Before commenting read Forum rules
Don't comment the topic if you have a new question.
You can create a new topic selecting correct category from Gurux Forum and then create a new topic selecting "New Topic" from the top left.
Before commenting read Forum rules
Don't comment the topic if you have a new question.
You can create a new topic selecting correct category from Gurux Forum and then create a new topic selecting "New Topic" from the top left.
Hi,
We are trying to connect to an Iskra AM550 meter with HighGMAC authentication, but are having connection issues.
When connecting we catch the following exception: "Gurux.DLMS.GXDLMSException : Connection is permanently rejected. No reason is given.".
This is our code for creating the Gurux client:
gxdlmsClient = new GXDLMSSecureClient(true, 0x01, 0x01, Authentication.HighGMAC, authenticationSettings.UniqueSecret, InterfaceType.WRAPPER)
{
ProposedConformance = Conformance.Action |
Conformance.EventNotification |
Conformance.SelectiveAccess | Conformance.Set |
Conformance.Get | Conformance.InformationReport |
Conformance.MultipleReferences |
Conformance.BlockTransferWithAction |
Conformance.BlockTransferWithSetOrWrite |
Conformance.BlockTransferWithGetOrRead,
MaxReceivePDUSize = 0x00C8,
Password = authenticationSettings.UniqueSecret.ToByteArray()
};
((GXDLMSSecureClient)gxdlmsClient).Ciphering.SystemTitle = authenticationSettings.SystemTitle.ToByteArray();
((GXDLMSSecureClient)gxdlmsClient).Ciphering.Security = Security.AuthenticationEncryption;
((GXDLMSSecureClient)gxdlmsClient).Ciphering.AuthenticationKey = authenticationSettings.AuthenticationKey.ToByteArray();
((GXDLMSSecureClient)gxdlmsClient).Ciphering.BlockCipherKey = authenticationSettings.UnicastKey.ToByteArray();
The following bytes are sent:
char peer0_2[] = { /* Packet 101368 */
0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x5f,
0x60, 0x5d, 0xa1, 0x09, 0x06, 0x07, 0x60, 0x85,
0x74, 0x05, 0x08, 0x01, 0x03, 0xa6, 0x0a, 0x04,
0x08, 0x27, 0x09, 0x67, 0x01, 0x02, 0x03, 0x04,
0x05, 0x8a, 0x02, 0x07, 0x80, 0x8b, 0x07, 0x60,
0x85, 0x74, 0x05, 0x08, 0x02, 0x05, 0xac, 0x12,
0x80, 0x10, 0x52, 0x34, 0x4a, 0x42, 0x6d, 0x34,
0x15, 0x0a, 0x48, 0x1f, 0x2c, 0x37, 0x67, 0x58,
0x04, 0x08, 0xbe, 0x23, 0x04, 0x21, 0x21, 0x1f,
0x30, 0x00, 0x00, 0x00, 0x00, 0x53, 0xea, 0xfb,
0xee, 0x83, 0x24, 0xcb, 0x46, 0x03, 0x79, 0x0b,
0x09, 0xb7, 0x3d, 0x68, 0xed, 0xb8, 0xc5, 0xa0,
0xfd, 0x64, 0x22, 0xa6, 0x38, 0xaf, 0xd8 };
And the following bytes are received:
char peer1_2[] = { /* Packet 101503 */
0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x56,
0x61, 0x54, 0xa1, 0x09, 0x06, 0x07, 0x60, 0x85,
0x74, 0x05, 0x08, 0x01, 0x03, 0xa2, 0x03, 0x02,
0x01, 0x01, 0xa3, 0x05, 0xa1, 0x03, 0x02, 0x01,
0x01, 0xa4, 0x0a, 0x04, 0x08, 0x49, 0x53, 0x4b,
0x67, 0x71, 0x33, 0xc8, 0x33, 0x88, 0x02, 0x07,
0x80, 0x89, 0x07, 0x60, 0x85, 0x74, 0x05, 0x08,
0x02, 0x05, 0xaa, 0x22, 0x80, 0x20, 0x39, 0x54,
0x64, 0x55, 0x68, 0x35, 0x31, 0x73, 0x32, 0x73,
0x49, 0x54, 0x52, 0x61, 0x4d, 0x4b, 0x48, 0x2b,
0x77, 0x77, 0x56, 0x59, 0x33, 0x61, 0x68, 0x66,
0x55, 0x68, 0x6f, 0x52, 0x44, 0x5a };
If you could provide any help with this it would be greatly appreciated!
Thanks
/Andreas
Connection to Iskra AM550 using HighGMAC authentication
Hi,
First, ask meter manufacturer is there new firmware for the meter. Ciphered data is wrong.
Then change this
((GXDLMSSecureClient)gxdlmsClient).Ciphering.Security = Security.AuthenticationEncryption;
to
((GXDLMSSecureClient)gxdlmsClient).Ciphering.Security = Security.Authentication;
Try to read meter again and let me know what happened.
BR,
Mikko
We changed the
We changed the AuthenticationEncryption to only Authentication. We then get the following error:
"Connection is permanently rejected. The application context name is not supported."
Sent:
0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x5f,
0x60, 0x5d, 0xa1, 0x09, 0x06, 0x07, 0x60, 0x85,
0x74, 0x05, 0x08, 0x01, 0x03, 0xa6, 0x0a, 0x04,
0x08, 0x27, 0x09, 0x67, 0x01, 0x02, 0x03, 0x04,
0x05, 0x8a, 0x02, 0x07, 0x80, 0x8b, 0x07, 0x60,
0x85, 0x74, 0x05, 0x08, 0x02, 0x05, 0xac, 0x12,
0x80, 0x10, 0x35, 0x53, 0x00, 0x47, 0x44, 0x66,
0x1e, 0x16, 0x0d, 0x0d, 0x0a, 0x32, 0x74, 0x71,
0x6d, 0x55, 0xbe, 0x23, 0x04, 0x21, 0x21, 0x1f,
0x10, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00, 0x06, 0x5f, 0x1f, 0x04, 0x00, 0x00, 0x1f,
0x1f, 0x00, 0xc8, 0x23, 0x21, 0xc4, 0xd7, 0x59,
0x6b, 0xa7, 0xb8, 0x10, 0x93, 0x72, 0x45 };
Received
0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x5e,
0x61, 0x5c, 0xa1, 0x09, 0x06, 0x07, 0x60, 0x85,
0x74, 0x05, 0x08, 0x01, 0x03, 0xa2, 0x03, 0x02,
0x01, 0x01, 0xa3, 0x05, 0xa2, 0x03, 0x02, 0x01,
0x02, 0xa4, 0x0a, 0x04, 0x08, 0x49, 0x53, 0x4b,
0x67, 0x71, 0x33, 0xc8, 0x33, 0x88, 0x02, 0x07,
0x80, 0x89, 0x07, 0x60, 0x85, 0x74, 0x05, 0x08,
0x02, 0x05, 0xaa, 0x22, 0x80, 0x20, 0x50, 0x2f,
0x54, 0x51, 0x78, 0x6e, 0x69, 0x69, 0x4b, 0x59,
0x5a, 0x56, 0x6a, 0x48, 0x4a, 0x37, 0x2b, 0x66,
0x37, 0x35, 0x6f, 0x55, 0x4b, 0x68, 0x58, 0x58,
0x6c, 0x34, 0x61, 0x47, 0x64, 0x38, 0xbe, 0x06,
0x04, 0x04, 0x0e, 0x01, 0x03, 0x02 };
Regards
Andreas
Connection to Iskra AM550 using HighGMAC authentication
Hi,
At the moment you are using High authentication, but you are also ciphering (encrypt) the data.
Are you sure that meter supports ciphering? Try to change security to None if you don't want to encrypt the data.
