Created
March 11, 2015 13:19
-
-
Save staaldraad/605a5e40abaaa5915bc7 to your computer and use it in GitHub Desktop.
Decrypt Huawei router/firewall passwords. Huawei stores passwords using DES encryption when the crypted option is enabled.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
""" | |
Simple tool to extract local users and passwords from most Huawei routers/firewalls config files. | |
Will extract plain-text passwords and crypted credentials. Huawei config files use DES encryption with | |
a known key. Using this information, the script will decrypt credentials found in the config file. | |
Author: Etienne Stalmans ([email protected]) | |
Version: 1.0 (12/01/2014) | |
""" | |
from Crypto.Cipher import DES | |
import sys | |
import binascii | |
def decode_char(c): | |
if c == 'a': | |
r = '?' | |
else: | |
r = c | |
return ord(r) - ord('!') | |
def ascii_to_binary(s): | |
assert len(s) == 24 | |
out = [0]*18 | |
i = 0 | |
j = 0 | |
for i in range(0, len(s), 4): | |
y = decode_char(s[i + 0]) | |
y = (y << 6) & 0xffffff | |
k = decode_char(s[i + 1]) | |
y = (y | k) & 0xffffff | |
y = (y << 6) & 0xffffff | |
k = decode_char(s[i + 2]) | |
y = (y | k) & 0xffffff | |
y = (y << 6) & 0xffffff | |
k = decode_char(s[i + 3]) | |
y = (y | k) & 0xffffff | |
out[j+2] = chr(y & 0xff) | |
out[j+1] = chr((y>>8) & 0xff) | |
out[j+0] = chr((y>>16) & 0xff) | |
j += 3 | |
return "".join(out) | |
def decrypt_password(p): | |
r = ascii_to_binary(p) | |
r = r[:16] | |
d = DES.new("\x01\x02\x03\x04\x05\x06\x07\x08", DES.MODE_ECB) | |
r = d.decrypt(r) | |
return r.rstrip("\x00") | |
f_in = open(sys.argv[1],'r') | |
print "[*] Huawei Password Decryptor" | |
for line in f_in: | |
if ('local-user' not in line) or ('password' not in line): | |
continue | |
inp = line.split() | |
print "[*]-----------------------" | |
print "\t[+] User: %s"%inp[1] | |
print "\t[+] Password type: %s"%inp[3] | |
if inp[3] == "cipher": | |
print "\t[+] Cipher: %s"%inp[4] | |
print "\t[+] Password: %s"%decrypt_password(inp[4]) | |
else: | |
print "\t[+] Password: %s"%(inp[4]) |
i tried the site, it doesnt give a good result:
https://andreluis034.github.io/huawei-utility-page/#cipher
$2#$A:@i5s+L7OAK/KQ.r9gfB`5v,-S%T=rz~&0[6I:Zt,<Rvhz):[v3(*"K@(OMJMf<*aA1z#1KIlO4LUwr,FX$5D||9s)E#|%0$
Result: bbf2073ca9c495606fe49628cffef83e0dfce8dc29270703b3c6709e14029911
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
$2GACZYhI-vIoR>v/Cdi:7dkP=;9/(HKvZ2UK[5,]AA9ALE\Z%.S*
&iVCn216/StW,(M%
'bpB{@[jdL!1:Be=`9P*Ky}2(&|=jsR$pls