InvalidCredentials: "Local hash does not match server hash"

[kaleem-peeroo]

Hello,

I have several smart plugs (P100). I have successfully gotten this API working on all but 2 devices. Thank you for implementing this library!

Below is my sample code for restarting the P100 plugs:

import asyncio
from tapo import ApiClient
from my_secrets import TAPO_USERNAME, TAPO_PASSWORD

async def restart():
    client = ApiClient(TAPO_USERNAME, TAPO_PASSWORD)

    device = await client.p100("192.168.1.31")

    logger.debug(f"Turning off {self.name} smart plug")
    await device.off()

    logger.debug("Waiting 3 seconds...")
    await asyncio.sleep(3)

    logger.debug(f"Turning on {self.name} smart plug")
    await device.on()

asyncio.run(restart())

And here is the output when executing the code:

Both, the computer executing the code and the smart plug are on the same LAN. I have looked at previous issues for any solutions. I have made sure the email is all lower case. I checked that the email matches the case sensitivity shown on my Tapo app.

What confuses me is how the username and password works for the other devices except for two. Do you know how to resolve this or at least how to debug this?

Any help would be very much appreciated!

Thanks,
Kaleem

[mihai-dinculescu]

Are the two devices that you're not able to connect to running the same firmware version as the ones that work?
What about the hardware version?

Have you tried to factory reset and reconfigure them?

[kaleem-peeroo]

The firmware versions match for both working and not working plugs (1.2.5 Build 240411 Rel. 143808).
The hardware versions also match (2.0).

I wil try factory reseting and reconfiguring them and see if that works.

Thanks for your help!

[kaleem-peeroo]

I have factory reset the plugs and reconfigured them and it did not fix the issue.

Do you have instructions on how I can run the rust implementation in debug mode so that I can investigate what is happening?
Do you think it'll help to manually send POST requests to see their response?

[Zerawr123123]

same results with me using TapoL535

[mihai-dinculescu]

Can you please post the logs that you get with the logging turned on?

In Python, you can use

import logging
logging.basicConfig(level=5)

In Rust, you can use RUST_LOG=trace cargo run...

[kaleem-peeroo]

Here is the output when using logging level 5:

[Zerawr123123]

[mihai-dinculescu]

That's interesting.

Can you please try

pip install python-kasa
kasa --username "..." --password "..."

To see if this library can authenticate?

[locustjon]

I have the exact same issue and can confirm that neither resetting and re-registering or using kasa module helps. Device in my case is P110 firmware version 1.3.1 build 240621 rel. 162048. Any help greatly appreciated.

[kaleem-peeroo]

That's interesting.

Can you please try

pip install python-kasa
kasa --username "..." --password "..."

To see if this library can authenticate?

When attempting this, it successfully identifies and authenticates with all plugs except for the 2 that produce the original InvalidCredentials error. Here is a screenshot of the kasa output for one of the plugs:

[mustafasoylu]

I have a similar problem

== Authentication failed for device ==
        == Discovery Result ==
        Device Type:        SMART.TAPOBULB
        Device Model:       L530E(EU)
        IP:                 192.168.178.41
        MAC:                B0-19-21-51-24-1E
        Device Id (hash):   f36fb3ba4f9eba72b6e90bf251693b39
        Owner (hash):       558D087F7FE52B644A6F296843CCEC7A
        Supports IOT Cloud: True
        OBD Src:            558D087F7FE52B644A6F296843CCEC7A
        Encrypt Type:       KLAP
        HTTP Port:          80

[mihai-dinculescu]

Thank you all for your help so far in investigating this unusual issue.

Could you also test this library and check if changing the encryption version between 1 and 2 makes any difference?

[kaleem-peeroo]

Thank you all for your help so far in investigating this unusual issue.

Could you also test this library and check if changing the encryption version between 1 and 2 makes any difference?

When trying to connect to the problematic plugs I get the following (with both version 1 and 2):

[mihai-dinculescu]

Please try the code in this PR with RUST_LOG=trace.

It includes extra traces to help debug the issue.
Sharing the traces might expose your credentials, so please change your password afterwards if you do.

What I'm after is:

• Is the cookie properly set? (It's safe to share the actual value)
• Is server hash matching any of the following hashes like local_seed, remote_seed, auth_hash, remote_seed, local_seed, auth_hash or remote_seed, auth_hash?