((GXDLMSSecureClient)gxdlmsClient).Ciphering.Security = Security.None;
BR,
Mikko
Hi
Hi
We can communicate with the meter with the program MeterView. The security seems to be set to AuthenticationEncryption there. This is the bytes that are sent and received when we read the time with MeterView:
char peer0_0[] = {
0x00, 0x01, 0x00, 0x10, 0x00, 0x01, 0x00, 0x1f,
0x60, 0x1d, 0xa1, 0x09, 0x06, 0x07, 0x60, 0x85,
0x74, 0x05, 0x08, 0x01, 0x01, 0xbe, 0x10, 0x04,
0x0e, 0x01, 0x00, 0x00, 0x00, 0x06, 0x5f, 0x1f,
0x04, 0x00, 0x00, 0x7e, 0x1f, 0xff, 0xff };
char peer1_0[] = {
0x00, 0x01, 0x00, 0x01, 0x00, 0x10, 0x00, 0x2b,
0x61, 0x29, 0xa1, 0x09, 0x06, 0x07, 0x60, 0x85,
0x74, 0x05, 0x08, 0x01, 0x01, 0xa2, 0x03, 0x02,
0x01, 0x00, 0xa3, 0x05, 0xa1, 0x03, 0x02, 0x01,
0x00, 0xbe, 0x10, 0x04, 0x0e, 0x08, 0x00, 0x06,
0x5f, 0x1f, 0x04, 0x00, 0x00, 0x7e, 0x1f, 0x04,
0xc8, 0x00, 0x07 };
char peer0_1[] = {
0x00, 0x01, 0x00, 0x10, 0x00, 0x01, 0x00, 0x0d,
0xc0, 0x01, 0x40, 0x00, 0x01, 0x00, 0x00, 0x2b,
0x01, 0x00, 0xff, 0x02, 0x00 };
char peer1_1[] = {
0x00, 0x01, 0x00, 0x01, 0x00, 0x10, 0x00, 0x09,
0xc4, 0x01, 0x40, 0x00, 0x06, 0x00, 0x00, 0x13,
0x31 };
char peer0_2[] = {
0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x5f,
0x60, 0x5d, 0xa1, 0x09, 0x06, 0x07, 0x60, 0x85,
0x74, 0x05, 0x08, 0x01, 0x03, 0xa6, 0x0a, 0x04,
0x08, 0x27, 0x09, 0x67, 0x01, 0x02, 0x03, 0x04,
0x05, 0x8a, 0x02, 0x07, 0x80, 0x8b, 0x07, 0x60,
0x85, 0x74, 0x05, 0x08, 0x02, 0x05, 0xac, 0x12,
0x80, 0x10, 0xd7, 0xc3, 0xfa, 0xf2, 0x79, 0xa8,
0xd3, 0xa3, 0xef, 0xf1, 0xce, 0x60, 0x1e, 0x8a,
0x66, 0x3f, 0xbe, 0x23, 0x04, 0x21, 0x21, 0x1f,
0x30, 0x00, 0x00, 0x13, 0x32, 0xc5, 0x16, 0x36,
0x64, 0xfa, 0x82, 0x72, 0xcc, 0x1b, 0xf6, 0x25,
0x26, 0xbf, 0x4b, 0x32, 0x68, 0xfc, 0xb6, 0xed,
0x9f, 0xe7, 0x41, 0xdf, 0xf7, 0x10, 0x42 };
char peer1_2[] = {
0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x7b,
0x61, 0x79, 0xa1, 0x09, 0x06, 0x07, 0x60, 0x85,
0x74, 0x05, 0x08, 0x01, 0x03, 0xa2, 0x03, 0x02,
0x01, 0x00, 0xa3, 0x05, 0xa1, 0x03, 0x02, 0x01,
0x0e, 0xa4, 0x0a, 0x04, 0x08, 0x49, 0x53, 0x4b,
0x67, 0x71, 0x33, 0xc8, 0x33, 0x88, 0x02, 0x07,
0x80, 0x89, 0x07, 0x60, 0x85, 0x74, 0x05, 0x08,
0x02, 0x05, 0xaa, 0x22, 0x80, 0x20, 0x47, 0x4d,
0x55, 0x5a, 0x58, 0x62, 0x6e, 0x31, 0x6c, 0x41,
