Still have FritzBox authentication error on 1.6.2 #74
Comments
|
i have the same error:
(password = "123123")
how to check the response? |
|
I did all the hashing myself and it all checks out so I'm not sure what the issue is here @AndreySozonov There seems to have been some semi recent RFCs updating the WWW-Authenticate scheme but they recommend not using algorithm=MD5 and the use of additional parameters, so it does not seem to be using it. Did a previous version of pyVoIP work for you? Also you can use the following code for easier debugging on registry, but you may need to install from source instead of PyPI. import pyVoIP
pyVoIP.DEBUG = TrueAlso, please be sure to use code blocks with posting code with Ctrl+e. |
|
I've gotten to the point where I have downloaded the source code to Asterisk 11 to see where the error is happening. However my C is rusty, if anyone can figure out why some people are getting an error while other's are not, I would be greatly appreciative. |
tayler6000
added
bug
|
I've also reinstalled it from the source and enabled debugging. |
|
@mattiarainieri @AndreySozonov What is the username associated with these numbers? |
|
I don't see any instance of this check in Asterisk 11 that I found, however it may be worth noting that this is said in RFC 3261 Section 8.1.1.4
This doesn't use any keywords from BCP 14 but that doesn't mean that an engineer hasn't relied on this behavior for routing messages, and we do not currently do this. Will be implementing this in 2.0. |
|
@tayler6000 the voip username is “alarmnegozio” |
|
User "101". The registration error occurred when connecting to different versions of Asterisk (I tested 11 and 13). MicroSip softphone with the same credentials connected without problems. Perhaps the reason is related to the OS used: me and @mattiarainieri used Asterisk on Raspberry Pi. |
|
Hello again. I'm wondering what's going wrong there. Since I'm not that good at reading foreign code but much better in implementing my own I experimented with a simple protocol class structure for SIP and there, authentication against my fritz.box works fine. What's missing here now is RTP protocol so my experiments are pretty useless so far. I don't really want to build a concurrent library so I don't think that I'll complete that thing.. unless someone tells me how to send and receive audio data via rtp.. Maybe my source helps you to figure out what's wrong with yours: https://github.com/TecDroiD/simple_voip Edit: didn't clean up my files.. this one should be the interesting part: https://github.com/TecDroiD/simple_voip/blob/master/voip/sipmessage.py |
|
@TecDroiD Thank you, this will help a lot |
|
@TecDroiD Our authentication systems are the same so I'm still unsure what the issue is. Could you maybe upload a packet capture of each system trying to authenticate? |
|
well.. there seems to be some more binary data in your capture |
Can you merge my PR and then get me the simple_voip again? Your code has some significantly malformed headers and I'm genuinely concerned you stumbled across a vulnerability in fritz.box. |
|
simple_voip.txt |
Ok, I don't have access to a Fritz box to test, but I have a feeling if you delete the comma before the response it'll work on your box because it'll fail to read it and assume it's right. If deleting that comma makes it work I highly recommend you contact fritz box and tell them they have a vulnerability in their code. |
|
Honestly, they'll probably give you a bounty for it. |
|
We'll see.. |
|
Just found something else: in my sipmessage.py, line 160 you changed t3cDr01d to z9hG4bKt3cDr01d. When I roll this back, I can make a call.. Also when I remove only one character from your id text. |
|
Hmm, weird. It's a RFC requirement to have that prefix for the branch. I'm pretty sure I referenced it in the commit but if you just search for magic cookie in the RFC you'll find it. |
def gen_branch(self, length=32) -> str:
"""
Generate unique branch id according to
https://datatracker.ietf.org/doc/html/rfc3261#section-8.1.1.7
"""
branchid = uuid.uuid4().hex[: length - 7]
return f"z9hG4bK{branchid}" |
|
as far as i understood, that magic cookie identifies the newer version of SIP RFC. Maybe it enables some extra checks on fritzos? I already found out that there are some optional entries (think it was Contact) which are required by fritzbox.. What if there's just something stupid missing, just because its optional? |
|
I think you're right about the extra checks. The RFC says the branch should be globally unique if following the new standard. So maybe the second register needs to use a different branch not the same one from the original request? |
|
@xyc0815 Welcome back, please, do you have any thoughts on this? |
|
When I use web SIP services I had problems with username in contact in the first request (def gen_first_response(self, deregister=False)) So I don't use the username in this function. Because I've can also use a SIP proxy in between, I've other functions to get the right IP and port. With the second register call I've also send the username in the contact element. Maybe we have here the same problem. |
|
I also wasn't able to register or make a call with FritzBox. I debugged this a lot and compared packet captures with those from MicroSIP client. For For |
|
Hi @philipp-fischer , could you please share your changes? I'm trying to authenticate pyvoip to my fritz box just to receive the signalling for detecting calls from a dect doorbell. The fritz internal call monitor does not log or signal internal calls, but I would like to log them and maybe add smart home actions such as "doorbell rings --> turn on light if it's dark" |
In the end I resorted to an entirely new mini-implementation I created. I can share that when I return from vacation. |
|
Hello, As far as I understand, the connection runs via UDP. In the following project, the connection runs via TCP by default: Good luck EDIT: I am called NOT if I use UDP with femtosip. Only TCP |
|
@hartwigt: Here is the code I created for the purpose of making a call: https://gist.github.com/philipp-fischer/d7fa8df8541955863aebcf24291af007 |
|
I will test it |
|
I updated pyVoIP to 1.6.3, but i still have the authentification error. I tried tinyvoip from @philipp-fischer and it passed authentification. upd: pyVoIP works with Asterisk 18, but don't work with Asterisk 13. |
|
Hi @tayler6000, I found a small fix that makes registration on a fritzbox successful. The first register without authentication against the fritzbox gives 401 Unauthorized. The old code correctly sent another REGISTER with authentication, but generated a new CallID - that made the fritzbox with another 401 unauthorized with a new Nonce. Thanks to @philipp-fischer and @epicbananana, those two tools did not really work for me, because all I need is notification of incoming calls, but they showed me successful SIP examples. |
Hi,
I've updated the library to the last 1.6.2 version but I still have problems authenticating to my fritz box.
The text was updated successfully, but these errors were encountered: