###this msg string is exactly same as shown in the esp packet(after encryption)
>>> hmac.new(key1,msg).hexdigest()
'bbbbf2b73036df453130995a7322412b'
>>> hmac.new(key1,msg.encode('hex')).hexdigest()
'80f23547d19437c4a6278724cb711f31'
>>>
looks like this two hmac calculation are both wrong, after I send the
packet with this hmac value(first 12 byte), wireshark complain the
hmac is wrong:
Authentication Data [incorrect, should be 0x3150EDBE93C020C42F23114E]
Looks like my calculation is wrong, but I don't know where. Anyone
could help? Thanks!!!!
--
Rgds,
Hans Yin
Web: http://sourceforge.net/projects/autotestnet/
Email: hansyin (at) gmail (dot) com [email concealed]
MSN: hansyin (at) hotmail (dot) com [email concealed]
Skype: hans_yin_vancouver
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
python to create the hmac, I tried this:
>>> key1="11111111111111111111111111111111"
>>> msg="000001340000000b46e66a9853b58a94492be70c535a72d5994c3fe54a7c69e6a43
3c5a1a24b2c207e28f240b6d51e7b8711daa2b2ec39461dfa246ae23265fcd3c20f4bb1d
691beecd8a8a717de6f5bcdc4e4564ca75cdf99e748946b551d1d9dcb2ec0b42294af"
###this msg string is exactly same as shown in the esp packet(after encryption)
>>> hmac.new(key1,msg).hexdigest()
'bbbbf2b73036df453130995a7322412b'
>>> hmac.new(key1,msg.encode('hex')).hexdigest()
'80f23547d19437c4a6278724cb711f31'
>>>
looks like this two hmac calculation are both wrong, after I send the
packet with this hmac value(first 12 byte), wireshark complain the
hmac is wrong:
Authentication Data [incorrect, should be 0x3150EDBE93C020C42F23114E]
Looks like my calculation is wrong, but I don't know where. Anyone
could help? Thanks!!!!
--
Rgds,
Hans Yin
Web: http://sourceforge.net/projects/autotestnet/
Email: hansyin (at) gmail (dot) com [email concealed]
MSN: hansyin (at) hotmail (dot) com [email concealed]
Skype: hans_yin_vancouver
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]