Huawei password schemes: Episode 3

Authors: Roberto Paleari (@rpaleari) and Aristide Fattori (@joystick)

We have a somehow long history of security advisories covering password encryption schemes used by Huawei products. For previous episodes see here and also here. To add another episode to the series, this post covers another password encryption scheme introduced probably around 2014. For the impatient reader: algorithms get more convoluted, passwords are obfuscated, but the scheme stays reversible and fundamentally insecure. To protect all affected customers, we won't disclose the full details of the algorithm, but we'll just give a quick overview of how it works.

To sum up, Huawei devices, such as AR series routers, store passwords using several distinct encryption and hashing schemes. Looking at an encrypted/hashed password, the prefix or suffix identifies the actual scheme being used. As an example:
  • DES passwords are terminated by a "!!" suffix.
  • AES passwords are delimited by characters "%$%$".
In our experience we observed several other delimiters, which correspond to other possible encryption schemes being used. To the best of our knowledge, little documentation exists about the internals of these schemes, not to mention about their security level. In this post we outline the encryption scheme used in another kind of Huawei passwords, which can be recognized by the delimiter "%@%@". Recent Huawei device models use this encryption scheme for storing a plethora of different kind of parameters, including user passwords, SNMP community names and Wi-Fi passphrases.

Briefly, the encryption scheme is still based on AES. Both the IV and the key are stored in the firmware image in obfuscated form, probably to prevent naive reverse engineering attempts. It suffices to say that the algorithm is reversible, and the actual key/IV can be easily reconstructed by anyone with average reverse engineering skills.

$ cat passwd.txt
$ cat passwd.txt | python
scheme: AES256v3 | cleartext: 'admin' | ciphertext: %@%@Of+->i@1/#!q`fS`Jii1,`@7%@%@

Overall, users should not trust this encryption scheme to protect their passwords. Needless to say, on the remediation side we recommended Huawei users to configure their devices to use hashing ("password irreversible-cipher") instead of using reversible encryption when storing passwords.

Huawei advisory about this vulnerability is available here.

1 comment:

  1. AES_KEY = [0x9B, 0x5A, 0xC7, 0x8A, 0x55, 0x42, 0x6D, 0x7C,
    0x3D, 0x8E, 0xF3, 0x4E, 0x2A, 0xC5, 0x6B, 0x9F,
    0xD4, 0xE6, 0x7F, 0x8B, 0x1D, 0x9C, 0xB6, 0xE9,
    0x75, 0x38, 0x58, 0xA7, 0xB4, 0x71, 0x64, 0x4D]
    AES_IV = [0x73, 0x2B, 0xF4, 0x58, 0xD2, 0x84, 0x9C, 0xA7,
    0xDE, 0x42, 0xF6, 0xB9, 0x1F, 0x2C, 0x7D, 0xE3]