This Community site is new! Please help us build a community around the JNIOR.
Sign up, and help share your knowledge. Please sign-up even if you do not plan to post as a sign of support.
If there is evidence of a demand we will continue to develop the content here.

Beacon Security Enhancements

The Series 4 is the replacement for the popular series 3 JNIOR. Its cool, stylish and affordable. Get yours today!
Post Reply
kmcloutier
Posts: 31
Joined: Tue Sep 12, 2017 7:26 am

Beacon Security Enhancements

Post by kmcloutier » Tue Jan 30, 2018 3:00 pm

In JANOS 1.6.3 there are new security measures to harden the Beacon protocol. This has been an issue since its inception. Any action that commands or configures the JNIOR will require credentials to be supplied. Those credentials along with a valid NONCE will be evaluated by JANOS to determine if the action or configuration attempt will be allowed.

The NONCE will be supplied at the end of the ALL_INFO packet. To get a valid NONCE an ALL_INFO packet will need to be requested shortly before the NONCE will be used. In the Support Tool, for example, when someone wants to save the configuration we will request the ALL_INFO packet when displaying the new login dialog. Then when the user clicks OK with the new credentials we will have received the NONCE. The nonce is then used along with the credentials to provide the new authentication.

Here is code from the Support Tool that adds the code to extract the NONCE from the ALL_INFO packet if it exists.
        private void ParseAllInfo(ref JniorInfo jnrInfo, BinaryReader br)
        {
            jnrInfo.Gateway = ReadString(br);
            jnrInfo.PrimaryDns = ReadString(br);
            jnrInfo.SecondaryDns = ReadString(br);
            jnrInfo.DNSTimeout = IPAddress.NetworkToHostOrder(br.ReadInt32());
            jnrInfo.DHCPServer = ReadString(br);
            jnrInfo.DomainName = ReadString(br);
            if ("n/a".Equals(jnrInfo.DomainName))
                jnrInfo.DomainName = "";

            //stringLength = IPAddress.NetworkToHostOrder(br.ReadInt16());
            jnrInfo.Timezone = ReadString(br); // ASCIIEncoding.ASCII.GetString(br.ReadBytes(stringLength));

            jnrInfo.DHCPEnabled = (br.ReadByte() == 1);

            // if there is more information then the nonce is provided
            if (br.BaseStream.Position < br.BaseStream.Length)
            {
                jnrInfo.Nonce = ReadString(br);
            }
        }
I am a Senior Software Programmer at INTEG. You have questions and I have answers.

Post Reply