
<input type="text" name="sid" value="49acddfef23bc0cc" id="uiSid"><br>
<input type="text" name="telcfg:settings/UseClickToDial" value="1" id="uiPostClickToDial"><br>
<input type="text" name="telcfg:command/Dial" value="0123456789" id="uiPostDial"><br>
<input type="text" name="telcfg:settings/DialPort" value="50" id="uiPostDialPort"><br>
<input type="text" name="getpage" value="../html/de/menus/menu2.html" id="uiPostGetPage"><br>
<input type="submit">
</form>.
Zuletzt bearbeitet:
