ONVIF #PasswordDigest的公式是什么 [英] what's the formula of ONVIF #PasswordDigest

问题描述

我正在处理发送"GetDeviceInformation"的ONVIF.这是wsse:UsernameToken所必需的. 搜索数据以获取权限后，有两个公式:

I'm working on ONVIF of send "GetDeviceInformation". That's required wsse:UsernameToken. After searching data for authority, there are two faormula:

(1)，由"ONVIF-Core-Specification-v241.pdf"，"5.12.2.1密码派生"

(1) by "ONVIF-Core-Specification-v241.pdf", "5.12.2.1 Password derivation"

PE_UA = base64(HMAC_SHA-1(UA+P_UA,NEP+"ONVIF password"))

(2)通过WEB协议的肥皂

(2) by soap of WEB protocol

Digest = B64ENCODE( SHA1( B64DECODE( Nonce ) + Date + Password ) )

我很困惑！哪一个是正确的?

I am confused!!which one is correct?

此外，当我通过Wireshark测试ONVIF测试工具时

Moreover, when i test ONVIF test tool by wireshark

我得到的XML:

<wsse:UsernameToken>
<wsse:Username>admin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">lu9ywjDwSt8oW7M4tMjCb50/xRg=</wsse:Password>
<wsse:Nonce>TgBYFHxSc3Oo8yPzwnQn8A==</wsse:Nonce>
<wsu:Created>2014-06-20T04:41:45Z</wsu:Created>
</wsse:UsernameToken>

好的，那么我尝试通过这些数据找出公式.

ok, then I've try to figure out the formula by those data.

a>用户名:管理员"

b>密码:通过" (无熵)

c>随机数:"TgBYFHxSc3Oo8yPzwnQn8A =="

d>创建了:"2014-06-20T04:41:45Z"

以某种方式获得最终密码:" lu9ywjDwSt8oW7M4tMjCb50/xRg = "

somehow to get the final password: "lu9ywjDwSt8oW7M4tMjCb50/xRg="

Base64可能会转换"nonce"，因此原始名称应为"4E0058147C527373A8F323F3C27427F0"

the "nonce" may converted by Base64 so the original should be"4E0058147C527373A8F323F3C27427F0"

我尝试使用

base64(SHA1("TgBYFHxSc3Oo8yPzwnQn8A==2014-06-12T04:03:45Zpass"))

或

base64(SHA1("4E0058147C527373A8F323F3C27427F0==2014-06-12T04:03:45Zpass"))

但是我仍然无法通过测试工具获得密码为"lu9ywjDwSt8oW7M4tMjCb50/xRg ="

but I still can't get the password send by Test tool as "lu9ywjDwSt8oW7M4tMjCb50/xRg="

任何人都可以帮助我找出ONVIF测试工具使用的确切公式吗?

any one could help me to figure out what the exact formula used by ONVIF test tool?

需要您的帮助！！！谢谢！

Do need your help!!! thanks!!

推荐答案

最后，设备将OK发送给我！

finally, the device send OK to me!

参考gSoap之后

首先，公式为:

Digest = B64ENCODE( SHA1( B64DECODE( Nonce ) + Date + Password ) )

对于Nonce，它应该是20个字节的随机数字"值，例如:

for the Nonce, it should be 20 bytes random "numeric" value as:

char caNonceTest[20]={0x9E,0xBD,0xBB,0x53,0x7C,0x96,0xB4,0xC1,0xCE,0xEB,
                      0xFB,0x06,0x17,0x31,0x41,0x4E,0x5B,0x68,0x86,0x93};

它可以通过任何方法生成(事件可以生成)

it could be generated by any method (event could be make it)

在获得 caNonceTest 后，像上面一样，字符串应看起来像艋|蹉鋿1AN [h?昍昍昍昍"

after getting, caNonceTest, like above, the string should be looked like "艋|蹉鋿1AN[h?昍昍昍昍"

对于XML发送到设备，base64应该类似于"nr27U3yWtMHO6/gGFzFBTltohpPMzMzMzMzMzMzBQ ="

and for XML send to device, the base64 should be like "nr27U3yWtMHO6/gGFzFBTltohpPMzMzMzMzMzBQ="

这是正确打孔的关键！ (不是ASCII字符串！) 此外，只需将sha-1函数的功能与 caNonceTest 的功能完全相同(无需转换为Base64)

this is the key point of correct foramte! (not ASCII string!) Moreover, just feed to sha-1 function as the exactly as the caNonceTest (no need to convert to Base64)

对于创建的用户名和密码，只需将其作为字符串格式(例如"2014-07-08T09:26:13Z"和通过")输入到sha-1

for the created and password, just feed to sha-1 as string format (ex. "2014-07-08T09:26:13Z" and "pass")

那么，世界和平！

这篇关于ONVIF #PasswordDigest的公式是什么的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！