Cracking Huawei HiSuite Backups - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Support (https://hashcat.net/forum/forum-3.html) +--- Forum: hashcat (https://hashcat.net/forum/forum-45.html) +--- Thread: Cracking Huawei HiSuite Backups (/thread-11822.html) |
Cracking Huawei HiSuite Backups - crackhisuite - 02-15-2024 Hello, i was wondering if someone knew how to crack the password of Huawei Backup files ? I was trying to restore a backup from some years ago, and the HiSuite windows app tells me the password is wrong, so i looked inside the folder of the backup, and found the "backup.ini" file with this exact content: [headerinfo] hisuiteversion=13.0.0.310 backup_time=2022-11-24 19:21:22 isencypt=1 pwdtip=standard mdataisencypt=1 manufacturer=HUAWEI protuct_model=Honor Note10 phone_name=HONOR phone_id=79b0ed82a522adcab8fa1ae0bc05f6f19892080d8c49e2f0af220d671bf0eba7 backupapp_version=2 image_iv=5201A9F0F4354A00A2FF0539B268C0E6 video_iv=17CD8B6A1F86C91F0C68C2034822FDF0 derivedSalt=BF195FA33AB62BA620EF6FB763D2DF21 pwdsalt_iv=4016FB165B505A2E3293162EFCCE5DB1 password=k6isSjWY9Gypqi27ls5x+ZuNnxMYS6OAq3FkclDo0PP+hsD1bTP5yc06J7t0GNkbs3gvLKieI/VUtnwRJvFd153cB+c0FQM62JkO5NhhMsB6JS/PYC5bA7a6vFZU4D17r/PpqxtCW/pLCpYCy3i5OcVEK2t16927b2NDvJ1rw3KsofPhAQ4+PwEfnXS1W+brmAETi/Mw+Gnq4L1ohrdUhAB2+Cl224GfIHG2fEmRYKworHxgNOgrD8sAaIq+ugFLhvioxqMuMnQh2ACRN8vdPbAPhHsgS/OWdcvmXLOL6NmqQU1Ee2ERhuE1b5FGtaDKD0hwSG5q/YPUTV0bSJnfCw== pwdsalt=16DAA9FF666DDEE6BCA6B2E7B5BC7B8C66529B5DA81004815A12ECFFFC25FEA9EC995CC94C349A22ADE80F00BB2A248C image_count=13885 video_count=572 [overview] contact_info= app_info= system_info= I tried to figure out what sort of hash it was but couldn't, the file also mention Initialization Vectors and Salts. is there an haschcat method, that allows to add as parameter/values, the values from the "backup.ini" file ? In order to help, i backedup a new folder with a new password, and tested it to see if the restauration worked, so i know it does. Here is the content of the "backup.ini" file of the new backup, based on the password: Password123!! [headerinfo] hisuiteversion=14.0.0.320 backup_time=2024-02-15 06:18:02 isencypt=1 pwdtip=standard mdataisencypt=1 manufacturer=HUAWEI protuct_model=Honor Note10 phone_name=HONOR phone_id=79b0ed82a522adcab8fa1ae0bc05f6f19892080d8c49e2f0af220d671bf0eba7 backupapp_version=2 image_iv=CC28BEF0EE27B32B9F21746E2636ED07 derivedSalt=7B455F17A2B20BAB6647AFD84496061E password=TpD2gJkr7AnARGpo05+Phlu29OOD/lPmbBNc6INCk4FthoA1MhZAPgbKpBM0vTqdcNDoRJLMieZp3rDBH/yLVLWrSbr0CJIXkoU1W0PmdMi0P4/Chv68MnpR/VG/I23uSjiX765cu2r5+YsBuJkmQ9B64L2kPLdj00VLYqZwUZs4Kaf7du2DxMy84v8MKM89U3DwsH58pfcsKIEi0FjKsrdvgAb4OkfdGLPqTyz9/KraeAXPers0JPFrGyq8EqTzoI7Txllc6VH+XWTu1ldNyJtT/louBLoJYq6SIlnkEWzrVMl3s1hHaa2LWRvvbG8t7hE+Hp5L7Ss0R6Htl5kZsw== pwdsalt=98B8BC0FB64F6A0E6115725C2CF58DA73A0672C7C52005BD426246068AA7231A5930297125816AE6FD5F4EA601CC8028 pwdsalt_iv=119E7A3C74E46835E8DA17063A7A93FD image_count=75 [overview] contact_info= app_info= system_info= How can i crack the password from the old backup ? Thank you. RE: Cracking Huawei HiSuite Backups - nino - 05-22-2024 Hi! i don't know if you have solved or not but i'm facing the same issue and here what i tried to do. Using your new backup and your password i tried to reverse the process to find out what possibly hash Huawei is using. Quote:based on the password: Password123!! Quote:hash: TpD2gJkr7AnARGpo05+Phlu29OOD/lPmbBNc6INCk4FthoA1MhZAPgbKpBM0vTqdcNDoRJLMieZp3rDBH/yLVLWrSbr0CJIXkoU1W0PmdMi0P4/Chv68MnpR/VG/I23uSjiX765cu2r5+YsBuJkmQ9B64L2kPLdj00VLYqZwUZs4Kaf7du2DxMy84v8MKM89U3DwsH58pfcsKIEi0FjKsrdvgAb4OkfdGLPqTyz9/KraeAXPers0JPFrGyq8EqTzoI7Txllc6VH+XWTu1ldNyJtT/louBLoJYq6SIlnkEWzrVMl3s1hHaa2LWRvvbG8t7hE+Hp5L7Ss0R6Htl5kZsw== if you look closely, the most similar hash type is Juniper IVI (501) But here's the problems: 1. Like i said the most similar hash is the Juniper but i'm not 100% sure 2. I tried using Hascat with this code Code: hashcat.exe -a 0 -m 501 C:\Users\NAME\Desktop\huaweihash.txt C:\Users\NAME\Desktop\password.txt Quote:Minimum password length supported by kernel: 0 so, what is the best solution? RE: Cracking Huawei HiSuite Backups - Snoopy - 05-23-2024 take a look at https://github.com/RealityNet/kobackupdec/blob/master/kobackupdec.py used these script back then when this was the only possibility to get a complete backup (with keyfiles) from huawei devices a fast view of the code, seem the hash is some kind of PBKDF2-HMAC-SHA256 or something similar i would give the script a try RE: Cracking Huawei HiSuite Backups - nino - 05-23-2024 (05-23-2024, 08:15 AM)Snoopy Wrote: take a look at https://github.com/RealityNet/kobackupdec/blob/master/kobackupdec.py yeah, already tried that script but it only work if you know the password unfortunately. do you think it's a PBKDF2-HMAC-SHA256 hash? which one of all of those? 😅 |