-
Is the Smarthome company still existent? If so, are SwitchLinc switched still available?
-
Hi! I want to install a smart lock on my front door, but I don't know which one to choose. There are many different models available on the market. Do you have a reliable model to recommend?
-
Hi
I’m looking to rework some code I found online so I can use it on Vera, and while I’ve managed to translate / convert a number of things, I’ve got stuck on a few things it does, around encryption/decryption etc.
All the original Lua code is here - > (https://forum.logicmachine.net/showthread.php?tid=232&pid=16580#pid16580 )
Plus there looks to be a python version too here - > (https://github.com/florianholzapfel/panasonic-viera/issues/9#issuecomment-476919658)
Here’s an extract of the code where AES 128 CBC is required?
function encrypt_soap_payload(data, key, hmac_key, iv) payload = '000000000000' n = #data payload = payload .. string.char(bit.band(bit.rshift(n, 24), 0xFF)) payload = payload .. string.char(bit.band(bit.rshift(n, 16), 0xFF)) payload = payload .. string.char(bit.band(bit.rshift(n, 8), 0xFF)) payload = payload .. string.char(bit.band(n, 0xFF)) payload = payload .. data aes_cbc, err = aes:new(key, nil, aes.cipher(128, 'cbc'), { iv = iv }, nil, 1) ciphertext = aes_cbc:encrypt(payload) sig = encdec.hmacsha256(ciphertext, hmac_key, true) encrypted_payload = encdec.base64enc(ciphertext .. sig) return encrypted_payload end function decrypt_soap_payload(data, key, hmac_key, iv) aes_cbc, err = aes:new(key, nil, aes.cipher(128, 'cbc'), { iv = iv }, nil, 0) decrypted = aes_cbc:decrypt(encdec.base64dec(data)) decrypted = string.gsub(string.sub(lmcore.strtohex(decrypted), 33), '%x%x', function(value) return string.char(tonumber(value, 16)) end) return decrypted endI can get to the point where I can create the parameters for the payload encrypt request (example below), it’s just the encryption/decryption I cant do..
data="1234" key="\\S„ßÍ}/Ìa5!" hmac_key="¹jz¹2¸F\r}òcžÎ„ 臧.ª˜¹=¤µæŸ" iv=" {¬£áæ‚2žâ3ÐÞË€ú "I’ve found this aes.lua (https://github.com/openresty/lua-resty-string/blob/master/lib/resty/aes.lua ) module online, but that requires loads of others modules too, most notably ffi.lua. Which I’d ideally like to avoid.
I also came across this aes128.lua (https://github.com/somesocks/lua-lockbox/blob/master/lockbox/cipher/aes128.lua ) but i’m not sure how that handles all the other parameters e.g specify the cbc aspect etc.
Finally there’s this aes256ecb.lua script (https://github.com/idiomic/Lua_AES/blob/master/AES.lua) , could that be converted to aes 128 cbc and then used in the above?
Any help/advice on this would be appreciated..
-
I just upgraded the firmware for the inverter for my solar panels and that made it possible to enable Modbus TCP.
At a glance that would be perfect for live production data fed into my home automation environment but my lack of knowledge about the protocol and how to put the data where I want it failed me.What I have:
MSR
openLuup
Vera Secure
Ezlo Plus
Mosquitto
Homebridge
Windows Server
Ubuntu Server
Quite decent PowerShell skills
Enough Lua knowledge to write my own functions and handlers
The inverters Modbus interface definitionsWhat I want to achive:
Something that can be run by systemd och anything else monitoring the status and keeping the Modbus connection alive.
Publish readings over MQTT or whatever fits my setup, the goal is to feed the data into openLuup in someway so Historian can log the data for Grafana and display current production to HomeKit (as a mqttthing light sensor, since there is no other accessory suitable at the moment).Anyone implemented Modbus TCP in similar projects or have any guidance on how to reach my goal?
Open for alternative solutions as well, all suggestions are appreciated!
