[BUG] Incorrect password for AX3000 model RA82

[DarkArchon92]

Hi there!

I'm able to login through the website or app with the admin password but the MiWifi integration is throwing me this error:

I also tried the WiFi password, just for testing, same result.

Checking the log I found this:

2022-05-08 16:39:46 DEBUG (MainThread) [custom_components.miwifi.luci] Successful request (http://192.168.31.X/cgi-bin/luci/api/xqsystem/login): b'{"code":401,"msg":"not auth"}'
2022-05-08 16:39:46 DEBUG (MainThread) [custom_components.miwifi.luci] Failed to get token (http://192.168.31.X/cgi-bin/luci/api/xqsystem/login): {'code': 401, 'msg': 'not auth'}
2022-05-08 16:39:46 DEBUG (MainThread) [custom_components.miwifi.updater] Finished fetching MiWifi updater data in 1.260 seconds (success: True)
2022-05-08 16:39:46 DEBUG (MainThread) [custom_components.miwifi.config_flow] Verify access code: 403
2022-05-08 16:39:58 DEBUG (MainThread) [custom_components.miwifi.luci] Successful request (http://192.168.31.X/cgi-bin/luci/api/xqsystem/login): b'{"code":401,"msg":"not auth"}'
2022-05-08 16:39:58 DEBUG (MainThread) [custom_components.miwifi.luci] Failed to get token (http://192.168.31.X/cgi-bin/luci/api/xqsystem/login): {'code': 401, 'msg': 'not auth'}
2022-05-08 16:39:58 DEBUG (MainThread) [custom_components.miwifi.updater] Finished fetching MiWifi updater data in 1.227 seconds (success: True)
2022-05-08 16:39:58 DEBUG (MainThread) [custom_components.miwifi.config_flow] Verify access code: 403

Router AX3000 Mesh System
Model RA82
Software v. Global 1.3.27

[dmamontov]

@DarkArchon92 I have a few guesses as to why this might be.

1. It is worth checking the time on the server and on the router, is it the same?

[DarkArchon92]

That's a great question because I didn't check.

The time is the same

[dmamontov]

@DarkArchon92 OK. Attempt 2.

Open the debug panel in chrome on the authorization page (http://192.168.31.1/cgi-bin/luci/web) and search the source code for the "Encrypt" page. Here are all its contents.

[DarkArchon92]

OK!

I'm not sure if this is what you need

var newEncryptMode = ''
    var Encrypt = {
        key: 'a2ffa5c9be07488bbb04a3a47d3c5f6a',
        iv: '64175472480004614961023454661220',
        nonce: null,
        init: function () {
            var nonce = this.nonceCreat();
            this.nonce = nonce;
            return this.nonce;
        },
        nonceCreat: function () {
            var type = 0;
            var deviceId = '04:ed:33:c2:6a:a0';
            var time = Math.floor(new Date().getTime() / 1000);
            var random = Math.floor(Math.random() * 10000);
            return [type, deviceId, time, random].join('_');
        },
        oldPwd: function (pwd) {
            if(newEncryptMode == 1){
                return CryptoJS.SHA256(this.nonce + CryptoJS.SHA256(pwd + this.key).toString()).toString();
            }else{
                return CryptoJS.SHA1(this.nonce + CryptoJS.SHA1(pwd + this.key).toString()).toString();
            }
            
        },
        newPwd: function (pwd, newpwd) {
            var key = CryptoJS.SHA1(pwd + this.key).toString();
            var password = CryptoJS.SHA1(newpwd + this.key).toString();

            key = CryptoJS.enc.Hex.parse(key).toString();
            key = key.substr(0, 32);
            key = CryptoJS.enc.Hex.parse(key);

            var iv = CryptoJS.enc.Hex.parse(this.iv);
            var aes = CryptoJS.AES.encrypt(
                password,
                key,
                {iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7}
            ).toString();
            return aes;
        },
        newPwd256: function (pwd, newpwd) {
            var key = CryptoJS.SHA256(pwd + this.key).toString();
            var password = CryptoJS.SHA256(newpwd + this.key).toString();

            key = CryptoJS.enc.Hex.parse(key).toString();
            key = key.substr(0, 32);
            key = CryptoJS.enc.Hex.parse(key);

            var iv = CryptoJS.enc.Hex.parse(this.iv);
            var aes = CryptoJS.AES.encrypt(
                password,
                key,
                {iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7}
            ).toString();
            return aes;
        }
    };

[dmamontov]

@DarkArchon92 The authorization algorithm seems to be the same.

