Huawei Safebox

[dekao]

Hello guys, does anyone know what hash type are used in the Huawei Safebox function on Android Huawei devices?
Is it the 4711 (Huawei sha1(md5($pass).$salt)) can anyione tell?
The datebase msb.db holds the hash safe.

Best

[buka]

Hello guys, does anyone know what hash type are used in the Huawei Safebox function on Android Huawei devices?
Is it the 4711 (Huawei sha1(md5($pass).$salt)) can anyione tell?
The datebase msb.db holds the hash safe.

Best

They rolled up their own encryption scheme for this. I recently recovered two passwords from two "Safes" from an old Huawei Honor 6X after much reverse engineering.

[Bielecki]

I recently recovered two passwords from two "Safes" from an old Huawei Honor 6X after much reverse engineering.

Hi, would you mind sharing your experience? 

I have a backup of the safe with a lost password from a Huawei P10 Lite. I still have the device, but it has been already factory reset - still recognises the safe though. I've pulled the apk, decompiled it and found some clues about db structure and encryption methods, but as I'm more of a sysadmin than a programmer, I've got pretty stuck while applying that knowledge to hashcat.

Thanks in advance

[buka]

I recently recovered two passwords from two "Safes" from an old Huawei Honor 6X after much reverse engineering.

Hi, would you mind sharing your experience? 

I have a backup of the safe with a lost password from a Huawei P10 Lite. I still have the device, but it has been already factory reset - still recognises the safe though. I've pulled the apk, decompiled it and found some clues about db structure and encryption methods, but as I'm more of a sysadmin than a programmer, I've got pretty stuck while applying that knowledge to hashcat.

Thanks in advance

It has nothing to do with hashcat. Hashcat doesn't support this. What's your DB structure? Did you get msb.db at all?

[Bielecki]

I recently recovered two passwords from two "Safes" from an old Huawei Honor 6X after much reverse engineering.

Hi, would you mind sharing your experience? 

I have a backup of the safe with a lost password from a Huawei P10 Lite. I still have the device, but it has been already factory reset - still recognises the safe though. I've pulled the apk, decompiled it and found some clues about db structure and encryption methods, but as I'm more of a sysadmin than a programmer, I've got pretty stuck while applying that knowledge to hashcat.

Thanks in advance

It has nothing to do with hashcat. Hashcat doesn't support this. What's your DB structure? Did you get msb.db at all?

Yes, I have a full safebox, including files and msb.db. DB structure goes like this (column,comment (mine)):

Code:

_id,MyInfo
wt,workType
wf1,workInfo1
wf2,workInfo2
wf3,workInfo3
qd,qtId First question ID (100 if custom)
st,salt (?)
ct,createTime
cp,createrType
cd,createrId
op,originPos (?)
al,Safe name (alias)
ut,userId
cq,First question in cleartext (null if not custom)
awt,?
es1,encryptSalt1
es2,encryptSalt2
qd2,qtId2 Second question ID (100 if custom)
cq2,Second question in cleartext (null if not custom)
qt,qt (?)

[buka]

Okay. So, I found that only these four fields participated in hashing the password: workInfo1, workInfo2, salt, and encryptSalt1.

SELECT wf1, wf2, st, es1 FROM mf;

Do you know whether your password was human-generated or random?

[buka]

If you create a new safe with a known password and give me those values, I'll be able to verify whether my method works for your phone or not.

[Bielecki]

Okay. So, I found that only these four fields participated in hashing the password: workInfo1, workInfo2, salt, and encryptSalt1.

SELECT wf1, wf2, st, es1 FROM mf;

Do you know whether your password was human-generated or random?

Unfortunately I don't remember.

