Decrypt Huawei router/firewall passwords. Huawei stores passwords using DES encryption when the crypted option is enabled.

huaweiDecrypt.py

#!/usr/bin/python
"""
Simple tool to extract local users and passwords from most Huawei routers/firewalls config files.
Will extract plain-text passwords and  crypted credentials. Huawei config files use DES encryption with 
a known key. Using this information, the script will decrypt credentials found in the config file.
Author: Etienne Stalmans (etienne@sensepost.com)
Version: 1.0 (12/01/2014)
"""

from Crypto.Cipher import DES
import sys
import binascii

def decode_char(c):
    if c == 'a':
        r = '?'
    else:
        r = c
    return ord(r) - ord('!')

def ascii_to_binary(s):
    assert len(s) == 24

    out = [0]*18
    i = 0
    j = 0

    for i in range(0, len(s), 4):
        y = decode_char(s[i + 0])
        y = (y << 6) & 0xffffff

        k = decode_char(s[i + 1])
        y = (y | k) & 0xffffff
        y = (y << 6) & 0xffffff

        k = decode_char(s[i + 2])
        y = (y | k) & 0xffffff
        y = (y << 6) & 0xffffff

        k = decode_char(s[i + 3])
        y = (y | k) & 0xffffff

        out[j+2] = chr(y & 0xff)
        out[j+1] = chr((y>>8) & 0xff)
        out[j+0] = chr((y>>16) & 0xff)

        j += 3

    return "".join(out)

def decrypt_password(p):
    r = ascii_to_binary(p)
    r = r[:16]

    d = DES.new("\x01\x02\x03\x04\x05\x06\x07\x08", DES.MODE_ECB)
    r = d.decrypt(r)

    return r.rstrip("\x00")


f_in = open(sys.argv[1],'r')

print "[*] Huawei Password Decryptor"

for line in f_in:
    
    if ('local-user' not in line) or ('password' not in line):
        continue
    
    inp = line.split()
    print "[*]-----------------------"
    print "\t[+] User: %s"%inp[1]
    print "\t[+] Password type: %s"%inp[3]
    if inp[3] == "cipher":
        print "\t[+] Cipher: %s"%inp[4]
        print "\t[+] Password: %s"%decrypt_password(inp[4])
    else:
        print "\t[+] Password: %s"%(inp[4])

Is it still working?
I tested both the website and the tools there, but both only generate outrk code, like base64, when I try to decode the text in the PPPoE password files.

I have a Huawei HG8145V5-V2 router, and its backup is generated in .xml.html.

ok good. i do it reset factory is disabling root user haven't salt code and not is possible decrypt. file config xml not permitted upgrade in root huawei HG8145X6. the device is full protect for ISP. greetings MB. El mié, 19 nov 2025, 18:11, kino ***@***.***> escribió:

…

***@***.**** commented on this gist. ------------------------------ Is it still working? I tested both the website and the tools there, but both only generate outrk code, like base64, when I try to decode the text in the PPPoE password files. I have a Huawei HG8145V5-V2 router, and its backup is generated in .xml.html. — Reply to this email directly, view it on GitHub <https://gist.github.com/staaldraad/605a5e40abaaa5915bc7#gistcomment-5871596> or unsubscribe <https://github.com/notifications/unsubscribe-auth/B2DJOK7ZFN7FCXPIXDTGJ2335TMHXBFHORZGSZ3HMVZKMY3SMVQXIZNMON2WE2TFMN2F65DZOBS2WR3JON2EG33NNVSW45FGORXXA2LDOOIYFJDUPFYGLJDHNFZXJJLWMFWHKZNIGIYDENBWHAZDBKTBOR2HE2LCOV2GK44TQKSXMYLMOVS2SMJXGQ3TKNRRGE4KI3TBNVS2QYLDORXXEX3JMSBKK5TBNR2WLJDUOJ2WLJDOMFWWLO3UNBZGKYLEL5YGC4TUNFRWS4DBNZ2F6YLDORUXM2LUPGBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DF> . You are receiving this email because you commented on the thread. Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub> .