-
Hi to all,
I am user of vera controller. I have a dahua door intercom with relay. Relay activates with username and password authentication. I can activate the relay http://admin:a1234567@192.168.1.111/cgi-bin/accessControl.cgi?action=openDoor&channel=1&UserID=101&Type=RemoteAs you can see intercom username admin and password is a1234567 I build a scene with luup code luup.inet.wget( "http://admin:a1234567@192.168.1.111/cgi-bin/accessControl.cgi?action=openDoor&channel=1&UserID=101&Type=Remote" ) But can not activate relay. Is there any idea?
-
Hi to all, I have a bricked vera secure that is replaced with new one. Old vera secure serial numbers are deleted from vera servers so I cannot use it. Vera secure's are orginally Sercomm's NA502 model devices. Recently I install openwrt to the old vera secure unit without problem. Is there any way to use it any automation system with internal z-wave. I install domoticz but I cannot setup internal z-wave unit, it only accept usb zwave radios. Is there any ideas?
-
I ordered a Fibaro Dimmer 2 and Bypass device for my upstairs landing / hallway lights.
I have 2 light switches one at the bottom of the stairs and another one upstairs on the landing.
But I am struggling to make sense of my current wiring, more details / photos on the Vera forum.
Jan 27 Anyone good at electrical wiring for light switches? Anyone good at electrical wiring for light switches?Hi I ordered a Fibaro Dimmer 2 and Bypass device for my upstairs landing / hallway lights. I have 2 light switches one at the bottom of the stairs and another one upstairs on the landing. I have no neutral wires in the house behind the light switches. These are photos of the light switch...
Thanks
-
Hello,
Looking to all the dev's and tinkerers on this community for ideas on how to implement a solution to my problem. Kind of a long intro, sorry.Problem statement:
I have a geothermal heat pump that has a loop that is slightly undersized. During the cold weather months in the Pacific Northwest (one or two months of the year), the loop can get below 32 degrees. If it goes on for a few days, it can generate significant frost heaving in my yard and under the flagstone deck, Actually fixing the issue is cost prohibitive.Current mitigation:
I have DS18B20 tied into Home Assistant and monitoring the temp of the fluid coming out of the loop and if it drops below 35 degrees, MSR triggers a Fibaro Implant to add a resister into the external temp circuit and fool the Venstar to think the outside temp is below 32 degrees and issue a Heat Pump lockout and switch to AUX heat. While this is working fine and the AUX heat is only coming on once or twice a day, I would like to simplify the setup so it runs on something other than HA and MSR. I think they are overkill for my issue. Also want this to be independent of anything else in the house so it can stay behind if I am not around to maintain.I only have two inputs and one output:
Inputs: Loop temp, Furnace running
Outputs: Switch relay to drop resistance to external thermostat connection on thermostat.
Logic is super simple:
If temp is below 36 degrees and furnace is running, turn on relay
If furnace stops, turn off relay.
I am sure even I can figure that out on Python.Trying to determine the best platform for a set it and forget it black box that works with as close to zero maintenance as possible.
Options I have thought of are:
Pi zero with a GPIO controlled relay ESPHome (Not very knowledgeable about that platform, but willing to explore) Arduino Anything anyone else suggestsAny ideas are appreciated.
-
Greetings,
I’m researching a migration from Vera+ to Hubitat C7 and want to know if anyone has successfully connected the Hubitat to the “HA Bridge” for local Alexia calls.
The HA Bridge does not callout Hubitat natively from what I see.Thanks for your assistance.
-
Hi all
Having some time off i’ve been able to invest a chunk in creating some plug-ins for Vera/OpenLuup, and will do what I can to post them in GitHub and add links on the Vera Community and here, for anyone who is interested.
But, being knew to any of this, I wanted to ask for any guidance on how and when I should share stuff ? How best do I share it ? Am I liable for anything I share? Is GitHub the best place ? What licenses should I associate with them ?
The latter is a strange one, as I don’t see how I can have any claim over the content/code itself, as I’ve learnt and leveraged so much from others..
