By Patrick Toomey
For whatever reason I have found myself needing to “decrypt” Cisco VPN client group passwords throughout the years. I say “decrypt” , as the value is technically encrypted using 3DES, but the mechanism used to decrypt the value is largely obfuscative (the cryptographic key is included in the ciphertext). As such, the encryption used is largely incidental, and any simplistic substitution cipher would have protected the group password equally well (think newspaper cryptogram).
I can’t pinpoint all the root reasons, but it seems as though every couple months I’m needing a group password decrypted. Sometimes I am simply moving a Cisco VPN profile from Windows to Linux. Other times I’ve been on a client application assessments/penetrations test where I’ve needed to gain access to the plaintext group password. Regardless, I inevitably find myself googling for “cisco group password decrypter”. A few different results are returned. The top result is always a link here. This site has a simple web app that will decrypt the group password for you, though it occurs server-side. Being paranoid by trade, I am always apprehensive sending information to a third party if that information is considered sensitive (whether by me, our IT department, or a client). I have no reason to think the referenced site is malicious, but it would not be in my best interest professionally not to be
paranoid security conscious, particularly with client information. The referenced site has a link to the original source code, and one can feel free to download, audit, compile, and use the provided tool to perform all of the decryption client-side. That said, the linked file depends on libgcrypt. That is fine if I am sitting in Linux, but not as great if I am on some new Windows box (ok, maybe I’m one of the few who doesn’t keep libgcrypt at the ready on my fresh Windows installs). I’ve googled around to see if anything exists that is more portable. I found a few things, including a link to a Java applet, but the developer seems to have lost the source code….. So, laziness won, and I decided it would be easier to spend 30 minutes to write my own cross-platform Java version than spend any more time on Google.
The code for the decrypter can be found on our github, here. I am not a huge fan of Java GUI development, and thus leveraged the incredible GUI toolkit built in to NetBeans. The referenced source code should compile cleanly in NetBeans if you want the GUI. If you simply want to decrypt group passwords with no dependencies you can run a command line version by compiling the “GroupPasswordDecrypter” class file. This file has zero dependencies on third-party libraries and should be sufficient for anyone that doesn’t feel compelled to use a GUI (me included).
As a quick example, I borrowed a sample encrypted group password from another server-side implementation . The encrypted group password we would like to decrypt is
Or, if you prefer the command line version
Hope it comes in handy!