0x5a, 0x76, 0x33, 0x74, 0x41, 0x4f, 0x37, 0x4f,
0x75, 0x65, 0x4a, 0x73, 0x4e, 0x4d, 0x78, 0x66,
0x4a, 0x65, 0x57, 0x69, 0x35, 0x35, 0xbe, 0x23,
0x04, 0x21, 0x28, 0x1f, 0x30, 0x00, 0x00, 0x13,
0x28, 0xb8, 0xdf, 0xc1, 0x8e, 0xd6, 0xce, 0xb2,
0x03, 0x9b, 0x54, 0xfb, 0xaa, 0xce, 0x4a, 0x51,
0xf0, 0xe1, 0x18, 0x10, 0x1f, 0x9e, 0xa6, 0x09,
0xf8, 0x99, 0x87 };
char peer0_3[] = {
0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x33,
0xcb, 0x31, 0x30, 0x00, 0x00, 0x13, 0x34, 0x62,
0xa9, 0x49, 0x73, 0x73, 0xc1, 0x38, 0xfe, 0x89,
0x6a, 0xeb, 0x20, 0xd5, 0x6c, 0x31, 0x37, 0x26,
0x47, 0xa6, 0x83, 0x0d, 0xbe, 0xb4, 0xcc, 0x7f,
0x25, 0xa2, 0xf3, 0x97, 0x46, 0xa3, 0x97, 0x5f,
0x2a, 0x19, 0x66, 0x4f, 0x2d, 0x85, 0x97, 0xec,
0xdd, 0x7b, 0x65 };
char peer1_3[] = {
0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x2c,
0xcf, 0x2a, 0x30, 0x00, 0x00, 0x13, 0x2a, 0x8e,
0xbe, 0x7b, 0x49, 0xdb, 0x8e, 0x55, 0xb1, 0x9d,
0x40, 0xf2, 0x57, 0x2b, 0xc0, 0x9c, 0xa5, 0x8d,
0xbd, 0x75, 0x65, 0xc7, 0x7a, 0xd7, 0xea, 0x24,
0xf5, 0x33, 0xf5, 0x8e, 0x85, 0xf8, 0x74, 0x04,
0x44, 0x6b, 0xe4, 0xde };
char peer0_4[] = {
0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x20,
0xc8, 0x1e, 0x30, 0x00, 0x00, 0x13, 0x35, 0x94,
0x2a, 0xef, 0xbc, 0x2f, 0xaf, 0x20, 0x61, 0xe6,
0x8a, 0x1e, 0x68, 0xf9, 0x79, 0x3c, 0xf7, 0x55,
0x0c, 0xd4, 0xc1, 0xb6, 0xfc, 0x58, 0x56, 0xc1 };
char peer1_4[] = {
0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x25,
0xcc, 0x23, 0x30, 0x00, 0x00, 0x13, 0x2b, 0x6d,
0xe9, 0x84, 0xe7, 0xfc, 0xf1, 0xc9, 0x6d, 0x1f,
0x7d, 0xf0, 0xc0, 0x66, 0x99, 0xd1, 0x73, 0x53,
0x4f, 0x0e, 0xd8, 0xe7, 0x03, 0x06, 0x77, 0x90,
0x7b, 0xc1, 0x2b, 0xa6, 0xf8 };
char peer0_5[] = {
0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x20,
0xc8, 0x1e, 0x30, 0x00, 0x00, 0x13, 0x36, 0xce,
0x65, 0x57, 0x2b, 0x5c, 0xb8, 0x24, 0x8d, 0x14,
0x1b, 0x80, 0x1c, 0xc1, 0x0e, 0x22, 0x1c, 0xbd,
0x08, 0xd5, 0xef, 0xfb, 0x55, 0xa8, 0x03, 0x00 };
char peer1_5[] = {
0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x25,
0xcc, 0x23, 0x30, 0x00, 0x00, 0x13, 0x2c, 0x85,
0xd0, 0x93, 0xd4, 0x4f, 0x7a, 0x89, 0x71, 0xf9,
0x53, 0xa0, 0x3c, 0x3b, 0x71, 0x94, 0x31, 0xc8,
0x0d, 0xe7, 0x5a, 0x55, 0xb7, 0xe7, 0xa9, 0x55,
0x3a, 0xdf, 0x09, 0x04, 0xb3 };
Maybe that can give you a clue to what we are doing wrong.