To get the ball rolling I posted this on the ezlo/Vera site..
Jan 4 Luup Plugin - Energenie PMS LAN Switch Luup Plugin - Energenie PMS LAN SwitchHi To ensure I give back to this community, which has been educating me in all things Lua and Luup over the years (12+) I wanted to share some of the plugins I’ve built recently to see if any are of use/interest to others. The first one is for the Energenie PMS LAN Switch where I have built two...
-
Hey guys,
I just registered here in the forum and honestly… I’m new to the whole topic. I‘m a web developer, so I‘ve quite a bit experience with java, js, sql and so on. But that may not help a lot in this new field.
I‘m looking forward to develop my own smart home device and I‘m looking for starting point. In General the specs are like:
The device should work with WiFi, I want to integrate it into my network I want to write an own app to control it, it may find the device in my network I want the device to be offline usable, if possible (without internet connection) I want the device to broadcast information in my network like „water is empty“, so I can use push messaging in the App it should be ready to as well work with Alexa or Apple Home Kit or Google Assistant as I Plan to develop a skill for them.Can someone provide me with some information I could start with? Like - are there microcontrollers I could go with or is it to complex and I need a raspy? Which frameworks / languages / libs could I use? I know how to do the things on the app side but not on the device side.
-
Vainly trying to get to the bottom of the 10 - 15 second delay for TTS with the Alexa plugin (still) anyone have a list of the possible Alexa hosts? Just wonder if the one I have (layla.amazon.co.uk) could just be slow.
Any thoughts?
C
-
-
Hello. First, excuse my english, please. I bought a Vera Edge looking for some way to make a digital ambient thermostat that I could manage remotely without a phone home from the device side. I am very disappointed with that device because all the "official" help of the brand goes in the way of to sign in an account and work with their cloud. I have some computer, network and linux knowledge but all my tests with the hub and a Qubino Flush 1D Relay has been unsuccessful. I connected both and I got to make some basic functions but I see myself very far to get my target. This is my last try to get something before I log in an account in getvera.com and look if I can make some progress in my project following that way.
Can somebody tell me some place where I can learn the basic concepts of this system? Guides, books, videos... Whatever it can help me in my project.
Thank you.
-
Node-Red on my Linux Debian box seems to be having issues now. It keeps saying repeatedly "Lost connection to server, reconnecting..." in the web browser.
I recently updated nodejs for MSR, I wonder if that might be related:
"Bump recommended nodejs version to 16.13.0; versions 14 and 15 will continue to be supported through March 31, 2022"
Nodejs version = v16.13.1
I have tried updating Node-Red that is now version v2.1.4
I also updated npm to version v8.2.0
I am not sure how or where to look at the log file for node red?
This is the contents of the nodered.service file in this directory:
# systemd service file to start Node-RED [Unit] Description=Node-RED graphical event wiring tool Wants=network.target Documentation=http://nodered.org/docs/hardware/raspberrypi.html [Service] Type=simple # Run as normal pi user - change to the user name you wish to run Node-RED as User=stuart Group=stuart WorkingDirectory=/home/stuart Environment="NODE_OPTIONS=--max_old_space_size=1024" # uncomment and edit next line if you need an http proxy #Environment="HTTP_PROXY=my.httpproxy.server.address" # uncomment the next line for a more verbose log output #Environment="NODE_RED_OPTIONS=-v" # uncomment next line if you need to wait for time sync before starting #ExecStartPre=/bin/bash -c '/bin/journalctl -b -u systemd-timesyncd | /bin/grep -q "systemd-timesyncd.* Synchronized to time server"' ExecStart=/usr/bin/env node-red-pi $NODE_OPTIONS $NODE_RED_OPTIONS #ExecStart=/usr/bin/env node $NODE_OPTIONS red.js $NODE_RED_OPTIONS # Use SIGINT to stop KillSignal=SIGINT # Auto restart on crash Restart=on-failure RestartSec=20 # Tag things in the log SyslogIdentifier=Node-RED #StandardOutput=syslog [Install] WantedBy=multi-user.target
/etc/systemd/system/multi-user.target.wantsThanks
-
Hi @ll, last days I migrated my last zwave device from Vera to zwave js in homeassistant. Out of 150 devices 1 did not go well initially but reinterviewing did it directly. Most work was to find the ex and inclusion procedure, 3 times, click, clack, whatever. I must admit that Vera is Lighting fast!!!!! With only 3 devices left, those were my under the floor switches I had to do last.
