Skip to content

Instantly share code, notes, and snippets.

@staaldraad
Created March 11, 2015 13:19
Show Gist options
  • Save staaldraad/605a5e40abaaa5915bc7 to your computer and use it in GitHub Desktop.
Save staaldraad/605a5e40abaaa5915bc7 to your computer and use it in GitHub Desktop.
Decrypt Huawei router/firewall passwords. Huawei stores passwords using DES encryption when the crypted option is enabled.
#!/usr/bin/python
"""
Simple tool to extract local users and passwords from most Huawei routers/firewalls config files.
Will extract plain-text passwords and crypted credentials. Huawei config files use DES encryption with
a known key. Using this information, the script will decrypt credentials found in the config file.
Author: Etienne Stalmans ([email protected])
Version: 1.0 (12/01/2014)
"""
from Crypto.Cipher import DES
import sys
import binascii
def decode_char(c):
if c == 'a':
r = '?'
else:
r = c
return ord(r) - ord('!')
def ascii_to_binary(s):
assert len(s) == 24
out = [0]*18
i = 0
j = 0
for i in range(0, len(s), 4):
y = decode_char(s[i + 0])
y = (y << 6) & 0xffffff
k = decode_char(s[i + 1])
y = (y | k) & 0xffffff
y = (y << 6) & 0xffffff
k = decode_char(s[i + 2])
y = (y | k) & 0xffffff
y = (y << 6) & 0xffffff
k = decode_char(s[i + 3])
y = (y | k) & 0xffffff
out[j+2] = chr(y & 0xff)
out[j+1] = chr((y>>8) & 0xff)
out[j+0] = chr((y>>16) & 0xff)
j += 3
return "".join(out)
def decrypt_password(p):
r = ascii_to_binary(p)
r = r[:16]
d = DES.new("\x01\x02\x03\x04\x05\x06\x07\x08", DES.MODE_ECB)
r = d.decrypt(r)
return r.rstrip("\x00")
f_in = open(sys.argv[1],'r')
print "[*] Huawei Password Decryptor"
for line in f_in:
if ('local-user' not in line) or ('password' not in line):
continue
inp = line.split()
print "[*]-----------------------"
print "\t[+] User: %s"%inp[1]
print "\t[+] Password type: %s"%inp[3]
if inp[3] == "cipher":
print "\t[+] Cipher: %s"%inp[4]
print "\t[+] Password: %s"%decrypt_password(inp[4])
else:
print "\t[+] Password: %s"%(inp[4])
@muffrank
Copy link

Can anybody decrypt this please: 30fdf15fd513fd69085f9344ff2d5d716254aa367bcac88e78ee60ad0298d606

@qatar2030
Copy link

Hi SwimmingTiger or anyone in this forum,

Can someone kindly help me to decrpyt this : $2RW!aHei\s+Ng_XGkJJ1EJE&gt;&lt;2[4w7Hm)0&gt;ZnNHVMkh'|~E=r4_-G5ME-5bm4)60{(&lt;&lt;:|1:p"N.TAi+Y7"{I&lt;MQeM@@:Da.4:8wK$

My goal is to setup a bridge connection as the default ONT from ISP is not good enough for my usage. Currently setting up a bridge is not possible right now since myISP refuse to give the PPoE password.

I can do it for you for free but i have to visiting you i leve in qatar بني هاجر

@ahmedoozziee
Copy link

ahmedoozziee commented Dec 26, 2023

Hi SwimmingTiger or anyone in this forum,
Can someone kindly help me to decrpyt this : Unable to render expression.

    $2RW!aHei\s+Ng_XGkJJ1EJE&gt;&lt;2[4w7Hm)0&gt;ZnNHVMkh'|~E=r4_-G5ME-5bm4)60{(&lt;&lt;:|1:p"N.TAi+Y7"{I&lt;MQeM@@:Da.4:8wK$

My goal is to setup a bridge connection as the default ONT from ISP is not good enough for my usage. Currently setting up a bridge is not possible right now since myISP refuse to give the PPoE password.

I can do it for you for free but i have to visiting you i leve in qatar بني هاجر

Hello @qatar2030 Please share your contact details i'm intersted or whatsapp me on +201123547811

@ochere
Copy link

ochere commented Jan 7, 2024

Hello,
Can someone decrypt this
%$%$Tr_3Df|s6VDf6|1)A&{("KB9%$%$
%$%$N\VpOW$0S9]y*Hk\d#/>bYP%$%$
%$%$7k"P64W3S#_ZoB3nb3'.vKB9%$%$
%$%$oR:@125YZLqM,41mdg"DE
6-%$%$
%$%$TyIDAD_l6Hk[vx<Z5fQPYpg^%$%$
%$%$HIWgCp$,qHg).|3(&Eb<{6-%$%$
%$%$HP.RQA%Ba
kzE@*4j70WhWNE%$%$

from a Eudemon1000E-X5

@mammuthus
Copy link

Hello, Can someone decrypt this

Hi there! Any reason you're not decrypting it yourself?

