Closed minanagehsalalma closed 5 years ago
bcoles
commented
5 years ago Without access to the device, it is hard to say.
is there any way to extract the password from that setcfg.cgi ?
Maybe this will help:
You'll likely need different keys, as per:
minanagehsalalma
commented
5 years ago @bcoles
Without access to the device, it is hard to say.
you mean physical access ?
You'll likely need different keys, as per:
how do i get them ? i have the firmware file !
bcoles
commented
5 years ago you mean physical access ?
I mean it's hard for me to know without access to the device firmware.
how do i get them ? i have the firmware file !
The link you provided explains how to retrieve the keys:
minanagehsalalma
commented
5 years ago I mean it's hard for me to know without access to the device firmware
The frimware link is in this link in the description https://reverseengineering.stackexchange.com/questions/21618/how-can-i-decrypt-huawei-hg531s-v1-config-file Or directly from here https://www.mediafire.com/file/4x8y97j256uvd04/hg531s1.BIN/file "The link you provided explains how to retrieve the keys:" I know mate i am the one that asked that question there because i failed to find the keys And nobody helped me . If you can i would be very grateful :) If only you don't mind . @bcoles
minanagehsalalma
commented
5 years ago @bcoles
i looked into all the lib files using IDA and this what i found .
(ATP_GetInfo1 ATP_GetInfo2 ATP_GetInfo3 ATP_GetInfo4) are in libhttpapi.so
ATP_GetInfo2 is in libcfmapi
ATP_GetInfo3 is in libmsgapi.so
ATP_GetInfo4 is in libatputil.so
the tutorial says
ATP_GetInfo1 is in libxmlapi.so ATP_GetInfo2 is in libhttpapi.so ATP_GetInfo3 is in libcfmapi.so ATP_GetInfo4 is in libmsgapi.so
the problem is that the lengths of each of them isn't the same and i don't know how to copy them properly .
the lib files.zip if you can take a look on them . only if i am not bothering you . thanks for your replies :)
minanagehsalalma
commented
5 years ago @bcoles mate can you take a look on this pls ?
JessWill
commented
5 years ago Hi @minanagehsalalma , are you still requiring assistance with this? I will be closing this ticket in a week if there is no response, thank you.
bcoles
commented
5 years ago @minanagehsalalma sorry, no, I don't have time to look into this.
minanagehsalalma
commented
5 years ago Hi @minanagehsalalma , are you still requiring assistance with this? I will be closing this ticket in a week if there is no response, thank you.
@JessW98 thanks . i did get help with decrypting it and got it working .
@bcoles
@minanagehsalalma sorry, no, I don't have time to look into this
No problem .
TechIVIan
commented
1 year ago Hello, till now there is no solution for this ?
minanagehsalalma
commented
1 year ago Hello, till now there is no solution for this ?
download config file and decrypt it
TechIVIan
commented
1 year ago the problem it self in the config file ( there is no access for it. )
TechIVIan
commented
1 year ago So, i go to Settings, i only find account manager. i try to override the system to get the configfile menu. once i press download it log me out from the router..
minanagehsalalma
commented
1 year ago @TechIVIan dude come on , it won't show if you are on user account u need to get onto the admin account
stop spamming the repo and figure it on your own.
TechIVIan
commented
1 year ago Sorry for the spam, 1st time i use this platform.
i'm logged in into admin account but the ISP added an other account named 'superadmin' wich is unaccessible.
already my 4th day trying to get the config file, superadmin password, Or PPPoe Password.
my router now have like 3 existing users ( admin, superadmin, user)
but i only have admin+user access...
i've tried to make my own page HTML wich is show download button but it logs me out.
i don't know what to do exactly.
please try and help me with this.. already 4 days trying but my java knowledge is a little bit limited...
minanagehsalalma
commented
1 year ago @TechIVIan okay okay hand over you email and i will try to help u
but you will write step by step guide here about how u did it , okay ?
TechIVIan
commented
1 year ago sure! here you go; oussemabentoumia@gmail.com
so, i have 2 Routers ( one wich i already been resetted to the original software ) ( an other wich is from my ISP )
i started copying the files from the old router and submitting them by override in F12
now i get the full panels inside the admin account in the ISP router..
but once i press download or stay for little bit time it's shutsdown and ask for reconnecting.
so i looked more inside the files and found that there is an superadmin account
but without the password i can't do nothing
i tried also upgrading firmware .. same it's logout.
also tried to change the superadmin password forcly and logout me out..
stephenakq
commented
1 year ago Please join the BeEF discord to discuss this issue. Someone there might be able to help https://discord.gg/ugmKmHarKc
arouzbehani
commented
3 weeks ago I ran into the same problem, i tested chrome "guest" profile and I succeeded to change it
minanagehsalalma
commented
3 weeks ago @arouzbehani lmao what does the chrome profiles has anything to do with this!
arouzbehani
commented
3 weeks ago @arouzbehani lmao what does the chrome profiles has anything to do with this!
I have no idea !! I did it for my neighbor just couple of hours ago, who was not able to connect to the modem anymore, I reset the modem and tried to changed the password and it failed because the default password replaced it after saving. I just assumed it might be something related to my profile which was used to set my own modem with a same address (192.168.1.1) so I decided to use a clean profile without History, caching, etc. And it worked!! Then I was suspicious of hacking or something similar in my laptop so I searched the default password and had a relief when I realized that this is an old issue with Huawei modem.
i can't get the wifi password from the router page because it's masked with stars and when i convert the type from password to text using inspect elements it gives me a wrong password "@1GV)Z<!" and while looking into this path http://192.168.1.1/html/network/wlan.asp in another similar model helped me finding the password !! but in this model http://192.168.1.1/html/ntwkall/wlan.asp all i found was that the ssids and the wrong passwords "@1GV)Z<!" and while looking in the network tab i found this while submitting a new password it sends the password to this url http://192.168.1.1/html/ntwkall/setcfg.cgi?x=InternetGatewayDevice.LANDevice.1&y=InternetGatewayDevice.LANDevice.1.WLANConfiguration.1&k=InternetGatewayDevice.LANDevice.1.WLANConfiguration.1.PreSharedKey.1&z=InternetGatewayDevice.LANDevice.1.WLANConfiguration.1.WPS&RequestFile=/html/ntwkall/wlan.asp
with this --data "csrf_token=XGusO59EJlYEVQ0sWpMA7ftQo7JH5gQN&y.Standard=b%2Fg%2Fn&y.MaxBitRate=Auto&y.X_Wlan11NHtMcs=33&y.Enable=1&y.AutoChannelEnable=1&y.Channel=6&y.SSIDAdvertisementEnabled=1&y.X_WlanIsolateControl=0&y.WMMEnable=1&y.X_Wlan11NBWControl=20%2F40&y.X_Wlan11NGIControl=long&y.SSID=wifisucks&y.X_AssociateDeviceNum=32&y.X_PowerValue=20&y.BeaconType=11i&z.Enable=1&z.X_WPSMode=ap-pbc&k.PreSharedKey=thepasswordyouno&y.IEEE11iEncryptionModes=AESEncryption&x.X_WLANEnable=1"
is there any way to extract the password from that setcfg.cgi ? and i tried to decrypt the router backup config file but niresoft router pass view failed to decrypt it .. When i looked into the page file from the firmware and searched PreSharedKey
i found those if they make any sense and i have tried to open the page with javascript turned off but still the password didn't show up ! the wrong password after trying the inspect elements trick
the wrong passwords from the page source code
any ideas other than getting it through wps would be very useful !