I've posted the updated UCOS Password Decrypter to the site. If you click "Select Host", it will ask for the target system hostname, remote user and passphrase. Although it won't work with systems patched since earlier this year, it should still be useful for some.
https://www.adhdtech.com/uctools.html Good news is that I found another method for extracting the files that works even with newer systems. Tested it last night with a non-rooted, bone stock 12.0(1)su2 install; works beautifully. Will try to get it out in time for Christmas. 😊 ________________________________ From: cisco-voip <cisco-voip-boun...@puck.nether.net> on behalf of Pete Brown <j...@chykn.com> Sent: Friday, December 7, 2018 10:19 AM To: Daniel; cisco-voip@puck.nether.net Subject: Re: [cisco-voip] Recovering UCOS Passwords - Round 281 Sure enough, this round goes to our friends in Boxborough. They're using the same algorithm as before, but now they're also encrypting the passphrase with RSA. Unless the RSA private key fairy brings me something for Christmas, this route will be closed with updates. That truly would be a gift that keeps on giving! 😊 For labs, there may be a workaround. Try booting the UC host to a Linux CD and overwriting the following file with an older copy. Then it should spit out a traditional passphrase when you create the remote account. /usr/local/platform/bin/remotesupport_createaccount Would probably be easiest to pull it from the RPM on an ISO. This is the path on a 12.0.1.10000-10 disk. \Cisco\ucplatform\RPMS\platform-remotesupport-2.0.0.1-3.i386.rpm ________________________________ From: cisco-voip <cisco-voip-boun...@puck.nether.net> on behalf of Pete Brown <j...@chykn.com> Sent: Thursday, December 6, 2018 9:00 PM To: Daniel; cisco-voip@puck.nether.net Subject: Re: [cisco-voip] Recovering UCOS Passwords - Round 281 Interesting! Any documentation on that? I checked out the release notes for those versions and didn't come across anything pertaining to the remote support passphrase decode version. Then again, I wouldn't be surprised if they didn't put this specific one in the notes. If anyone comes across this, please let me know. If it's just an algorithm change, I imagine it would be Decode Version 4. ________________________________ From: Daniel <dan...@ohnesorge.me> Sent: Thursday, December 6, 2018 4:32 PM To: Pete Brown; cisco-voip@puck.nether.net Subject: Re: [cisco-voip] Recovering UCOS Passwords - Round 281 Whatever method you are using to decode the passphrase will be obsolete in versions 10.5(2)su7, 11.5(1)su4 and 12.0(1)su2 (and above) as they are using a new method to decode the passphrase. On 6/12/18 5:33 am, Pete Brown wrote: I'm sure some of you noticed, but earlier this year Cisco started releasing patches to kill off the last sanctioned method of getting to platformConfig.xml. When you run "utils create report platform" on recent versions, it's no longer in the report. Someone in Boxborough really knows how to put the "cus(s)" in "customers"! https://quickview.cloudapps.cisco.com/quickview/bug/CSCvh62145<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fquickview.cloudapps.cisco.com%2Fquickview%2Fbug%2FCSCvh62145&data=02%7C01%7C%7C3cd076d65d084cfec4cf08d65c5fdcc8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636797964125048625&sdata=lAIgqqoqPBoqZHGDBQuHxqAXViV%2F1ZczIhsktuc%2BqDA%3D&reserved=0> I'm testing a new version of the UCOS Password Decrypter that acquires the file for you. To use this feature, you enable remote support on your UCOS host then plug in the UCOS host IP, remote support user and remote support passphrase. The app decodes the passphrase, pulls the file via SSH and displays the passwords. Need a few volunteers to test before I update the tools page. If you're interested, let me know. Would post a temp link here but I don't want yet another dead link floating around. -Pete _______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-voip<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7C3cd076d65d084cfec4cf08d65c5fdcc8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636797964125048625&sdata=eeLWvAmi1Ti3AF7PnY%2BrRbG%2FuSko9XDizgn5Guc3fsk%3D&reserved=0>
_______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