Now I am totally gone from Vera, altui, luup, etc. There's nothing more left for me on this forum. And since it was one of my "routine sites" reading I will save a few minutes a day skipping it.
I thank you all for all the kind help, warm words and laughter about the ezlo flop :-).
I hooe you all will be safe and healthy and whish you all the best!
I will stay on the homeassistant forum.
Goodbye!
-
Morning all. Hope all are well. Been a bit of a trying time here, but nothing we can't deal with....
.....apart from this!My coffee grinder went punk yesterday (wasn't even being used) and took out the main breakers. Once it was isolated I got everything back on line, except on TKB smart plug which was in the same double socket as the grinder.
OpenLuup claims it's failed. Z-wave server can't see it but it responds to the button pushes physically as I'd expect. (i.e. the socket turns on and off, and the LED flashes to indicate it's in inclusion / exclusion mode)
My plan is to see if I can exclude it then re-include it in z-wave server. If that doesn't work then I'll bin it, but if it does work can I then re-number it to match the original device ID and not have to trawl through my reactors? Any chance?
TIAC
-
Some of you may know that I took at shot at building an alternate geofencing solution for Vera. The core of it was system agnostic, using the OwnTracks application and AWS lambdas to track devices and keep a central data, then disseminate that to the Vera via a websocket-based plugin. It worked with other apps as well, including Tasker and GPSLogger, but of the dozen people that were testing it, most used OwnTracks.
A lot was learned in the process, not the least of which is that the success of any such solution is highly dependent on the phone and its settings. Phone manufacturers love to set things up for the longest battery life, of course, but that's usually very anti-geofencing behavior. In the case of at least one brand, it was unusable and the settings could not be modified. It was also cost-prohibitive to maintain on Amazon, as AWS grabs a dime here and a dollar there and before you know it, it added $100/month to my AWS bill, which my wife deducted from my Scotch budget. Unacceptable.
But it's quite reasonable to use OwnTracks to a local endpoint, and I could pretty easily replicate the functionality as a local application, or maybe even as an additional endpoint built into MSR's API (still separate port and process, but in the package).
So the question really is... would you do it, or would you be too concerned about the security risks associated (e.g., dynamic DNS and NAT mapping in the firewall necessary for the phone to contact the service when not on LAN)?
UNSOLVED Lua - Code to encrypt / decrypt with AES 128 CBC
-
Hi
I’m looking to rework some code I found online so I can use it on Vera, and while I’ve managed to translate / convert a number of things, I’ve got stuck on a few things it does, around encryption/decryption etc.
All the original Lua code is here - > (https://forum.logicmachine.net/showthread.php?tid=232&pid=16580#pid16580 )
Plus there looks to be a python version too here - > (https://github.com/florianholzapfel/panasonic-viera/issues/9#issuecomment-476919658)
Here’s an extract of the code where AES 128 CBC is required?
