Huawei Backup

[pawgol]

I cannot help much. I just modified the python script to the code provided below. To use it it is necessary to manually obtain:
pwkey_salt
e_perbackupkey
checkMsg

from backup xml file.

In example below the password is mate20pro
Usage example:
$ python3 ./test.py mate20pro
success OK b'mate20pro'

$python3 ./test.py notworkingpassword
error BAD b'notworkingpassword'

You may need to install python3 and some python libraries to run this script.
Using this script you can run through a list of previously generated passwords.
Unfortunately I wasn't able to retrieve my password yet.

Code:

#!/usr/local/opt/python3

import argparse
import binascii
import pdb

from Crypto.Cipher import AES
from Crypto.Hash import SHA256
from Crypto.Hash import HMAC
from Crypto.Protocol.KDF import PBKDF2

parser = argparse.ArgumentParser()
parser.add_argument('password', help='user password for the backup')
args = parser.parse_args()
password = args.password.encode('utf-8')

#mate20pro
pwkey_salt = binascii.unhexlify('efeea84ac48d147eca3a6631e56da4d6c932cf7d1765fea8defdbf1f2235c12b')
e_perbackupkey = binascii.unhexlify('cbf97ca427de57e714e14c6709de190af5acd87333fb2932dfcddbe40c3b91f2de8c366dcfd5843442f6efd288e8a52e')
checkMsg = binascii.unhexlify('ea5abd671a5df174e85b89dca6e69f797c3b381bc95e21d5242908c30d92517acc21e5553be3dc5a1bcc16141e229471cd600e60eaa5fdb483e85f92d1458ead')

count = 5000
dklen = 32

def prf(p, s):
    return HMAC.new(p, s, SHA256).digest()

key_salt = pwkey_salt[:16]
key = PBKDF2(password, key_salt, dklen, count, prf)
nonce = pwkey_salt[16:]
#pdb.set_trace()
bkey = AES.new(key, AES.MODE_GCM, nonce).decrypt(e_perbackupkey)[:32]
salt = checkMsg[32:]
res = PBKDF2(bkey, salt, dklen, count, prf)
if res==checkMsg[:32]:
    print('success OK', password)
else:
    print('error BAD', password)