Forum Home › Forums › Development and Integration › external application requesting sacada data
Tagged: login, scadaclient
- This topic has 25 replies, 4 voices, and was last updated 4 months, 1 week ago by zzz.
-
AuthorPosts
-
April 19, 2024 at 12:16 pm #14446JWParticipant
After trying all the methods, still not working.
Then I downloaded the ScadaTestClient again, this time running it, then it worked.
There is a windows warning about the unsigned application this time, never popup before, then after clicking yes, it can run. not sure if it is relevant.
April 19, 2024 at 12:49 pm #14447JWParticipantfinally found the issue, in the password field of the xml, can not use the password copy from user table.
need to use the password generated from the Project Tools -> Encrypt Password.
April 19, 2024 at 1:15 pm #14448JWParticipantI am confused with the encrypted password meaning for the API.
for the HelloWorld Project, default ScadaComm account
Plain test pw = scada
pw from user table = F9A226BC671CB198C7D83ADEA0B1F2B8
pw from encrypt password tool = B9D0F030265751578B00E9801C69320C
secrete key = 0E063D581B1DB27B8E984993DED65CE99284A706756C706C7F3B12C44BD55D4Dfor the API 0x0002 login, a field say encrypted password, does it mean the pw from encrypt password tool? or I need to do AES encryption again using pw from encrypt password tool with secrete key
April 19, 2024 at 2:17 pm #14450JWParticipantComparing the network traffic, I found a mismatch of the protocol document.
for the 0x0002 function,
for the field of username, password, instance,
actually should be
length of username (2bytes),
username,
length of password (2bytes),
password
length of instance (2bytes),
instanceApril 22, 2024 at 7:50 am #14452MikhailModeratorYou right. The Users table contains the password hash, while XML files contains encrypted passwords. Hash cannot be decrypted. Encrypted password can be decrypted. You can encrypt password with Administrator user interface.
April 22, 2024 at 7:53 am #14453MikhailModeratorIn the protocol, a string is encoded as
Bytes 0…1 – the string length in bytes
Bytes 2…N – the UTF-8 encoded charactersCould you specify what should be updated in the document?
April 23, 2024 at 1:20 am #14457JWParticipantmy mistake, misinterpreted the string in the doc, the string format description is correct.
April 23, 2024 at 8:56 am #14460MikhailModeratorOK
April 23, 2024 at 4:01 pm #14461JWParticipantI get most command done except the login…
use wireshark captured 3 login data, the “Encrypted Password String Bytes” are different each time.
02003d000000cce90c32cd62e16f020009005363616461436f6d6d20004244383437323932323946453046443831343932394339393445354132393430000000000000 02003d000000e7bc670599955ad1020009005363616461436f6d6d20004343464338394230304237383246353231344434343837434431304341354545000000000000 02003d0000006c50d7e367885fa3020009005363616461436f6d6d20003631453934424138324433453145363036323643313743374236383633334339000000000000
So the string bytes should be not directly the “Encrypted Password encrypt password tool”.
Some further encryption operation has been done to the password before packing it into bytes.
Is there any instruction on this?
April 23, 2024 at 5:10 pm #14462MikhailModerator> the “Encrypted Password String Bytes” are different each time
Yes. The protection algorithm encrypts password differently. Otherwise, someone can sniff packets and login.Check the ScadaClient and ClientBase source code.
May 29, 2024 at 5:08 am #14553zzzParticipantSince there doesn’t seem to be any mention of the session id, it may be worth mentioning that the password encryption is initialized with the sess_id.
Here is how I did it in my current client.
def Encrypt(s: str, sec_key, sess_id) -> str: ct = EncryptBytes(s.encode("UTF8"), sec_key, sess_id) return binascii.b2a_hex(ct).decode("ascii").upper() def EncryptBytes(bstr:bytes, secretKey, sess_id): # generate iv from sess_id iv = bytearray(IVSize) sessBuf = struct.pack("q",sess_id) sessBufLen = len(sessBuf) for i in range(0, IVSize): iv[i] = sessBuf[i % sessBufLen] #print("gen_iv=") #hexdump(iv) # encrypt byets padder = padding.PKCS7(128).padder() cipher = Cipher(algorithms.AES(secretKey), modes.CBC(iv)) encr = cipher.encryptor() bstr = padder.update(bstr) + padder.finalize() ct = encr.update(bstr) + encr.finalize() return ct
-
AuthorPosts
- You must be logged in to reply to this topic.