AES cipher is used to encrypt or decrypt 16 bytes (of arbitrary value).HMAC-SHA256 is keyed with the second half of the SHA256 hash.CTR mode's nonce is initialized with the first half of the salt.AES128-CTR cipher is keyed with the first half of the SHA256 hash.salt+password result is hashed using SHA256.The first 4 bytes are decrypted and compared to 0xB1A1AC88 to check if password is correct before performing a decryption.RC4 cipher is used to encrypt or decrypt 0x300 (256 * 3 = 768) bytes (of arbitrary value).salt+password result is hashed using SHA1.A random salt of 32 bytes is generated ( RouterOS only populates the first 16 bytes, mistake?) (Fixed).If you have very large wordlist files, you can use parallel brute forcingĬargo run -release - bruteforce -i MikroTik-encrypted.backup -w wordlist.txt -p Header structure Plaintext version Size (byte)Įncrypted Magic 0xB1A1AC88 to verify if password is correct Pack all IDX and DAT files from a given directory in a plaintext backup cargo run - pack -d unpacked_backup -o MikroTik-plaintext.backup Bruteforceīruteforce the password of an encrypted backup using a wordlist fileĬargo run -release - bruteforce -i MikroTik-encrypted.backup -w wordlist.txt
Tools to encrypt/decrypt and pack/unpack RouterOS v6.13+ backup files Usage examples InfoĬargo run - info -i MikroTik.backup DecryptĬonvert an encrypted backup to a plaintext backupĬargo run - decrypt -i MikroTik-encrypted.backup -o MikroTik-plaintext.backup -p password EncryptĬonvert a plaintext backup to an encrypted backupĬargo run - encrypt -i MikroTik-plaintext.backup -o MikroTik-encrypted.backup -e AES -p password UnpackĮxtract all IDX and DAT files from a plaintext backup in a given directory cargo run - unpack -i MikroTik-plaintext.backup -d unpacked_backup Pack
0 kommentar(er)
