Get HTTP Password In Script

[HarryMuscle]

How would I go about getting the HTTP password in a script? If I SSH into the router and run

nvram get http_passwd

I get an ecrypted result, however, if I export all NVRAM values via Administration -> Restore/Save/Upload Setting the password is in clear text so the value stored in http_passwd must be stored in some reversible encryption and is actually reversed back into the original password when exporting the configuration.

Thanks,
Harry

 

[ColinTaylor]

however, if I export all NVRAM values via Administration -> Restore/Save/Upload Setting the password is in clear text...

No it isn't. The whole file is (weakly) encrypted but you're using a utility (like WrtSettings) that knows how to decrypt it.

 

[HarryMuscle]

No it isn't. The whole file is (weakly) encrypted but you're using a utility (like WrtSettings) that knows how to decrypt it.

I am actually using WrtSettings. Any idea what methods WrtSettings might be applying to decrypt the password?

 

[ColinTaylor]

The encoding used on the settings file is different than the encryption applied to the password and returned by the nvram get command. Knowing one won't help you with the other.

 

[HarryMuscle]

The encoding used on the settings file is different than the encryption applied to the password and returned by the nvram get command. Knowing one won't help you with the other.

Sorry, I meant if you knew how WrtSettings reverses the encryption applied to the password. In other words, I'm just asking to figure out how to reverse the encrypted password as it is returned by the nvram get command.

 

[ColinTaylor]

In other words, I'm just asking to figure out how to reverse the encrypted password as it is returned by the nvram get command.

Sorry, I don't know. I suspect the decryption method/key is contained in the closed source nvram library.

 

[HarryMuscle]

So I did some digging around in the source code and I've been able to track down the password decryption to a pw_dec function located in the pwenc.c file. Unfortunately it seems that's a closed source file. The firmware only seems to import the function definitions from it (see line 3890 in https://github.com/RMerl/asuswrt-me...85aa5dca69/release/src/router/shared/shared.h).

@RMerlin any chance you could confirm if there's any way to see the source for the pw_dec function in the pwenc.c source file?

Thanks,
Harry

 

[RMerlin]

@RMerlin any chance you could confirm if there's any way to see the source for the pw_dec function in the pwenc.c source file

Closed source.