Cracking Huawei HiSuite Backups
#1
Hello, i was wondering if someone knew how to crack the password of Huawei Backup files ?

I was trying to restore a backup from some years ago, and the HiSuite windows app tells me the password is wrong, so i looked inside the folder of the backup, and found the "backup.ini" file with this exact content:

[headerinfo]
hisuiteversion=13.0.0.310
backup_time=2022-11-24 19:21:22
isencypt=1
pwdtip=standard
mdataisencypt=1
manufacturer=HUAWEI
protuct_model=Honor Note10
phone_name=HONOR
phone_id=79b0ed82a522adcab8fa1ae0bc05f6f19892080d8c49e2f0af220d671bf0eba7
backupapp_version=2
image_iv=5201A9F0F4354A00A2FF0539B268C0E6
video_iv=17CD8B6A1F86C91F0C68C2034822FDF0
derivedSalt=BF195FA33AB62BA620EF6FB763D2DF21
pwdsalt_iv=4016FB165B505A2E3293162EFCCE5DB1
password=k6isSjWY9Gypqi27ls5x+ZuNnxMYS6OAq3FkclDo0PP+hsD1bTP5yc06J7t0GNkbs3gvLKieI/VUtnwRJvFd153cB+c0FQM62JkO5NhhMsB6JS/PYC5bA7a6vFZU4D17r/PpqxtCW/pLCpYCy3i5OcVEK2t16927b2NDvJ1rw3KsofPhAQ4+PwEfnXS1W+brmAETi/Mw+Gnq4L1ohrdUhAB2+Cl224GfIHG2fEmRYKworHxgNOgrD8sAaIq+ugFLhvioxqMuMnQh2ACRN8vdPbAPhHsgS/OWdcvmXLOL6NmqQU1Ee2ERhuE1b5FGtaDKD0hwSG5q/YPUTV0bSJnfCw==
pwdsalt=16DAA9FF666DDEE6BCA6B2E7B5BC7B8C66529B5DA81004815A12ECFFFC25FEA9EC995CC94C349A22ADE80F00BB2A248C
image_count=13885
video_count=572
[overview]
contact_info=
app_info=
system_info=


I tried to figure out what sort of hash it was but couldn't, the file also mention Initialization Vectors and Salts.

is there an haschcat method, that allows to add as parameter/values, the values from the "backup.ini" file ?

In order to help, i backedup a new folder with a new password, and tested it to see if the restauration worked, so i know it does.

Here is the content of the "backup.ini" file of the new backup, based on the password: Password123!!

[headerinfo]
hisuiteversion=14.0.0.320
backup_time=2024-02-15 06:18:02
isencypt=1
pwdtip=standard
mdataisencypt=1
manufacturer=HUAWEI
protuct_model=Honor Note10
phone_name=HONOR
phone_id=79b0ed82a522adcab8fa1ae0bc05f6f19892080d8c49e2f0af220d671bf0eba7
backupapp_version=2
image_iv=CC28BEF0EE27B32B9F21746E2636ED07
derivedSalt=7B455F17A2B20BAB6647AFD84496061E
password=TpD2gJkr7AnARGpo05+Phlu29OOD/lPmbBNc6INCk4FthoA1MhZAPgbKpBM0vTqdcNDoRJLMieZp3rDBH/yLVLWrSbr0CJIXkoU1W0PmdMi0P4/Chv68MnpR/VG/I23uSjiX765cu2r5+YsBuJkmQ9B64L2kPLdj00VLYqZwUZs4Kaf7du2DxMy84v8MKM89U3DwsH58pfcsKIEi0FjKsrdvgAb4OkfdGLPqTyz9/KraeAXPers0JPFrGyq8EqTzoI7Txllc6VH+XWTu1ldNyJtT/louBLoJYq6SIlnkEWzrVMl3s1hHaa2LWRvvbG8t7hE+Hp5L7Ss0R6Htl5kZsw==
pwdsalt=98B8BC0FB64F6A0E6115725C2CF58DA73A0672C7C52005BD426246068AA7231A5930297125816AE6FD5F4EA601CC8028
pwdsalt_iv=119E7A3C74E46835E8DA17063A7A93FD
image_count=75
[overview]
contact_info=
app_info=
system_info=


How can i crack the password from the old backup ?

Thank you.


Attached Files
.jpg   hashcat1.jpg (Size: 86.38 KB / Downloads: 12)
Reply
#2
Hi!

i don't know if you have solved or not but i'm facing the same issue and here what i tried to do.

Using your new backup and your password i tried to reverse the process to find out what possibly hash Huawei is using. 

Quote:based on the password: Password123!!
Quote:hash: TpD2gJkr7AnARGpo05+Phlu29OOD/lPmbBNc6INCk4FthoA1MhZAPgbKpBM0vTqdcNDoRJLMieZp3rDBH/yLVLWrSbr0CJIXkoU1W0PmdMi0P4/Chv68MnpR/VG/I23uSjiX765cu2r5+YsBuJkmQ9B64L2kPLdj00VLYqZwUZs4Kaf7du2DxMy84v8MKM89U3DwsH58pfcsKIEi0FjKsrdvgAb4OkfdGLPqTyz9/KraeAXPers0JPFrGyq8EqTzoI7Txllc6VH+XWTu1ldNyJtT/louBLoJYq6SIlnkEWzrVMl3s1hHaa2LWRvvbG8t7hE+Hp5L7Ss0R6Htl5kZsw==

if you look closely, the most similar hash type is Juniper IVI (501)

But here's the problems:

1. Like i said the most similar hash is the Juniper but i'm not 100% sure
2. I tried using Hascat with this code
Code:
hashcat.exe -a 0 -m 501 C:\Users\NAME\Desktop\huaweihash.txt C:\Users\NAME\Desktop\password.txt
and the result is an error:
Quote:Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Hashfile 'C:\Users\NAME\Desktop\huaweihash.txt' on line 1 (TpD2gJ...WRvvbG8t7hE+Hp5L7Ss0R6Htl5kZsw==): Token length exception

* Token length exception: 1/1 hashes
  This error happens if the wrong hash type is specified, if the hashes are
  malformed, or if input is otherwise not as expected (for example, if the
  --username option is used but no username is present)

No hashes loaded.

so, what is the best solution?
Reply
#3
take a look at https://github.com/RealityNet/kobackupde...ckupdec.py

used these script back then when this was the only possibility to get a complete backup (with keyfiles) from huawei devices

a fast view of the code, seem the hash is some kind of  PBKDF2-HMAC-SHA256 or something similar

i would give the script a try
Reply
#4
(05-23-2024, 08:15 AM)Snoopy Wrote: take a look at https://github.com/RealityNet/kobackupde...ckupdec.py

used these script back then when this was the only possibility to get a complete backup (with keyfiles) from huawei devices

a fast view of the code, seem the hash is some kind of  PBKDF2-HMAC-SHA256 or something similar

i would give the script a try

yeah, already tried that script but it only work if you know the password unfortunately.
do you think it's a PBKDF2-HMAC-SHA256 hash? which one of all of those? 😅
Reply