function encrypt_soap_payload(data, key, hmac_key, iv) payload = '000000000000' n = #data payload = payload .. string.char(bit.band(bit.rshift(n, 24), 0xFF)) payload = payload .. string.char(bit.band(bit.rshift(n, 16), 0xFF)) payload = payload .. string.char(bit.band(bit.rshift(n, 8), 0xFF)) payload = payload .. string.char(bit.band(n, 0xFF)) payload = payload .. data aes_cbc, err = aes:new(key, nil, aes.cipher(128, 'cbc'), { iv = iv }, nil, 1) ciphertext = aes_cbc:encrypt(payload) sig = encdec.hmacsha256(ciphertext, hmac_key, true) encrypted_payload = encdec.base64enc(ciphertext .. sig) return encrypted_payload end function decrypt_soap_payload(data, key, hmac_key, iv) aes_cbc, err = aes:new(key, nil, aes.cipher(128, 'cbc'), { iv = iv }, nil, 0) decrypted = aes_cbc:decrypt(encdec.base64dec(data)) decrypted = string.gsub(string.sub(lmcore.strtohex(decrypted), 33), '%x%x', function(value) return string.char(tonumber(value, 16)) end) return decrypted end
I can get to the point where I can create the parameters for the payload encrypt request (example below), it’s just the encryption/decryption I cant do..
data="1234" key="\\S„ßÍ}/Ìa5!" hmac_key="¹jz¹2¸F\r}òcžÎ„ 臧.ª˜¹=¤µæŸ" iv=" {¬£áæ‚2žâ3ÐÞË€ú "
I’ve found this aes.lua (https://github.com/openresty/lua-resty-string/blob/master/lib/resty/aes.lua ) module online, but that requires loads of others modules too, most notably ffi.lua. Which I’d ideally like to avoid.
I also came across this aes128.lua (https://github.com/somesocks/lua-lockbox/blob/master/lockbox/cipher/aes128.lua ) but i’m not sure how that handles all the other parameters e.g specify the cbc aspect etc.
Finally there’s this aes256ecb.lua script (https://github.com/idiomic/Lua_AES/blob/master/AES.lua) , could that be converted to aes 128 cbc and then used in the above?
Any help/advice on this would be appreciated..
-
I can see on Vera, that it has openssl installed, is that an option ?
root@MiOS_ 12345678:~# openssl version OpenSSL 1.0.2l 25 May 2017
root@MiOS_ 12345678:~# openssl ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:PSK-AES128-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA
There seems a number of related posts online - where similar attempts have been made e.g. https://stackoverflow.com/questions/65918428/how-to-provide-string-iv-and-key-to-openssl-decrypt-command
Never having done anything like this before, looking for some support/guidance from anyone who understands all this cipher/encryption stuff much more than I
-
Absolutely OpenSSL is the way to go, rather than trying to implement the encryption in Lua. You can use
os.execute()
orio.popen()
to run the command and capture the output. You're probably looking at some variant of:openssl aes-128-cbc -e -a -K hex-key -iv hex-iv [-in xxx]
-
Thanks @toggledbits
I’ve been playing around with OpenSSL a little this morning, I’ve, not had much success so far., based on the source code, it looks like i need to encrypt the generated
payload
with the createdkey
andiv
using aes 128 cbc.. Does that sound right to you.. (Looking at OpenSSL guide, it seems pretty comprehensive and complex.- https://www.openssl.org/docs/man1.1.1/man1/openssl-enc.html)
Here’s my code so far, any thoughts/suggestions welcome..
local name = "openssl" local version = "version" local data="1234" local key="\\S„ßÍ}/Ìa4!" local hmac_key="¹jz¹2¸F\r}òcžÎ„ 臧.ª˜¹=¤µæŸ" local iv=" {¬£áæ‚2žâ3ÐÞË€ú " local payload = "0000000000001234" --local buildsslcommand1 = name .." "..version --local buildsslcommand2 = "openssl aes-128-cbc -e -a -K hex-"..key.." -iv hex-"..iv.."[-in xxx]" --local buildsslcommand3 = "openssl enc -aes-128-cbc -iv "..iv.." -k "..key.." | hexdump -C" local buildsslcommand = "openssl enc -aes-128-cbc -nosalt -e -a -A "..payload.." -K "..key.." -iv "..iv print("Command to send = " ..buildsslcommand) local file = assert(io.popen(buildsslcommand, 'r')) local output = file:read('*all') file:close() print(string.len(output)) --> just count what's returned. print(output) -- > Prints the output of the command.
-
Practice on the command line and don't worry about the Lua until you know how the command works and what you need to give it.