I have created a safe, the password is "hashcat1", this is my DB:

Code:

wf1|0874e1b1508ee50b30e0a0ca2b8a1c70665d9a6248790cc6
wf2|7924e4c2a0637af4d8269f15d096f0b32d16c33be14dae67afaaae5ede71809d28aa6df5f4912ddd5c710e5c1857bf2d
st|9b13ae95829b2b6832177ee55deba59737ecc51bdfc44392ae35281b401468fe
es1|a92c2d93815090e60cd83c1c9ff54f4b2fb44f363cb00a3efd61789b16f6a754aeb0989c9e8b468c4ad6dd1ba74bc4f184dcdb2b9e5281b314bebc063fbe8d80a3f0f12ce91839c7b1762df1404e6794

[buka]

I have created a safe, the password is "hashcat1", this is my DB:

Code:

wf1|0874e1b1508ee50b30e0a0ca2b8a1c70665d9a6248790cc6
wf2|7924e4c2a0637af4d8269f15d096f0b32d16c33be14dae67afaaae5ede71809d28aa6df5f4912ddd5c710e5c1857bf2d
st|9b13ae95829b2b6832177ee55deba59737ecc51bdfc44392ae35281b401468fe
es1|a92c2d93815090e60cd83c1c9ff54f4b2fb44f363cb00a3efd61789b16f6a754aeb0989c9e8b468c4ad6dd1ba74bc4f184dcdb2b9e5281b314bebc063fbe8d80a3f0f12ce91839c7b1762df1404e6794

Okay, it works. I'll prepare and post a Hashcat plugin soon, so you'll be able to try any attacks Hashcat supports.

[buka]

You can download the plugin here: https://mega.nz/file/dhtSXCCT#ak33hjPPBy...M0I8XbKa9Q

The generic mode (-m 74000) is new, so you also need a beta version of Hashcat. Download it here:
https://hashcat.net/beta/

Prepare your hash like this: join the wf1, wf2, st, es1 values (in this order) using '*' as a separator:

Code:

0874e1b1508ee50b30e0a0ca2b8a1c70665d9a6248790cc6*7924e4c2a0637af4d8269f15d096f0b32d16c33be14dae67afaaae5ede71809d28aa6df5f4912ddd5c710e5c1857bf2d*9b13ae95829b2b6832177ee55deba59737ecc51bdfc44392ae35281b401468fe*a92c2d93815090e60cd83c1c9ff54f4b2fb44f363cb00a3efd61789b16f6a754aeb0989c9e8b468c4ad6dd1ba74bc4f184dcdb2b9e5281b314bebc063fbe8d80a3f0f12ce91839c7b1762df1404e6794

An example attack (use safebox.dll instead of safebox.so if you're on Windows):

Code:

$ ./hashcat -m 74000 safebox.hash --bridge-parameter1 /path/to/safebox.so -a 3 hash?l?l?l?d

hashcat (v7.1.2-73-gb2d231a2c) starting

Assimilation Bridge
===================
* Unit #01 -> #04: Rust [safebox.so]

CUDA API (CUDA 12.9)
====================
* Device #01 -> #04: NVIDIA GeForce RTX 3050, 7336/7831 MB, 20MCU

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Minimum salt length supported by kernel: 0
Maximum salt length supported by kernel: 256

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Optimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force

Watchdog: Temperature abort trigger set to 90c

Host memory allocated for this attack: 513 MB (22419 MB free)

0874e1b1508ee50b30e0a0ca2b8a1c70665d9a6248790cc6*7924e4c2a0637af4d8269f15d096f0b32d16c33be14dae67afaaae5ede71809d28aa6df5f4912ddd5c710e5c1857bf2d*9b13ae95829b2b6832177ee55deba59737ecc51bdfc44392ae35281b401468fe*a92c2d93815090e60cd83c1c9ff54f4b2fb44f363cb00a3efd61789b16f6a754aeb0989c9e8b468c4ad6dd1ba74bc4f184dcdb2b9e5281b314bebc063fbe8d80a3f0f12ce91839c7b1762df1404e6794:hashcat1
                                                          
Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 74000 (Generic Hash [Bridged: Rust])