A little silly question, you enter the same password as on this page http://192.168.31.1/cgi-bin/luci/web?

And a little clarification, do you have pihole or similar dns servers?

[dmamontov]

luci.py.zip

I slightly expanded the logging in this file, if possible, replace and try again. Send a new log after that.

[DarkArchon92]

@DarkArchon92 The authorization algorithm seems to be the same.

A little silly question, you enter the same password as on this page http://192.168.31.1/cgi-bin/luci/web?

And a little clarification, do you have pihole or similar dns servers?

Yes, I entered the same admin password and I don't have any DNS server or pihole at home.
Ok, let try that. One moment

[DarkArchon92]

luci.py.zip

I slightly expanded the logging in this file, if possible, replace and try again. Send a new log after that.

OK!
Here you have:

2022-05-15 20:26:55 DEBUG (MainThread) [custom_components.miwifi.luci] Start request (http://192.168.31.1/cgi-bin/luci/api/xqsystem/login): {"username": "admin", "logtype": "2", "password": "25645f92aa486ff289702a39fff3757cb25f7df5", "nonce": "0_dc:a6:32:54:5d:53_1652642815_804"}
2022-05-15 20:26:55 DEBUG (MainThread) [custom_components.miwifi.luci] Successful request (http://192.168.31.1/cgi-bin/luci/api/xqsystem/login): b'{"code":401,"msg":"not auth"}'
2022-05-15 20:26:55 DEBUG (MainThread) [custom_components.miwifi.luci] Failed to get token (http://192.168.31.1/cgi-bin/luci/api/xqsystem/login): {'code': 401, 'msg': 'not auth'}
2022-05-15 20:26:55 DEBUG (MainThread) [custom_components.miwifi.updater] Finished fetching MiWifi updater data in 1.271 seconds (success: True)
2022-05-15 20:26:55 DEBUG (MainThread) [custom_components.miwifi.config_flow] Verify access code: 403

[dmamontov]

@DarkArchon92 And now, if it’s not difficult, you can see what you send to this API when you authorize through a browser. To do this, open the Chrome debug panel, go to the network tab, check the "Save log" checkbox and, without closing, enter the password to log into the system. there will be a request to the address http://192.168.31.1/cgi-bin/luci/api/xqsystem/login. I'm interested in the "Payload" tab

[DarkArchon92]

@DarkArchon92 And now, if it’s not difficult, you can see what you send to this API when you authorize through a browser. To do this, open the Chrome debug panel, go to the network tab, check the "Save log" checkbox and, without closing, enter the password to log into the system. there will be a request to the address http://192.168.31.1/cgi-bin/luci/api/xqsystem/login. I'm interested in the "Payload" tab

Ok, the payload tab here

username: admin
password: 0b330b57c61e4ae807e33f5872a59d8e82f469da5747c0ae4dc179d6f493fd8f
logtype: 2
nonce: 0_a8:5e:45:56:50:98_1652643584_7334

[dmamontov]

@DarkArchon92 It doesn't look like you're entering the same password, look at the password field, it's of significantly different lengths. Are you sure you're entering the same password?

