Recovery of passwords from Draytek Vigor routers

Recently, I needed to recover a DSL password that only persisted in an old  router (Draytek Vigor 2500/We). Since the web interface only shows the username, I tried the backup feature that dumps the entire configuration to a file that you can download. Unfortunately, this data comes in an encrypted form… which makes an excellent exercise for a student of computer science.

Dear Draytek developers: Before implementing code related to crypto, you’d better get basic knowledge of cryptography and cryptanalysis. I don’t know if you  have used a secure encryption algorithm, but it was used in ECB mode with a block length of one byte… which makes it degenerate to a simple substitution cipher that can be easily broken, no matter how secure the underlying encryption function is.

I created a codebook holding all pairs of letters and their encrypted counterparts by simply changing a random setting in the web interface, looking at the diff between this version and the previous one with VBinDiff (Ubuntu package: vbindiff)  and writing down the encrypted version of the characters I previously entered. Download the codebook: vigorcrypt (Syntax: character, ASCII-Code (hex), encrypted (hex)).

Afterwards, a small Python script did the job of decrypting a dump file. It changes all characters for which no entry in the dictionary exists to null bytes and decrypts all others.

#!/usr/bin/env python

lookup = [0] * 256

for line in file('vigorcrypt.txt', 'r'):
	line = line.split('\t')
	if len(line) == 3:
		if lookup[int(line[2], 16)] != 0:
			print 'Duplicate ciphertext found in line: ', line
		lookup[int(line[2], 16)] = int(line[1], 16)

infile = file('config.cfg','rb')
data = infile.read()
infile.close()

outfile = file('config_decrypted.cfg','wb')
for i in range(len(data)):
	outfile.write(chr(lookup[ord(data[i])]))
outfile.close()

22 thoughts on “Recovery of passwords from Draytek Vigor routers

  1. Have you tried this against any other Drayteks? I’ve got a 2820 config file and this decodes to gibberish using the above method. It may be my implementation though (using C)!

  2. No, I only tried my program with a 2500/We box.

    If you want to find out whether your program is broken, use my script on your config file. As I said in the text, all characters which are not in the vigorcrypt file are substituted with null characters, so it is perfectly normal to find gibberish in the processed file. The parts where the passwords are stored, however, should be plain text, though.

  3. Hi,

    Sadly it looks like Draytek have beefed up their encryption for the 2820 series and the smallest change in the configuration results in a very different backup config. I think there may be a little random salt in the header of the file which is them applied to the main config, but it’s not a simple substitution anymore 🙁

  4. If a small change alters large parts of the file, they have switched from ECB mode to something different. Cryptanalysis won’t be as easy as before… Good luck and tell me if you succeed 🙂

  5. Hi all,

    I have just cracked the real “sh*t-cryption” algorithm & also compression for config (and firmware 🙂 ) of modern Draytek SOHO routers (only tested on 2710, 2820, 2830, but all other V2*** DrayOS-based MIPS boxes should probably be OK).

    It was a piece of cake 🙂

    I don’t want to spoil the fun for you guys, if you want to solve the puzzle on your own,
    but if anyone asks, I will surely publish my results.

    ammonium ат mail dот ru

  6. And the most amazing thing is that there IS an undocumented way to get an unencrypted config file from the router, so you can get the whole substitution table in no time, or just backup your configuration (it’s still compressed so you may not find your password there if it had really low entropy).

    But that’s too easy and solves the problem for only one particular model.
    If you have some patience and go deeper, you can grab the universal algorithm and also the key derivation function.

  7. All the tea in China kind kind sirfor details on how to strip the password from 2820.cfg. I have no hope in hell of doing any of the funky stuff you just mentioned. We were totally held to ransomed by a networking company and they have refused to give us the password for our 2820.

  8. Hi I am trying to get hold of a way to read an old dsl password form a draytek 2820, AMMOnium can you let me know what the method was for getting the unencryted config file from the router ?

  9. An easier way that certainly works on the vigour 2820, as I’ve just done it, is to view the frame source code. Search for your user name, and it will be a little further along.

  10. I really need someones help in getting the password for my Draytek 2820.
    I do not want to reset it as there are a large number of settings that took me a long time to implement.

    I have a config file from a backup and a mac that runs python i just need a step by step plan of action as to how to run what needs to be run and where i need to put the script file and the config file on my mac

    Regards

    Alan

  11. Hi..

    Thanks for all the good work guys!
    I am trying to get the cfg files but i got permission denied when i try to connect via ftp 192.168.1.1
    The router is a draytek vigor 2820 adsl2+ security firewall and i think the issue here is the firewall of router right?
    I did everything like AMMOnium said in his config tutorial..
    appreciate a feedback

    thanks in advanced
    richard

  12. This method does not work any more; it wasn’t supported since some years ago due to a change in the products and firmware.

  13. I need to retrive the user name and passworsd for a Vigor 2820 Router that was installed approximately 4 years ago — installer is long gone and I can find no record of either.

    Many thanks

    M

  14. I’d like to get IPSec PSKs of my Vigor 2600Gi. I’m able to get everything – provider credentials, admin password, PSKs of entry2,3,4 aso – except the PSK of entry1.The PSK is supposed to be around offset 6500, but the string is fragmented into thousands of pieces and I don’t know how it has to be put together. Any idea? I adapted vigorcrypt to my needs. http://pastebin.com/4YvZGsB9
    AMMOnium’s script doesn’t support 2600. produced just gibberish

  15. Hey,

    I have a Vigor 2710 and for some reason when trying to do this method of password recovery I fail. I someone could kindly give my a detailed tutorial (maybe even a YouTube video) it would be greatly appreciated! Please keep in mind that I am not very good a Python coding or any coding for that matter, I just keep forgetting my router password and I think this would help.

    Regards,

    David

Leave a Reply

Your email address will not be published. Required fields are marked *