Regards
Helena
Connection to Iskra AM550 using HighGMAC authentication
Hi,
I check the data what you are sending. Data is encrypted. There are two difference.
Try to set this:
client.CtoSChallenge = GXDLMSTranslator.HexToBytes("52344A426D34150A481F2C3767580408");
If it fails then try to set
((GXDLMSSecureClient)gxdlmsClient).Ciphering.InvocationCounter = 0x1332;
BR,
Mikko
Hi
Hi
Unfortunately that didn´t help, still this error: Connection is permanently rejected. No reason is given.
char peer0_2[] = { /* Packet 2172 */
0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x5f,
0x60, 0x5d, 0xa1, 0x09, 0x06, 0x07, 0x60, 0x85,
0x74, 0x05, 0x08, 0x01, 0x03, 0xa6, 0x0a, 0x04,
0x08, 0x27, 0x09, 0x67, 0x01, 0x02, 0x03, 0x04,
0x05, 0x8a, 0x02, 0x07, 0x80, 0x8b, 0x07, 0x60,
0x85, 0x74, 0x05, 0x08, 0x02, 0x05, 0xac, 0x12,
0x80, 0x10, 0x52, 0x34, 0x4a, 0x42, 0x6d, 0x34,
0x15, 0x0a, 0x48, 0x1f, 0x2c, 0x37, 0x67, 0x58,
0x04, 0x08, 0xbe, 0x23, 0x04, 0x21, 0x21, 0x1f,
0x30, 0x00, 0x00, 0x13, 0x32, 0xc5, 0x16, 0x36,
0x64, 0xfa, 0x82, 0x72, 0xcc, 0x1b, 0xf6, 0x44,
0x26, 0x40, 0x7c, 0x8f, 0x46, 0xca, 0x51, 0x3c,
0xdd, 0xcc, 0x3e, 0x18, 0x9c, 0x02, 0x33 };
char peer1_2[] = { /* Packet 2264 */
0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x56,
0x61, 0x54, 0xa1, 0x09, 0x06, 0x07, 0x60, 0x85,
0x74, 0x05, 0x08, 0x01, 0x03, 0xa2, 0x03, 0x02,
0x01, 0x01, 0xa3, 0x05, 0xa1, 0x03, 0x02, 0x01,
0x01, 0xa4, 0x0a, 0x04, 0x08, 0x49, 0x53, 0x4b,
0x67, 0x71, 0x33, 0xc8, 0x33, 0x88, 0x02, 0x07,
0x80, 0x89, 0x07, 0x60, 0x85, 0x74, 0x05, 0x08,
0x02, 0x05, 0xaa, 0x22, 0x80, 0x20, 0x62, 0x39,
0x72, 0x41, 0x68, 0x57, 0x73, 0x30, 0x78, 0x71,
0x53, 0x4b, 0x43, 0x4b, 0x68, 0x71, 0x6f, 0x4a,
0x53, 0x4c, 0x78, 0x57, 0x38, 0x6b, 0x47, 0x6b,
0x35, 0x4f, 0x6d, 0x48, 0x4d, 0x39 };
Regards
Andreas
Connection to Iskra AM550 using HighGMAC authentication
Hi,
First check that Authentication key, System title and Block ciphering key as same than you are using in MeterView.
If you are sure that they are can you try with those values and send trace to me:
client.CtoSChallenge = GXDLMSTranslator.HexToBytes("D7C3FAF279A8D3A3EFF1CE601E8A663F");
((GXDLMSSecureClient)gxdlmsClient).Ciphering.InvocationCounter = 0x1332;
BR,
Mikko
Hi
Hi
Some minutes ago I was able to run a succeeded communication against one meter.