[DarkArchon92]

Yes, I'm sure.
Is it maybe a cache thing? No idea

I've changed my admin password and tried.
LOG:

2022-05-15 20:48:23 DEBUG (MainThread) [custom_components.miwifi.luci] Start request (http://192.168.31.1/cgi-bin/luci/api/xqsystem/login): {"username": "admin", "logtype": "2", "password": "1eb01028bc79a3c953191b1d77195194a059762f", "nonce": "0_dc:a6:32:54:5d:53_1652644103_442"}
2022-05-15 20:48:23 DEBUG (MainThread) [custom_components.miwifi.luci] Successful request (http://192.168.31.1/cgi-bin/luci/api/xqsystem/login): b'{"code":401,"msg":"not auth"}'
2022-05-15 20:48:23 DEBUG (MainThread) [custom_components.miwifi.luci] Failed to get token (http://192.168.31.1/cgi-bin/luci/api/xqsystem/login): {'code': 401, 'msg': 'not auth'}
2022-05-15 20:48:23 DEBUG (MainThread) [custom_components.miwifi.updater] Finished fetching MiWifi updater data in 1.244 seconds (success: True)
2022-05-15 20:48:23 DEBUG (MainThread) [custom_components.miwifi.config_flow] Verify access code: 403

Payload tab:

username: admin
password: 252f44335a3ce39f0d8b99a43ed3081c7fa910c6b32c665e1b6379fcc7d49c3b
logtype: 2
nonce: 0_a8:5e:45:56:50:98_1652644149_9981

Same result :/

[dmamontov]

luci.py.1.zip

luci.py.2.zip

Try these files one by one. There is the only difference that I saw.

Also, do you happen to use whitelists in the router or something else?

[DarkArchon92]

OK! Trying

I don't have whitelists or any access control list. The only thing I have is the static IP assignment list for all the connected devices.

First file:

2022-05-15 21:10:00 DEBUG (MainThread) [custom_components.miwifi.luci] Successful request (http://192.168.31.1/cgi-bin/luci/api/xqsystem/login): b'{"code":401,"msg":"not auth"}'
2022-05-15 21:10:00 DEBUG (MainThread) [custom_components.miwifi.luci] Failed to get token (http://192.168.31.1/cgi-bin/luci/api/xqsystem/login): {'code': 401, 'msg': 'not auth'}
2022-05-15 21:10:00 DEBUG (MainThread) [custom_components.miwifi.updater] Finished fetching MiWifi updater data in 1.290 seconds (success: True)
2022-05-15 21:10:00 DEBUG (MainThread) [custom_components.miwifi.config_flow] Verify access code: 403

Second file:

2022-05-15 21:04:12 DEBUG (MainThread) [custom_components.miwifi.luci] Successful request (http://192.168.31.1/cgi-bin/luci/api/xqsystem/login): b'{"code":401,"msg":"not auth"}'
2022-05-15 21:04:12 DEBUG (MainThread) [custom_components.miwifi.luci] Failed to get token (http://192.168.31.1/cgi-bin/luci/api/xqsystem/login): {'code': 401, 'msg': 'not auth'}
2022-05-15 21:04:12 DEBUG (MainThread) [custom_components.miwifi.updater] Finished fetching MiWifi updater data in 1.263 seconds (success: True)
2022-05-15 21:04:12 DEBUG (MainThread) [custom_components.miwifi.config_flow] Verify access code: 403

[dmamontov]

luci.py.5.zip
another try)

[DarkArchon92]

luci.py.5.zip another try)

IT WORKS

[dmamontov]

I will release a new version with more customization. You will need to reconfigure it later.

[DarkArchon92]

I will release a new version with more customization. You will need to reconfigure it later.

Sure thing!

thank you so much for your work man

[dmamontov]

@DarkArchon92 https://github.com/dmamontov/hass-miwifi/releases/tag/v2.7.1

Delete the configuration, I'll connect it in a new way. In your case, the password encryption algorithm must be selected sha256.

[DarkArchon92]

@DarkArchon92 https://github.com/dmamontov/hass-miwifi/releases/tag/v2.7.1

Delete the configuration, I'll connect it in a new way. In your case, the password encryption algorithm must be selected sha256.

Ok! Thanks for the info

[MaitrePacha]

Hello, i have a similar issue, except that it's not a password error but an ip address error, i chose sha256 for the password encryption algorithm but it's still the same problem