Forum Discussion

Russell_Moore_8's avatar
Russell_Moore_8
Icon for Nimbostratus rankNimbostratus
May 10, 2012

ActiveSync Windows Phone query decode

I used the following rule to decode and locate the Windows Phone device ID for access control to an ActiveSync/OWA service. The AS protocol allows the query to be plain text or base64 encoded hex. ...
application delivery
dev
devops
iRules
Russell_Moore_8's avatar
Russell_Moore_8
Icon for Nimbostratus rankNimbostratus
May 10, 2012
 when HTTP_REQUEST {
     create variable to contain the query string
    set string_b64encoded [HTTP::query]
     test the contents of the query string to see if it is base64 and if so place the content
     in a variable
    if {[catch {b64decode $string_b64encoded} string_b64decoded] == 0 and  $string_b64decoded ne ""}{
     scan the decoded content for the Device ID length
     the "x4H2" format says to move forward 4 bytes and select the next 2 places
     as HEX and put them in varible  IDlenHEX
    binary scan $string_b64decoded x4H2 IDlenHEX
     convert HEX to decimal
    scan $IDlenHEX %x IDlenDEC
     multiply by two to get the correct character count
    set IDlen [expr "$IDlenDEC * 2"]
     knowing the DeviceID starts at the 6th pair we move "x5" to the that starting place
     then select "H$IDlen" to put in variable HEXdeviceID
    binary scan $string_b64decoded x5H$IDlen HEXdeviceID
    try to match the found ID  to a data group of allowed IDs
        if { [matchclass $HEXdeviceID contains allowHEXdeviceIDs] } {
            pool ASOWA.example.com_443
            log local0. "Found ALLOWED Hexadecimal DeviceID: $HEXdeviceID"
        } else {
            log local0. "Found DENIED Hexadecimal DeviceID: $HEXdeviceID"
                    discard
            }
        }
    }