+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Huawei Safebox (/thread-9885.html)
Huawei Safebox - dekao - 02-17-2021
Hello guys, does anyone know what hash type are used in the Huawei Safebox function on Android Huawei devices?
Is it the 4711 (Huawei sha1(md5($pass).$salt)) can anyione tell?
The datebase msb.db holds the hash safe.
Best
RE: Huawei Safebox - buka - 09-20-2024
(02-17-2021, 08:12 AM)dekao Wrote: Hello guys, does anyone know what hash type are used in the Huawei Safebox function on Android Huawei devices?
Is it the 4711 (Huawei sha1(md5($pass).$salt)) can anyione tell?
The datebase msb.db holds the hash safe.
Best
They rolled up their own encryption scheme for this. I recently recovered two passwords from two "Safes" from an old Huawei Honor 6X after much reverse engineering.
RE: Huawei Safebox - Bielecki - 07-28-2025
(09-20-2024, 04:57 PM)buka Wrote: I recently recovered two passwords from two "Safes" from an old Huawei Honor 6X after much reverse engineering.
Hi, would you mind sharing your experience?
I have a backup of the safe with a lost password from a Huawei P10 Lite. I still have the device, but it has been already factory reset - still recognises the safe though. I've pulled the apk, decompiled it and found some clues about db structure and encryption methods, but as I'm more of a sysadmin than a programmer, I've got pretty stuck while applying that knowledge to hashcat.
Thanks in advance
RE: Huawei Safebox - buka - 08-23-2025
(07-28-2025, 06:52 PM)Bielecki Wrote:It has nothing to do with hashcat. Hashcat doesn't support this. What's your DB structure? Did you get msb.db at all?(09-20-2024, 04:57 PM)buka Wrote: I recently recovered two passwords from two "Safes" from an old Huawei Honor 6X after much reverse engineering.
Hi, would you mind sharing your experience?
I have a backup of the safe with a lost password from a Huawei P10 Lite. I still have the device, but it has been already factory reset - still recognises the safe though. I've pulled the apk, decompiled it and found some clues about db structure and encryption methods, but as I'm more of a sysadmin than a programmer, I've got pretty stuck while applying that knowledge to hashcat.
Thanks in advance
RE: Huawei Safebox - Bielecki - 08-25-2025
(08-23-2025, 09:39 AM)buka Wrote:(07-28-2025, 06:52 PM)Bielecki Wrote:It has nothing to do with hashcat. Hashcat doesn't support this. What's your DB structure? Did you get msb.db at all?(09-20-2024, 04:57 PM)buka Wrote: I recently recovered two passwords from two "Safes" from an old Huawei Honor 6X after much reverse engineering.
Hi, would you mind sharing your experience?
I have a backup of the safe with a lost password from a Huawei P10 Lite. I still have the device, but it has been already factory reset - still recognises the safe though. I've pulled the apk, decompiled it and found some clues about db structure and encryption methods, but as I'm more of a sysadmin than a programmer, I've got pretty stuck while applying that knowledge to hashcat.
Thanks in advance
Yes, I have a full safebox, including files and msb.db. DB structure goes like this (column,comment (mine)):
Code:
_id,MyInfo
wt,workType
wf1,workInfo1
wf2,workInfo2
wf3,workInfo3
qd,qtId First question ID (100 if custom)
st,salt (?)
ct,createTime
cp,createrType
cd,createrId
op,originPos (?)
al,Safe name (alias)
ut,userId
cq,First question in cleartext (null if not custom)
awt,?
es1,encryptSalt1
es2,encryptSalt2
qd2,qtId2 Second question ID (100 if custom)
cq2,Second question in cleartext (null if not custom)
qt,qt (?)RE: Huawei Safebox - buka - 08-26-2025
Okay. So, I found that only these four fields participated in hashing the password: workInfo1, workInfo2, salt, and encryptSalt1.
SELECT wf1, wf2, st, es1 FROM mf;
Do you know whether your password was human-generated or random?
RE: Huawei Safebox - buka - 08-26-2025
If you create a new safe with a known password and give me those values, I'll be able to verify whether my method works for your phone or not.