It happened only once, after that all communications fail again. We can see in the meters that there are some events of type "Replay attack". So maybe there are some kind of identifier or counter that we have to change...
I changed the challenge and this is the trace:
sent:
0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x5f,
0x60, 0x5d, 0xa1, 0x09, 0x06, 0x07, 0x60, 0x85,
0x74, 0x05, 0x08, 0x01, 0x03, 0xa6, 0x0a, 0x04,
0x08, 0x27, 0x09, 0x67, 0x01, 0x02, 0x03, 0x04,
0x05, 0x8a, 0x02, 0x07, 0x80, 0x8b, 0x07, 0x60,
0x85, 0x74, 0x05, 0x08, 0x02, 0x05, 0xac, 0x12,
0x80, 0x10, 0xd7, 0xc3, 0xfa, 0xf2, 0x79, 0xa8,
0xd3, 0xa3, 0xef, 0xf1, 0xce, 0x60, 0x1e, 0x8a,
0x66, 0x3f, 0xbe, 0x23, 0x04, 0x21, 0x21, 0x1f,
0x30, 0x00, 0x00, 0x13, 0x32, 0xc5, 0x16, 0x36,
0x64, 0xfa, 0x82, 0x72, 0xcc, 0x1b, 0xf6, 0x44,
0x26, 0x40, 0x7c, 0x8f, 0x46, 0xca, 0x51, 0x3c,
0xdd, 0xcc, 0x3e, 0x18, 0x9c, 0x02, 0x33 };
received:
0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x56,
0x61, 0x54, 0xa1, 0x09, 0x06, 0x07, 0x60, 0x85,
0x74, 0x05, 0x08, 0x01, 0x03, 0xa2, 0x03, 0x02,
0x01, 0x01, 0xa3, 0x05, 0xa1, 0x03, 0x02, 0x01,
0x01, 0xa4, 0x0a, 0x04, 0x08, 0x49, 0x53, 0x4b,
0x67, 0x71, 0x33, 0xc8, 0x33, 0x88, 0x02, 0x07,
0x80, 0x89, 0x07, 0x60, 0x85, 0x74, 0x05, 0x08,
0x02, 0x05, 0xaa, 0x22, 0x80, 0x20, 0x65, 0x59,
0x4a, 0x30, 0x76, 0x6d, 0x58, 0x6f, 0x43, 0x43,
0x51, 0x52, 0x30, 0x75, 0x61, 0x30, 0x31, 0x68,
0x41, 0x79, 0x49, 0x70, 0x2f, 0x4d, 0x53, 0x52,
0x46, 0x55, 0x30, 0x6b, 0x36, 0x61 };
Regards
Andreas
Hi
Hi
Just wanted to tell you what the Replay attack event is about:
Replay attack: Receive frame counter value less or equal to the last successfully received frame counter in the received APDU
Regards
Andreas
Connection to Iskra AM550 using HighGMAC authentication
Hi,
Thanks from this info. Now I understand this.
You must connect without GMAC (Using Authentication.None seems to work) and read InvocationCounter from 0.0.43.1.0.255.
Then Disconnect Set read value to InvocationCounter and connect using GMAC ciphering.
Like this:
GXDLMSData d = new GXDLMSData("0.0.43.1.0.255");
com.Read(d, 2);
client.Ciphering.InvocationCounter = Convert.ToUInt32(d.Value) + 1;
//Make connection again using ciphered connection.
client.AARQRequest();
It's interesting that Iskraemeco is not send ReleaseRequest before connecting again. but it seems that is not needed.
BR,
Mikko
BR,
Mikko
Hi,
Hi,
Thank you so much for your help, we solved the problem by doing exactly what you suggested in your last reply. We now connect with Authentication.None and read the InvocationCounter. Increase it with 1 and use it in next connection with GMAC.
Again, thank you for your help!
Regards
Andreas