-
-
Save staaldraad/605a5e40abaaa5915bc7 to your computer and use it in GitHub Desktop.
#!/usr/bin/python | |
""" | |
Simple tool to extract local users and passwords from most Huawei routers/firewalls config files. | |
Will extract plain-text passwords and crypted credentials. Huawei config files use DES encryption with | |
a known key. Using this information, the script will decrypt credentials found in the config file. | |
Author: Etienne Stalmans ([email protected]) | |
Version: 1.0 (12/01/2014) | |
""" | |
from Crypto.Cipher import DES | |
import sys | |
import binascii | |
def decode_char(c): | |
if c == 'a': | |
r = '?' | |
else: | |
r = c | |
return ord(r) - ord('!') | |
def ascii_to_binary(s): | |
assert len(s) == 24 | |
out = [0]*18 | |
i = 0 | |
j = 0 | |
for i in range(0, len(s), 4): | |
y = decode_char(s[i + 0]) | |
y = (y << 6) & 0xffffff | |
k = decode_char(s[i + 1]) | |
y = (y | k) & 0xffffff | |
y = (y << 6) & 0xffffff | |
k = decode_char(s[i + 2]) | |
y = (y | k) & 0xffffff | |
y = (y << 6) & 0xffffff | |
k = decode_char(s[i + 3]) | |
y = (y | k) & 0xffffff | |
out[j+2] = chr(y & 0xff) | |
out[j+1] = chr((y>>8) & 0xff) | |
out[j+0] = chr((y>>16) & 0xff) | |
j += 3 | |
return "".join(out) | |
def decrypt_password(p): | |
r = ascii_to_binary(p) | |
r = r[:16] | |
d = DES.new("\x01\x02\x03\x04\x05\x06\x07\x08", DES.MODE_ECB) | |
r = d.decrypt(r) | |
return r.rstrip("\x00") | |
f_in = open(sys.argv[1],'r') | |
print "[*] Huawei Password Decryptor" | |
for line in f_in: | |
if ('local-user' not in line) or ('password' not in line): | |
continue | |
inp = line.split() | |
print "[*]-----------------------" | |
print "\t[+] User: %s"%inp[1] | |
print "\t[+] Password type: %s"%inp[3] | |
if inp[3] == "cipher": | |
print "\t[+] Cipher: %s"%inp[4] | |
print "\t[+] Password: %s"%decrypt_password(inp[4]) | |
else: | |
print "\t[+] Password: %s"%(inp[4]) |
hello, can anyone decript this?
local-user root password irreversible-cipher g-1CeT32Y$..R"-F[fW<;W15,m-yn>.Y.-J>{wC@@
Q|,!+Q&G$
can anyone decrypt that:
What is SU button function on GUI I ever try $1 and $2 only
I don't know.
Where i can find this GUI ?
sorry for inconviniace,
What is SU button function on GUI I ever try $1 and $2 only
I don't know.
Where i can find this GUI ?
Thanks
@Boboaung-Myanmar - Try this 18855117
$2M^7i5]ps.KDN0XI>kLtUo{cZ~\ZMZ2R.*.POxM|2t-Z'6"e{P~e6WM9D^[l)DtF8(_]48(b$v9WjPQ,&+0fO>c'Nb/_b||6$;,rR$
Can you helpme ser
sorry for inconviniace,
What is SU button function on GUI I ever try $1 and $2 only
I don't know.
Where i can find this GUI ?
Thanks
$2M^7i5]ps.KDN0XI>kLtUo{cZ~\ZMZ2R.*.POxM|2t-Z'6"e{P~e6WM9D^[l)DtF8(_]48(b$v9WjPQ,&+0fO>c'Nb/_b||6$;,rR$
Can you helpme ser
Hello!
It it possible to decrypt this one?
$1c$nIyL.#{5F2$TzF'@"gEaH_mJb*Vd>fBD"px&M1'i1aOXF:ptG:E$
Thank you in advance!
for dg 8245
i need Administrator user and password
i search through notpade and this what i get
UserName="vodadsl" Password="41a69149e63df1ce83234fc39a70caeab11eed3d390629ca7cffc2dcd327480b" UserLevel="0" Enable="1" ModifyPasswordFlag="0"
i need to decrypt the password
$2GACZYhI-vIoR>v/Cdi:7dkP=;9/(HKvZ2UK[5,]AA9ALE\Z%.S*&iVCn216/StW,(M%
'bpB{@[jdL!1:Be=`9P*Ky}2(&|=jsR$
pls
i tried the site, it doesnt give a good result:
https://andreluis034.github.io/huawei-utility-page/#cipher
$2#$A:@i5s+L7OAK/KQ.r9gfB`5v,-S%T=rz~&0[6I:Zt,<Rvhz):[v3(*"K@(OMJMf<*aA1z#1KIlO4LUwr,FX$5D||9s)E#|%0$
Result: bbf2073ca9c495606fe49628cffef83e0dfce8dc29270703b3c6709e14029911
Hi guys has anyone teste Encryption and Decryption on Huawei AX2 wifi6 routers? it seems the user is allways the same: admin.. just password on input menu login screen.. i have managed to analyze with F12 network traffic.. and it has 2 requests.. user_login_nonce, and user_login_proof which returns a RSAE : 010001 and RSA_N public modulus and RSA signature and Server signature keys , together with CSRF tokens for security protection.. on the user_login_nonce the password seems to be encripted.. and we can only see a SALT key info