FDEU-CVE-2021-525A

Summary

D-Link credentials decryption tool poc.

Tech details

This tools is used to decrypt credentials stored in some Dlink routers.

Custom encryption

The original research was done during Cgates D-Link DIR-825AC router analysis. Read more: FDEU-CVE-2021-2F01

In order to create a decryption tool you have two options:

1. disassemble the code and reverse enginneer the algorithm
2. re-use the stock binary code to perform decryption for you

The 1) method is very good for academic reasons and may end up as a beautiful write-up, but sometimes it may take a lot of wasted time. In our case we took 2) approach as we only needed a quick proof of concept for a week hardcoded crypto.

Code

The code is just a few lines and is hosted in a separate repo:

https://github.com/full-disclosure/FDEU-CVE-2021-525A

Examples

96f6e6cab3c87a5c5c419aa7208711f6:admin
92f000a7fdc6857fddfb67912ae1f158:admi01
b32c2f797761deaa7ecb0eba6de06a93:a
0ccfa27563fe46641a69711be8d6df1e:dlinkpwned
85d1855f861062da50deea1eaeaeaee51d63798a4ceca7fb98701f3cad2a20db:fulldisclosure.eu

Timeline

2021-01-04 - initial research and poc
2021-07-09 - full disclosure