Your key and IV have to be hex, so that's your first challenge. The command will want to read stdin if you don't specify
-in <file>
; you can't put the payload on the command line directly. Plus it contains binary data, so that's a non-starter. So at a minimum you're going to be writing the payload to a temporary file and encrypting that with-in
. OpenSSL can write the encrypted output to stdout (it will if you don't specify-out <file>
), which is good because you can read that directly when usingio.popen()
, so that part's going to be OK. -
Thanks @toggledbits ,
To make the key and iv hex, could I use binascii.lua (https://github.com/tst2005/binascii/blob/master/binascii.lua) ?
—Converts a string of bytes to a hexadecimal string local function hexlify(s) local a = {} for i=1,#s do local c = s:sub(i,i) local byte = c:byte() a[#a+1] = ('%02X'):format(byte) end return table.concat(a) end
As for the OpenSSL command line structure, I’ve come across a number of different examples online - this one seems to relate to what you’re suggesting (I’d just need to change it to 128, rather than 256)
openssl enc -aes-256-cbc -nosalt -e -a -A -in input.dat -K '7c07f68ea8494b2f8b9fea297119350d78708afa69c1c76' -iv 'FEDCBA987654321' -out input-test.enc
QQ : You mentioned that I’m going to need to write the payload to a temp file and encrypt it with
-in
?How does
-in
do any encryption?In the OpenSSL manual it just says the following about -in and -out
-in filename The input filename, standard input by default. -out filename The output filename, standard output by default.
-
@parkerc said in Lua - Code to encrypt / decrypt with AES 128 CBC:
QQ : You mentioned that I’m going to need to write the payload to a temp file and encrypt it with -in?
You need to use
-in
on the encryption command to tell it to read from a file. You didn't have-in
in your previous example, you just put the payload on the command line, and that doesn't work.The hex conversion doesn't need two steps for the byte conversion and math for target array position:
-- Converts a string of bytes to a hexadecimal string local function hexlify(s) local a = {} for i=1,#s do a[i] = ('%02X'):format( s:byte( i ) ) end return table.concat(a) end
-
Ok, not sure how far I’ve progressed with this, but hopefully I’m getting somewhere ??
Here are the values created earlier..
local key= "\\S„ßÍ}/Ìa4!" local iv = "{¬£áæ‚2žâ3ÐÞË€ú" local payload = "0000000000001234"
I’ve put the payload value into a file..
local file = "etc/payload.txt" local outf = io.open(file, "w") outf:write(payload) outf:close()
Then created Hex values of the key and iv
local function hexlify(s) local a = {} for i=1,#s do a[i] = ('%02X'):format( s:byte( i ) ) end return table.concat(a) end print(hexlify(key)) print(hexlify(iv))
keyHEX = "5C53E2809EC39FC38D7D191E2FC38C1D61057F3421"
ivHEX = "7BC2ACC2A3C3A1C3A6E2809A32C5BEC3A233C390C39EC38BE282ACC3BA"Then I’ve taken those new hex values and accessed the command line of vera to run the following openssl command I created…
openssl enc -aes-128-cbc -nosalt -e -a -A -in etc/payload.txt -K '5C53E2809EC39FC38D7D191E2FC38C1D61057F3421' -iv '7BC2ACC2A3C3A1C3A6E2809A32C5BEC3A233C390C39EC38BE282ACC3BA' -out etc/payload2.txt
The above resulted in etc/payload2.txt being created, however it's empty and the command line returns the following messages.
hex string is too long
invalid hex iv valueOther than checking how the initial key and I’ve values are created again, is there anything else I need to look into/check ?
-
Those initial values for key and IV being binary data in strings could be a problem. Your editor may be wrecking them because it thinks they are Unicode, or they've already been wrecked along the way by other means. Both are supposed to be 16 bytes, and you've got 29 for IV and 21 for the key, so something has definitely gone wrong, and Unicode/UTF-8 encoding and decoding in the file handling is a prime suspect.
