kopia lustrzana https://github.com/weetmuts/wmbusmeters
Do not accept proper non-encrypted telegrams for an id when a key is specified for that id.
rodzic
d32b69a810
commit
0224941e00
3
CHANGES
3
CHANGES
|
@ -1,4 +1,7 @@
|
|||
|
||||
Close a security hole where you could trivially spoof an encrypted meter
|
||||
by sending an unencrypted telegram with the same id.
|
||||
|
||||
Jacek27 added support for the Munia temp/hygrometer. Thanks Jacek27!
|
||||
|
||||
Improved verbose logging to show if you are not in the dialout
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
telegram=|6E4401068888888805077A850060852F2F|80C84AFD9308020043820183000A5415586302FCA91510F01200007B01F0120000C91200006D110000D20E0000F5090000B30400006D0000002B0000002B0000002B0000002B0000002B000000A085D9A103FFFFFFFFFFFFFFFFFFFF0A8D|
|
||||
telegram=|2A442D2C998734761B168D2091D37CAC21576C78|02FF207100041308190000441308190000615B7F616713|
|
||||
telegram=|AE44EE4D777777773C077A4400A0252F2F|6D142F570000426C01014C130000000082046C41218C0413000000008D04931E3A3CFE0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000046D030C6F2303FD6C401F0082206C6B210BFD0F0200018C4079000000008310FD31E0040082106C6F238110FD610102FD66030002FD1700012F2F2F2F2F2F2F2F2F2F|
|
||||
telegram=|2e44EE4D777777773C077ab54800002f2f02fd1b110002fd971d01000efd3a2200000000008e40fd3a000000000000|
|
||||
|
|
23
src/wmbus.cc
23
src/wmbus.cc
|
@ -1419,9 +1419,10 @@ bool Telegram::potentiallyDecrypt(vector<uchar>::iterator &pos)
|
|||
{
|
||||
if (meter_keys && meter_keys->hasConfidentialityKey())
|
||||
{
|
||||
// Oups! There this telegram is already decrypted, but
|
||||
// we have specified a key! Do not accept this telegram!
|
||||
warning("(wmbus) WARNING! telegram should have been encrypted, but was not! "
|
||||
// Oups! This telegram is already decrypted (but the header still says it should be encrypted)
|
||||
// this is probably a replay telegram from --logtelegrams.
|
||||
// Since we have specified a key! Do not accept this telegram!
|
||||
warning("(wmbus) WARNING! telegram should have been fully encrypted, but was not! "
|
||||
"id: %02x%02x%02x%02x mfct: (%s) %s (0x%02x) type: %s (0x%02x) ver: 0x%02x\n",
|
||||
dll_id_b[3], dll_id_b[2], dll_id_b[1], dll_id_b[0],
|
||||
manufacturerFlag(dll_mfct).c_str(),
|
||||
|
@ -1538,6 +1539,22 @@ bool Telegram::potentiallyDecrypt(vector<uchar>::iterator &pos)
|
|||
debug("(diehl) decryption successful\n");
|
||||
}
|
||||
}
|
||||
else
|
||||
if (meter_keys && meter_keys->hasConfidentialityKey())
|
||||
{
|
||||
// Oups! This telegram is NOT encrypted, but we have specified a key!
|
||||
// Do not accept this telegram!
|
||||
warning("(wmbus) WARNING! telegram should have been encrypted, but was not! "
|
||||
"id: %02x%02x%02x%02x mfct: (%s) %s (0x%02x) type: %s (0x%02x) ver: 0x%02x\n",
|
||||
dll_id_b[3], dll_id_b[2], dll_id_b[1], dll_id_b[0],
|
||||
manufacturerFlag(dll_mfct).c_str(),
|
||||
manufacturer(dll_mfct).c_str(),
|
||||
dll_mfct,
|
||||
mediaType(dll_type, dll_mfct).c_str(), dll_type,
|
||||
dll_version);
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
@ -31,12 +31,13 @@ TESTNAME="Test that telegram really is encrypted"
|
|||
TESTRESULT="ERROR"
|
||||
|
||||
cat > $TEST/test_expected.txt <<EOF
|
||||
(wmbus) WARNING! telegram should have been encrypted, but was not! id: 88888888 mfct: (APA) Apator, Poland (0x601) type: Water meter (0x07) ver: 0x05
|
||||
(wmbus) WARNING! telegram should have been fully encrypted, but was not! id: 88888888 mfct: (APA) Apator, Poland (0x601) type: Water meter (0x07) ver: 0x05
|
||||
(meter) newly created meter (ApWater 88888888 apator162) did not handle telegram!
|
||||
(wmbus) WARNING! decrypted payload crc failed check, did you use the correct decryption key? e1d6 payload crc (calculated a528) Permanently ignoring telegrams from id: 76348799 mfct: (KAM) Kamstrup Energi (0x2c2d) type: Cold water meter (0x16) ver: 0x1b
|
||||
(meter) newly created meter (Vatten 76348799 multical21) did not handle telegram!
|
||||
(wmbus) WARNING! telegram should have been encrypted, but was not! id: 77777777 mfct: (SON) Sontex, Switzerland (0x4dee) type: Water meter (0x07) ver: 0x3c
|
||||
(wmbus) WARNING! telegram should have been fully encrypted, but was not! id: 77777777 mfct: (SON) Sontex, Switzerland (0x4dee) type: Water meter (0x07) ver: 0x3c
|
||||
(meter) newly created meter (Wasser 77777777 supercom587) did not handle telegram!
|
||||
(wmbus) WARNING! telegram should have been encrypted, but was not! id: 77777777 mfct: (SON) Sontex, Switzerland (0x4dee) type: Water meter (0x07) ver: 0x3c
|
||||
EOF
|
||||
|
||||
$PROG --format=json simulations/simulation_aes_removed.msg \
|
||||
|
|
Ładowanie…
Reference in New Issue