In the cambium cloud you can retrieve a config from a router, modify it and reapply it or make a template from it. All the passwords are “encrypted” so you can’t read what the WiFi password is for example.<\/p>\n\n\n\n
Example config line looks like<\/p>\n\n\n\n
WPAPSK1=[c760ba8ffe65c669]<\/pre>\n\n\n\nLooks like it uses some sort of des3 hex encryption.<\/p>\n\n\n\n
Fortunately there is a utility on the routers we can use to decrypt the encrypted string.<\/p>\n\n\n\n
First we need a router that we can SSH into.<\/p>\n\n\n\n
Info on the encryption<\/h2>\n\n\n\n
The Cambium router uses the 3des_hex utility to decrypt and encrypt strings<\/p>\n\n\n\n
It is located \/sbin\/3des_hex<\/p>\n\n\n\n
Decrypting a password<\/h2>\n\n\n\n
Decrypting is super easy. <\/p>\n\n\n\n
3des_hex -d \"c760ba8ffe65c669\"<\/pre>\n\n\n\nReplace the key with the key you want to decrypt.<\/p>\n\n\n\n
<\/p>\n\n\n\n
Encrypting a password<\/h2>\n\n\n\n
Not really sure if this would ever be needed, but you can use the -e option to encrypt a string<\/p>\n\n\n\n
3des_hex -e \"12345678\"<\/pre>\n\n\n\n<\/p>\n\n\n\n
<\/p>\n\n\n\n
More info.<\/p>\n\n\n\n
It looks like it needs the lib file “\/lib\/libuClibc-0.9.33.2.so”<\/p>\n\n\n\n
\/sbin\/3des_hex is where the main file is stored though.<\/p>\n\n\n\n
The config_manager.sh script in \/sbin has the functions that encrypt and decrypt the config lines.
<\/p>\n\n\n\nTMP_FILE=\"\/tmp\/tmp_cfg\"\nTMP_FILE2=\"\/tmp\/tmp_cfg2\"\nTMP_FILE_DECRYPT=\"\/tmp\/tmp_cfg_decrypt\"\nTMP_MFK_FILE=\"\/tmp\/multi_function_key.cfg\"\ndecrypt_key=\"asdfghjkl\";\nSNMP_DECRYPT_FILE=\"\/etc\/cambium\/cambium_default.decrypt\"\nDotFactoryFile=\"\/etc_ro\/DoNotFactory.name\"\n\n# when security encrypt enable , decrypt.\nhandle_file_dec()\n{\n local enc_enable=`dev_manage_stat_get has_config_enc`\n if [ \"$enc_enable\" != \"1\" ]; then\n return 0\n fi\n SecParamListFile=\"\/etc_ro\/ConfigFileSecParam\"\n [ -x \"\/sbin\/3des_hex\" ] || return 0\n [ -f $SecParamListFile ] || return 0\n [ -z \"$1\" ] && return 1\n awk -F '=' 'ARGIND==1{pname[$0]}ARGIND>1&&($1 in pname){print $0}' $SecParamListFile $1 > $1.tmp\n awk '{if($0~\/.+\\=\\[.*\\]\/){sub(\"\\=\",\"\\|\");print $0;}else{print $0}}' $1.tmp > $1.tmp1\n rm -f $1.tmp\n awk -F'|' '{if($2~\/\\[.*\\]\/){len=length($2);value=substr($2,2,len-2);while((\"3des_hex -d \\\"\"value\"\\\"\"|getline line)>0){printf(\"%s=%s\\n\",$1,line);}close(\"3des_hex -d \\\"\"value\"\\\"\");}else{print $0}}' $1.tmp1 > $1.tmp2\n rm -f $1.tmp1\n echo \"\" >> $1\n cat $1.tmp2 >> $1\n rm -f $1.tmp2\n}\n<\/pre>\n","protected":false},"excerpt":{"rendered":"In the cambium cloud you can retrieve a config from a router, modify it and reapply it or make a template from it. All the passwords are “encrypted” so you can’t read what the WiFi password is for example. Example … Continue reading