Fortunately, the IV doesn't really matter, I think. You could just use the first 16 bytes of the payload for testing. But it's supposed to be a 16-byte (128 bit) nonce, used only one time with the key (so if you encrypt something else with the same key, you should use a different IV). Maybe just generate 16 random bytes and call it good, but make sure to seed the random number generator, otherwise it generates the same 16 "random" numbers after every restart (that's a feature, actually, but you have to remember to seed in production to get away from it).
And really, probably the key doesn't matter either. You need both the key and IV to encrypt and decrypt, so it's not like you are dealing with a known key from another system like a remote API (unless they are doing this all wrong and using the same key and IV for every payload--that would be an... error). Pick 16 bytes and go to town!
patrick@drupal:/tmp$ echo "I am a secret message." > in.txt patrick@drupal:/tmp$ cat in.txt I am a secret message. # Encrypt patrick@drupal:/tmp$ openssl aes-128-cbc -e -a -in in.txt -K '9988227744aaff003388ffccee1188ff' -iv '112233445566778899aabbccddeeff00' -out out.txt patrick@drupal:/tmp$ cat out.txt MQi9QVm1/R3dvZncbX0nQeRqlf0+2oFcMuW/vp0FQ2Q= # Now decrypt patrick@drupal:/tmp$ openssl aes-128-cbc -d -a -in out.txt -K '9988227744aaff003388ffccee1188ff' -iv '112233445566778899aabbccddeeff00' I am a secret message.
-
Thanks @toggledbits
I think you’re right about the Lua/Luup editor wrecking the format of the values being generated, plus I’m perhaps not helping matters by working on various parts of the overall code separately ; so I have been copying things over.
FYI - You can see how the generated values are stored/presented differently (one image is via a print screen using LuaView and the other is writing them as new variables into Vera)
I’m going to try and do as much as I can using the Vera written values, as ultimately that’s where my target for where this code will need to eventually run..
-
OK, yeah, so big problem, you cannot store binary data in state variables. That is going to fail, 100%. State variables are character strings, and assumed to contain character data, and when they are stored, they are put through UTF-8 encoding and decoding. Your binary data is going to look like Unicode characters to the innards of Luup throwing this stuff around, and anything that isn't a valid codepoint is going to get changed to something else (and boom, data corrupted), while converting it to JSON to store on flash and back, etc.
Store everything in hex or base64.
-
What would I do without you
Ok, so I can still write to a device variable in Vera, I’d just need to encode it first , in either one of those two options. e.g like this if base64?
local function base64_encode(data) local b='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/' return ((data:gsub('.', function(x) local r,b='',x:byte() for i=8,1,-1 do r=r..(b%2^i-b%2^(i-1)>0 and '1' or '0') end return r; end)..'0000'):gsub('%d%d%d?%d?%d?%d?', function(x) if (#x < 6) then return '' end local c=0 for i=1,6 do c=c+(x:sub(i,i)=='1' and 2^(6-i) or 0) end return b:sub(c+1,c+1) end)..({ '', '==', '=' })[#data%3+1]) end local key = string.char(unpack(key_vals)) - - local keyEnc = base64_encode(key) luup.variable_set("urn:nodecentral-net:serviceId:NodeCentral1","key",keyEnc, 1187)
-
It's easier than that in Luup...
local mime = require("mime") local encoded = mime.b64( "Hello world!" ); local decoded = mime.unb64( encoded ); luup.log( decoded, 2 )
-
Awesome, thanks - I often forget what’s already there in luup.. !
Also am I right in saying that i only need to enc/dec in hex or base64 if I’m planning to store (read/write) those values/variables, if I can keep them ‘active; and flowing within the code itself (in memory) then, I’m ok ?
