4

I have Huawei HG8145V5 and I backed up config file which contains encrypted root and admin credentials, but I dont know how they are encrypted. Here is an example of one password

$2*FuHXY<y5$VJl(9f^9z%7;vR%K;84JG$.&O`qM17$

Can anyone identify which algo is used ?

Vido
  • 515
  • 8
  • 22

1 Answers1

3

It's probably AES. I saw config files at HG8245Hv5 and HG8245H5 and passwords are looking similar. A bit (just a bit:D) more info is here: https://the-infosec.com/2017/03/20/huawei-hg8245h-router-privilege-escalatio/

HE9CbITb
  • 101
  • 1
  • 10
  • Also mr. Vido I have one question for you too:) Could you please reply on this post if you're reading it? – HE9CbITb Jan 02 '21 at 19:32
  • Hey @HE9CbITb tnx for your replay it seams that enc. is aes – Vido Jan 08 '21 at 13:54
  • Hi, @Vido I have one question for you:) In this topic https://reverseengineering.stackexchange.com/questions/11626/zte-encrypted-backup-config-file the issue of decrypting modem config file was discussed. It was recommended to find a file named 'tagparam_m', perform MD5sum of it, get this way AES-key, decrypt config file with this key, decompress zlib and finally get config file in xml. I want to ask you: where did you find this 'tagparam_m' file? I'm looking at firmware file directories (including /var), but I can't find this file. Thank you:) – HE9CbITb Jan 10 '21 at 11:57
  • Hey @HE9CblTb in my case tagparam_m was in var directory – Vido Jan 10 '21 at 12:44
  • Ok, maybe that's because of different firmware. Gonna search again. Thank you:) – HE9CbITb Jan 10 '21 at 14:00
  • Hey @HE9CbITb which router do you have ? – Vido Jan 10 '21 at 18:08
  • @Vido I have ZTE F609 (Software Version V7.0.10P7N1). – HE9CbITb Jan 11 '21 at 22:16
  • Hey @HE9CbITb I assume that you connected via telnet and you looking at /var right ? Also can you send me your cspd ? – Vido Jan 12 '21 at 13:00
  • @Vido no, I'm looking at firmware file. I can't telnet modem because I don't know correct login/password (I tried many different variants: root/Zte521, root/root, root/Telkom135 and another - noone worked). I wanted to get config file to look at these login/password, but this file is probably encrypted (binwalk shows just rising enthropy egde; it seems to me that file is encrypted). I read that topic (ZTE encrypted config), it was recommended to find a file tagparam_m but since I can't get access to modem I've started to analyze firmware file in hope to find smth. – HE9CbITb Jan 12 '21 at 17:38
  • Hey @HE9CbITb Can you send me your firmware – Vido Jan 12 '21 at 17:43
  • @Vido yeah, I can, but not tonight. I'll be home day after tomorrow so then I'll send you it. Just tell me where should I send it. And once again thank you for helping:) By the way I think telnet can be just disabled in this firmware, but we always need to know such things for sure, right?:) – HE9CbITb Jan 12 '21 at 17:54
  • Hey @HE9CbITb you can upload it somewhere mega.nz for example. If it's accepts root user as user when you try to log in then I think its working – Vido Jan 12 '21 at 17:58
  • 1
    Let us continue this discussion in chat. – Vido Jan 12 '21 at 18:07