We have a somehow long history of security advisories covering password encryption schemes used by Huawei products. For previous episodes see here and also here. To add another episode to the series, this post covers another password encryption scheme introduced probably around 2014. For the impatient reader: algorithms get more convoluted, passwords are obfuscated, but the scheme stays reversible and fundamentally insecure. To protect all affected customers, we won't disclose the full details of the algorithm, but we'll just give a quick overview of how it works.
To sum up, Huawei devices, such as AR series routers, store passwords using several distinct encryption and hashing schemes. Looking at an encrypted/hashed password, the prefix or suffix identifies the actual scheme being used. As an example:
- DES passwords are terminated by a "!!" suffix.
- AES passwords are delimited by characters "%$%$".
Briefly, the encryption scheme is still based on AES. Both the IV and the key are stored in the firmware image in obfuscated form, probably to prevent naive reverse engineering attempts. It suffices to say that the algorithm is reversible, and the actual key/IV can be easily reconstructed by anyone with average reverse engineering skills.
$ cat passwd.txt
$ cat passwd.txt | python huaweidecrypt.py
scheme: AES256v3 | cleartext: 'admin' | ciphertext: %@%@Of+->i@1/#!q`fS`Jii1,`@7%@%@
Overall, users should not trust this encryption scheme to protect their passwords. Needless to say, on the remediation side we recommended Huawei users to configure their devices to use hashing ("password irreversible-cipher") instead of using reversible encryption when storing passwords.
Huawei advisory about this vulnerability is available here.