-
Yes, in memory is fine. So for example, you may generate IV from random numbers byte by byte, put it through
b64
orhex
before storing it on a state variable. Foropenssl
, you'll be giving key and IV in hex, so that seems a sensible way to keep it. Once it's converted to hex, you'll never need to reverse that, since it can be stored in a state variable as hex, and can be handed directly toopenssl
as hex. -
This time round, I seem to have generated some new hex values this time, which I’ve used in a io.popen openssl command, feels a bit better, but sadly not quite yet right (yet).. FYI
openssl enc -aes-128-cbc -nosalt -e -a -A -in etc/payload.txt -K 'enNIQi9wNmYxd1RDUXMvNHJhdHNGZz09' -iv 'B6B1919A88C696AE87A692B1BBADCE9B' -out etc/payload2.txt non-hex digit invalid hex key value
-
Well the key you show is definitely not hex, because 16 bytes of hex should be 32 characters long with only 0-9, A-F. Looks like you have base64 for the key, not hex.
-
Progress at last ! well I’ve at least got the key and iv in the correct hex format for the OpenSSL aes cbc encryption command to work.🥳
Which leads me on to the next part, where the output of the above is referred to as the ciphertext;, of which I now need to do the following with..
ciphertext = MyopensslAEScbcCall() sig = encdec.hmacsha256(ciphertext, hmac_key, true) encrypted_payload = encdec.base64enc(ciphertext .. sig) return encrypted_payload
hmacsha256
seems to be next, and it might also be something I could do with OpenSSL too ? -> https://unix.stackexchange.com/questions/610039/how-to-do-hmacsha256-using-openssl-from-terminal ?I also found this too - https://github.com/jqqqi/Lua-HMAC-SHA256/blob/master/sha256.lua
@toggledbits any suggestions/recommendations on what to do with this next part ?
-
I would stick with OpenSSL. You just need to assemble the correct bits (HMAC key and ciphertext) to send to the hash function, compute the hash, then append the hash to the ciphertext. The trick here will be that you currently have the AES encyption outputting its result base64-encoded... you can't append the signature to that. You need the ciphertext output in binary for that, so you need to remove the
-a
(and-A
) to let the output be binary. Then you can put that into the hash. And then you can take the (binary) hash output and append that to the binary ciphertext, and then you base64 encode the assembled result at the very end. The whole thing takes a few steps. I would recommend writing a shell script to do all the steps, and just have Lua run the shell script. You can then more easily develop and test the steps (because they are all in the shell script and runnable from the command line). -
Thanks @toggledbits - I struggle enough with Lua, so i admire your optimism in thinking I could create a shell script too
I must admit, I can’t help but feel like I’m making this more complicated that it needs to be, especially as there are working Lua and Python scripts already out there, which seem to be doing everything natively (although I do admit much of this thread is trying to plug holes in Vera
)
With that said, the following might help you understand the bigger picture of what I’m trying to replicate, and maybe help me more, as I found some related posts, the first one which uses python e.g. https://github.com/florianholzapfel/panasonic-viera/issues/9 - and I’ve extracted the related HMAC part below.
… # Let's encrypt it with AES-CBC! We need to make sure we pad it to a multiple of 16 bytes beforehand aes = AES.new(key, AES.MODE_CBC, iv) ciphertext = aes.encrypt(pad(payload)) # Calculate the HMAC-SHA-256 signature of our encrypted payload sig = hmac.new(hmac_key, ciphertext, hashlib.sha256).digest() # Concatenate the HMAC signature to the encrypted payload and base64 encode it, and we're done! encrypted_payload = base64.b64encode(ciphertext + sig)
Plus there’s this pure Lua version called Haslib -> https://github.com/howmanysmall/Rewrites/blob/master/src/HashLib.lua - which looks like it might be promising to add to Vera as a module ?
USAGE: Input data should be a string Result (SHA digest) is returned in hexadecimal representation as a string of lowercase hex digits. Simplest usage example: local HashLib = require(script.HashLib) local your_hash = HashLib.sha256("your string")
Looking at the functions within the latter HashLib.lua file, it has one called
local function hmac(hash_func, key, message)
which makes me wonder could i use that and do the following.. ?local HashLib = require(script.HashLib) local mySig = HashLib.hmac(sha256, ciphertext, hmac_key)