Password encoding/decoding

Wichert Akkerman wichert at wiggy.net
Mon Aug 10 09:27:38 UTC 2009 

I have been debugging this a bit further. I have a test run with the 
following settings:

UAM secret: tushaethaihahqui
challenge: 10a1803a58fea7778e65935fba955185
raw password: ABCDEFGHIJKLMNOPQRSTUVWXYZ

The PAP obfuscated password becomes: 
4a8c7b9f70c02ae48da682f0438969c95a9c6b8f60d03af49db6c9bc0ec72699

chilli decodes that and after passing it on FreeRADIUS reports:
rlm_pap: login attempt with password "??U?"

if I try to decode using a simple decode.c I extracted from redir.c I 
get the right password:

[fog;..ldout/devel/decode]-224> ./decode 
10a1803a58fea7778e65935fba955185 
4a8c7b9f70c02ae48da682f0438969c95a9c6b8f60d03af49db6c9bc0ec72699 
tushaethaihahqui
ABCDEFGHIJKLMNOPQRSTUVWXYZ

as far as I can see my obfuscation code looks correct:

def ObfuscatePassword(challenge, password):
     xorpad=challenge.decode("hex")
     assert len(xorpad)==16
     uamsecret=pylons.config.get("chilli.uamsecret", None)
     if uamsecret:
         xorpad=hashlib.md5(xorpad+uamsecret).digest()

     while len(xorpad)<len(password):
         xorpad+=xorpad
     # NUL-pad the password to make it a multiple of the XOR-pad size
     password+="\x00"*(len(xorpad)-len(password))

     assert len(password)==len(xorpad)

     result=[]
     for i in range(len(password)):
         result.append(chr(ord(password[i]) ^ ord(xorpad[i])))
     result="".join(result)
     return result.encode("hex")


Does anyone have an idea why this goes wrong?



On 8/3/09 14:12 , Wichert Akkerman wrote:
> I am wondering if something goes wrong in the password handling. I know
> something goes wrong on my end in the UAM<->Chilli communication which
> mangles passwords: if I sent ABCDEFGHIJKLMNOPQRSTUVWXYZ as password
> chilli decodes that to ABCDEFGHIJKLMNOPK<lots of binary>. But things go
> wrong on when that is sent to RADIUS as well. Here is the FreeRadius log
> output for the same request:
>
> rad_recv: Access-Request packet from host 127.0.0.1 port 56008, id=2,
> length=269
> Vendor-14559-Attr-8 = 0x312e302e3134
> User-Name = "wichert"
> User-Password = "U\004j,"
> NAS-IP-Address = 10.1.0.1
> Service-Type = Login-User
> Framed-IP-Address = 10.1.0.3
> Calling-Station-Id = "00-0C-29-27-79-83"
> Called-Station-Id = "00-0C-29-6C-0F-92"
> NAS-Identifier = "nas01"
> Acct-Session-Id = "4a76d33900000002"
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 2
> WISPr-Location-ID = "isocc=NL,cc=31,ac=020,network=Attingo,KLM_Lounge"
> WISPr-Location-Name = "KLM_Lounge"
> WISPr-Logoff-URL = "http://10.1.0.1:3990/logoff"
> Message-Authenticator = 0x4d6f776979e5711baf9ae428338e9bf7
> Login incorrect (rlm_pap: CLEAR TEXT password check failed):
> [wichert/U\004j,] (from client localhost port 2 cli 00-0C-29-27-79-83)
> WARNING: Unprintable characters in the password. Double-check the shared
> secret on the server and the NAS!
>
> which shows that my bad password has become even more corrupted.
>
> Wichert.

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: decode.c
URL: <http://lists.coova.org/pipermail/chilli/attachments/20090810/48c67077/attachment.txt>

More information about the Chilli mailing list