ProSafeLinux
ProSafeLinux copied to clipboard
tabacha
Does not wok with firmware 1.6.0.3
The password hashing algorithm used when authenticating has changed in the newer versions of the firmware for ProSafe-switches.
I don't think the algorithm has been reverse engineered by anyone yet, so until that happens and someone implements it in ProSafeLinux your only options is probably to downgrade your firmware.
Same problem as @rjes.
I used wireshark to confirm the udp package for discovery are send to my switches (tested with this app and with the netgear switch discovery tool), and the switch replies with udp packages from all the switches.
I can not find that the discovery is using any sorts of password in the source. Password, or wether to downgrade as @nmeid suggested, is not the problem.
On my raspberry pi (new install of buster) the program does not receive any packages on the rsocket in the def recv(self, maxlen=8192): function. None. There is just no message data ever!
So something is broken.
Even with a very big timeout (and wireshark already confirming the packages received). None.
I believe the firmware also changed the destination of the packets. Previously packages from the switch to the client were broadcast to 255.255.255.255, but in the never versions they're sent directly to the client.
@Tristan79 It's been a while since I've looked at this but I think that if you try to change the IP in https://github.com/tabacha/ProSafeLinux/blob/master/psl_class.py#L156 to the IP of your local interface and see whether it helps.
Thanks @sbytnar for providing this MR. I've merged it to master at https://github.com/Z3po/ProSafeLinux . I've been working on that Probject together with tabacha a long time ago and are now trying to reanimate the whole thing.
Feel free to check there for updates which (hopefully) come available soon :)
I tried:
https://github.com/kvishnivetsky/NetgearProSafeUtils.git https://github.com/tabacha/ProSafeLinux.git https://github.com/AlbanBedel/libnsdp.git https://dl.packetstormsecurity.net/UNIX/utilities/nsdtool.tar.bz2
And after a couple of hours, I really gave up hope...
So this is f-ng great!
I checked it out: result success!
Discovery finds only one switch, (I have 4) That probably is the first to reply. But that no problem ;)
I can confirm I can query them with no password... as long as Web browser and Plus Utility option is selected even when you have a password on the web browser part.
Working switches GS116Ev2 Latest Firmware v2.6.0.43 (all 3) GS108Ev3 Latest Firmware v2.06.10en
I can query my vlan_pvid, speed_stat,...
Very happy... I can now monitor my little network :-) Thank! Let me know if you need a tester for future updates...
Now that it is working and when I have time to spare this month, I will create a small mqtt client that queries the port connected/port speed and the bit send over it :-) (speed_stat, port_stat). So I can send it to my home automation (for example domoticz, or home assistent) and do stuff like graphs with grafana & influxdv... Very happy
So, i played with it:
igmp_snooping -> empty when disabled (not 0) port_mirror -> python crashes/broken gs116
Fix at: https://github.com/martynjarvis/ProSafeLinux/commit/2606e40365f7ba0dbc627317ded3da5e3bc534ec
vlan_id -> empty?=somethingtype, gives no output, unless is enabled igmp_header_validation number_of_ports -> its in hex!!!
Unknown values gs116v2 (for all 3 switches) fixme7400 -> 2000021fffff7ffd ??? It this the serial number fixmeC -> 2 fixme2 -> 0000 fixme5400 -> 00
Unknown values gs108v3 fixme7400 -> 000000187ffcffff ??? It this the serial number fixmeC -> 1 fixme2 -> 0000 fixme5400 -> 00
missing: gs116v2:
- IGMP Snooping Static Router Port (select one from port 1-16)
- Broadcast Forwarding Method (dynamic/software/hardware)
- Power Save Mode (on/off)
- Link Aggregation (LAG)
missing: gs116v2 & gs108v3:
- Loop Detection (on/off)
- Storm Control Rate (port 1-8/16)
- Serial Number (13 chars)
Other fixes?
https://github.com/sdegeorgio/ProSafeLinux/commit/65751d7d37634eb8df36e554b2a67f9ca99ed46c
I could not sleep... so...
For those who wants to play around with it alpha version of mqtt client.
https://github.com/Tristan79/ProSafeLinux
still have to calculate the bitrates, and put the settings in a separate file... and maybe the possibility to reset the counters. and if I have time vlan and lag??? settings per port.
but for now it sends all statistics of a port (connected?/connectiontype/send/received/(multi/broadcast)packets/crcerror and model, number of port and the firmware version to mqtt...
if I finish it I will do pull request... I think it will be a nice add-on to this repo :-)
Going to try to catch some sleep I hope...
I've reverse engineered a lot of the protocol a few years ago. The 7400 message is some kind of capabilities bitmap. Tampering with it made me able to enable/disable features in the ProSAFE Plus Utility. 5400 is broadcast filtering 0002 is probably some value to determine the product type 000c seems to be the number of firmware images
I have a very crude repository which I stopped working on when the new password algorithm was introduced. In case anyone is interrested here are my findings regarding the protocol: https://github.com/nmedb/nsdpy/blob/develop/lib/nsdpy/protocol.py#L115
Hi,
i am trying to use this tool with GS116Ev2 and Firmware 2.6.0.48. Web and Prosafe Utility is actived, but i can not discover any switch or query it by his mac adress. Can someone help me with this?
Thanks a lot.
Cu kami
