Hello,
I am trying to achieve this here (Python) with Xojo:
def calculate_pbkdf2_response(challenge: str, password: str) -> str: """ Calculate the response for a given challenge via PBKDF2 """ challenge_parts = challenge.split("$")
# Extract all necessary values encoded into the challenge
iter1 = int(challenge_parts[1])
salt1 = bytes.fromhex(challenge_parts[2]) iter2 = int(challenge_parts[3])
salt2 = bytes.fromhex(challenge_parts[4])
# Hash twice, once with static salt...
hash1 = hashlib.pbkdf2_hmac("sha256", password.encode(), salt1, iter1) # Once with dynamic salt.
hash2 = hashlib.pbkdf2_hmac("sha256", hash1, salt2, iter2)
return f"{challenge_parts[4]}${hash2.hex()}"
This is what I achieved until now, which is unfortunately not working:
Var result As String = challenge_data.Item(0).Value
Var result_arr() As String = result.Split("$")
var salt1 As MemoryBlock = result_arr(2)
var salt2 As MemoryBlock = result_arr(4)
Var hash As MemoryBlock = Crypto.PBKDF2(salt1, PasswordField.Text.DefineEncoding(Encodings.UTF8), Integer.FromString(result_arr(1)), 32, Crypto.HashAlgorithms.SHA256)
Var doublehash As String = Crypto.PBKDF2(salt2, hash, Integer.FromString(result_arr(3)), 32, Crypto.HashAlgorithms.SHA256)
Var ready As String = result_arr(4).Uppercase + "$" + EncodeHex(doublehash)
MessageBox(ready)
Var url2 As String = "https://" + FritzBoxIPField.Text + "/login_sid.lua?version=2"
Var postData As String = "&username=&response=" + ready
auth_connect.SetRequestContent(postData, "application/x-www-form-urlencoded")
auth_connect.Send("POST", url2)
Fetching and sending GET/POST requests works fine! I just don’t get a session id from my router back.