Developer

 View Only
last person joined: 2 days ago 

Back to discussions
Expand all | Collapse all

Enter wpa-passphrase via a backup.cfg

This thread has been viewed 4 times

  • 1.  Enter wpa-passphrase via a backup.cfg

    Posted Sep 01, 2020 04:37 PM

    I'm trying to make a small utility that allow to configure an 303 AP (Running ArubaOS 8.6.0) by creating a backup.cfg that when restored, will set all the parameters for different SSID.

     

    This SSID is dependant on the serial number, so the idea is to ask for the serial number, and let the utility generate the cfg file that I will download in the SetMeUp network, and will make all the settings of the network correctly.

     

    The problem is that backup.cfg does something that I really dont understand. If I change the PSK, the wpa-passphrase line change, (which is something I expected) but if I try to change it back to the original passphrase, the wpa-passphrase changes again to a different value.

     

    It seems that there is something I dont really understand correctly.

     

    pass-phrase: Go4Service

     

    wpa-passphrase e931d652d842f952e28be2ccd9b06710cc62d9f90793b297

     

    wpa-passphrase fb7436938124e8eee7f814bdb35c5dc1f3cbd3a1fddd6be7

     

    When I enter the command via ssh (via config|wlan ssid-profile <SSID>|wpa-passphrase Go4Service) I'm able to change the password in plain text, but in the backup.cfg file is stored as an hex chain, and I can't make a sense on how this value is calculated. (I tried to used pbkdf2 rules and doesnt return the same value)

     

    (I include both backup.cfg files with both the same passwords)

     

    Any guidance will be helpful

    Attachment(s)

    txt
    Go4Service.txt   2 KB 1 version
    txt
    Go4Service (otro).txt   2 KB 1 version


  • 2.  RE: Enter wpa-passphrase via a backup.cfg

    MVP GURU
    Posted Sep 02, 2020 02:17 AM

    Hi,

     

    How to you import backup.cfg ?

     

    Do you have look for use API ?



  • 3.  RE: Enter wpa-passphrase via a backup.cfg

    Posted Sep 02, 2020 04:55 AM

    The backup.cfg is imported by  Maintenance|Configuration|Restore.

     

    Didnt look much at the API, but after a few hours trying to get there I found a problem.

    I'm trying to access the API at:
    https://<ip>:4343/api (by browser)
    or
    https://<ip>:4343/v1/api/login (by curl command)

     

    and the response I get is the web monitoring interface... Doesn't seem that the API is enable in my 303AP.

    Is there anyway to enable it? or its simpy not there?



  • 4.  RE: Enter wpa-passphrase via a backup.cfg

    MVP GURU
    Posted Sep 02, 2020 05:39 AM

    Hi,

     

    You need to enable API Rest on the IAP and after you need to connect

     

    Look the API Ref doc => https://support.arubanetworks.com/DesktopModules/Bring2mind/DMX/Download.aspx?TabId=76&DMXModule=514&Command=Core_Download&EntryId=37003&PortalId=0

     

    You can look PowerArubaIAP module (but there is not yet support of create a SSID, only on a experimental branch...)



  • 5.  RE: Enter wpa-passphrase via a backup.cfg

    EMPLOYEE
    Posted Sep 02, 2020 03:33 AM

    That hex value is a reversible encryption of your passphrase and might be dependent on the virtual controller key and salted (add a random value in the encryption to prevent the same password have the same output as that would help to determine if you see the same encrypted/hashed password on different places you know it has to be the same password), but I don't have details nor have seen details on that.

     

    If you run a 'show configuration no-encrypt' on the AP you can see what is behind the hex code, and use that in your scripts. I have not found a way to input a hex value in the configuration, which may be what you see when you enter the hex value that will be seen as the plain text pass-phrase and converted into a new encoded hex string.

     

    In case you can work with plain-text passwords, I think that is your best approach.