FDEU-CVE-2021-525A
Summary
D-Link credentials decryption tool poc.
Tech details
This tools is used to decrypt credentials stored in some Dlink routers.
Custom encryption
The original research was done during Cgates D-Link DIR-825AC router analysis. Read more: FDEU-CVE-2021-2F01
In order to create a decryption tool you have two options:
- disassemble the code and reverse enginneer the algorithm
- re-use the stock binary code to perform decryption for you
The 1) method is very good for academic reasons and may end up as a beautiful write-up, but sometimes it may take a lot of wasted time. In our case we took 2) approach as we only needed a quick proof of concept for a week hardcoded crypto.
Code
The code is just a few lines and is hosted in a separate repo:
https://github.com/full-disclosure/FDEU-CVE-2021-525A
Examples
96f6e6cab3c87a5c5c419aa7208711f6:admin 92f000a7fdc6857fddfb67912ae1f158:admi01 b32c2f797761deaa7ecb0eba6de06a93:a 0ccfa27563fe46641a69711be8d6df1e:dlinkpwned 85d1855f861062da50deea1eaeaeaee51d63798a4ceca7fb98701f3cad2a20db:fulldisclosure.eu
Timeline
2021-01-04 - initial research and poc 2021-07-09 - full disclosure