pyrad icon indicating copy to clipboard operation
pyrad copied to clipboard

Published 20 hours ago verified publisher icon pyradius

Password decode issue using curved

Open michaelmdresser opened this issue 7 years ago • 2 comments

I have a working server written for Linux machines that performs the functionality I require (authentication requests only). I, unfortunately, also need it to function on Windows machines, and I discovered that pyrad has a dependency issue when on Windows machines. The curved.py (which uses twisted) included in pyrad apparently will work around this (https://github.com/wichert/pyrad/issues/16).

I've modified my code for an implementation that inherits from curved.RADIUSAccess. One issue that I have had with curved is the datagramReceived is not being properly overloaded and was calling self.CreatePacket instead of self.CreateAuthPacket. I discovered this by attempting to call pkt.PwDecrypt. I had to overload datagramReceived in order to fix this issue.

Now, when I call pkt.PwDecrypt(pkt[attr][0]), where attr = "User-Password", I get the following traceback:

        Traceback (most recent call last):
          File "C:\Users\michael.dresser\AppData\Local\Programs\Python\Python35\lib\site-packages\twisted\python\log.py", line 86, in callWithContext
            return context.call({ILogContext: newCtx}, func, *args, **kw)
          File "C:\Users\michael.dresser\AppData\Local\Programs\Python\Python35\lib\site-packages\twisted\python\context.py", line 122, in callWithContext
            return self.currentContext().callWithContext(ctx, func, *args, **kw)
          File "C:\Users\michael.dresser\AppData\Local\Programs\Python\Python35\lib\site-packages\twisted\python\context.py", line 85, in callWithContext
            return func(*args,**kw)
          File "C:\Users\michael.dresser\AppData\Local\Programs\Python\Python35\lib\site-packages\twisted\internet\selectreactor.py", line 149, in _doReadOrWrite
            why = getattr(selectable, method)()
        --- <exception caught here> ---
          File "C:\Users\michael.dresser\AppData\Local\Programs\Python\Python35\lib\site-packages\twisted\internet\udp.py", line 249, in doRead
            self.protocol.datagramReceived(data, addr)
          File ".\owRadiusServer_win.py", line 39, in datagramReceived
            self.processPacket(pkt)
          File ".\owRadiusServer_win.py", line 60, in processPacket
            RAD_REQUEST[attr] = pkt.PwDecrypt(pkt[attr][0])
          File "C:\Users\michael.dresser\AppData\Local\Programs\Python\Python35\lib\site-packages\pyrad\packet.py", line 477, in PwDecrypt
            return pw.decode('utf-8')
        builtins.UnicodeDecodeError: 'utf-8' codec can't decode byte 0x8e in position 0: invalid start byte

The "invalid start byte" is not always at position 0, but I always get this error. What can I do to resolve this?

Note: Using python 3.5.4, and the same issue occurs with 2.7.14

michaelmdresser avatar Dec 05 '17 18:12 michaelmdresser

I have the same issue in any python version and in docker alpine,have any solution?

duramen avatar Feb 27 '19 03:02 duramen

def decrypt_password(shared_secret: bytes, request_authenticator: bytes, encrypted_password: bytes):

md5_hash = hashlib.md5()
md5_hash.update(shared_secret)
md5_hash.update(request_authenticator)
initial_xor_key = md5_hash.digest()

password_blocks = [encrypted_password[i:i+16] for i in range(0, len(encrypted_password), 16)]


decrypted_password = b''
current_xor_key = initial_xor_key
for password_block in password_blocks:
    
    decrypted_block = bytes([password_block[i] ^ current_xor_key[i] for i in range(16)])
    decrypted_password += decrypted_block
    
    md5_hash = hashlib.md5()
    md5_hash.update(shared_secret)
    md5_hash.update(password_block)
    current_xor_key = md5_hash.digest()


return decrypted_password.rstrip(b'\x00')

a72 avatar May 02 '23 10:05 a72