@AlbertEinsteinGlitchPoint

Hi guys has anyone teste Encryption and Decryption on Huawei AX2 wifi6 routers? it seems the user is allways the same: admin.. just password on input menu login screen.. i have managed to analyze with F12 network traffic.. and it has 2 requests.. user_login_nonce, and user_login_proof which returns a RSAE : 010001 and RSA_N public modulus and RSA signature and Server signature keys , together with CSRF tokens for security protection.. on the user_login_nonce the password seems to be encripted.. and we can only see a SALT key info

@swapnil6127
Copy link

swapnil6127 commented Jan 17, 2024

hello, can anyone decript this?
local-user root password irreversible-cipher $1c$g-1CeT32Y$..R"-F[fW<;W15,m-yn>.Y.-J>{wC@@Q|,!+Q&G$

@MatiM72737
Copy link

can anyone decrypt that:
$2Rr}bG&amp;*mnJMmVcBHW/,55\u@KJg~(0e6Wh2d#)HA:|iOV]W%7S|980Twf}=8v@VD,YX&gt;fK0ub'94;DIBk7#!Gbc8bPVRk@1HhD`V$

@SwimmingTiger
Copy link

SwimmingTiger commented May 16, 2024

What is SU button function on GUI I ever try $1 and $2 only

I don't know.

Where i can find this GUI ?

https://github.com/hu60t/hu60wap6/files/6206916/Huawei.configuration.encryption.and.decryption.tools.zip

@dublinz
Copy link

dublinz commented May 16, 2024

sorry for inconviniace,

What is SU button function on GUI I ever try $1 and $2 only

I don't know.

Where i can find this GUI ?

https://github.com/hu60t/hu60wap6/files/6206916/Huawei.configuration.encryption.and.decryption.tools.zip

Thanks

@Irullinux
Copy link

@Boboaung-Myanmar - Try this 18855117

$2M^7i5]ps.KDN0XI>kLtUo{cZ~\ZMZ2R.*.POxM|2t-Z'6"e{P~e6WM9D^[l)DtF8(_]48(b$v9WjPQ,&+0fO>c'Nb/_b||6$;,rR$

Can you helpme ser

@Irullinux
Copy link

sorry for inconviniace,

What is SU button function on GUI I ever try $1 and $2 only

I don't know.

Where i can find this GUI ?

https://github.com/hu60t/hu60wap6/files/6206916/Huawei.configuration.encryption.and.decryption.tools.zip

Thanks

$2M^7i5]ps.KDN0XI>kLtUo{cZ~\ZMZ2R.*.POxM|2t-Z'6"e{P~e6WM9D^[l)DtF8(_]48(b$v9WjPQ,&+0fO>c'Nb/_b||6$;,rR$

Can you helpme ser

@notrhythm
Copy link

Hello!

It it possible to decrypt this one?
$1c$nIyL.#{5F2$TzF'@"gEaH_mJb*Vd>fBD"px&M1'i1aOXF:ptG:E$

Thank you in advance!

@PlanetHemp2024
Copy link

for dg 8245
i need Administrator user and password
i search through notpade and this what i get
UserName="vodadsl" Password="41a69149e63df1ce83234fc39a70caeab11eed3d390629ca7cffc2dcd327480b" UserLevel="0" Enable="1" ModifyPasswordFlag="0"
i need to decrypt the password

@zvellblade26
Copy link

$2GACZYhI-vIoR>v/Cdi:7dkP=;9/(HKvZ2UK[5,]AA9ALE\Z%.S*&amp;iVCn216/StW,(M%'bpB{@[jdL!1:Be=`9P*Ky}2(&|=jsR$

pls

@algarih
Copy link

algarih commented Nov 6, 2024

i tried the site, it doesnt give a good result:
https://andreluis034.github.io/huawei-utility-page/#cipher

$2#$A:@i5s+L7OAK/KQ.r9gfB`5v,-S%T=rz~&0[6I:Zt,<Rvhz):[v3(*"K@(OMJMf<*aA1z#1KIlO4LUwr,FX$5D||9s)E#|%0$

Result: bbf2073ca9c495606fe49628cffef83e0dfce8dc29270703b3c6709e14029911

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment