RouterOS-Backup-Tools
Tools to encrypt/decrypt and pack/unpack RouterOS v6.13+ backup files
Warning
User password format
ROS v6.45.1+ removed insecure password storage, so they cannot be extracted with extract_user.py
any more.
Usage examples
Info
./ROSbackup.py info -i MikroTik.backup
Decrypt
Convert an encrypted backup to a plaintext backup
./ROSbackup.py decrypt -i MikroTik-encrypted.backup -o MikroTik-plaintext.backup -p password
Encrypt
Convert a plaintext backup to an encrypted backup
./ROSbackup.py encrypt -i MikroTik-plaintext.backup -o MikroTik-encrypted.backup -e AES -p password
Unpack
Extract all IDX and DAT files from a plaintext backup in a given directory
./ROSbackup.py unpack -i MikroTik-plaintext.backup -d unpacked_backup
Pack
Pack all IDX and DAT files from a given directory in a plaintext backup
./ROSbackup.py pack -d unpacked_backup -o MikroTik-plaintext.backup
Rest Password
Rest password to default:
- rename the original backup to
MikrotikOriginBackUp.backup
- reset MikroTik router (be sure to have a backup of the current configuration )
- make backup for the router with name
default.backup
- copy
MikrotikOriginBackUp.backup
anddefault.backup
to working directory - Execute
./ROSbackup.py resetpassword -i MikrotikOriginBackUp.backup -d default.backup -o MikrotikNewBackup.backup
- restore MikroTik router with
MikrotikNewBackup.backup
Now you can login with the default password!
Bruteforce
Bruteforce the password of an encrypted backup using a wordlist file
./ROSbackup.py bruteforce -i MikroTik-encrypted.backup -w wordlist.txt
If you have very large wordlist files, you can use parallel brute forcing
./ROSbackup.py bruteforce -i MikroTik-encrypted.backup -w wordlist.txt -p
On an Intel Xeon E3-1505M v6 @ 3.00GHz with 5 milion passwords:
- Sequential: 45 seconds
- Parallel: 12 seconds
(The correct password was the latest)
You can try the rust version, it should be faster: routerosbackuptools
Extract Users
To extract Users and Password from .dat file
./extract_user.py unpacked_backup/user.dat
Header structure
Plaintext version
Size (byte) | Type | Name | Description |
---|---|---|---|
4 | Unsigned LE Int | Magic | 0xB1A1AC88 |
4 | Unsigned LE Int | File size | length in bytes |
Encrypted version (RC4)
Size (byte) | Type | Name | Description |
---|---|---|---|
4 | Unsigned LE Int | Magic | 0x7291A8EF |
4 | Unsigned LE Int | File size | length in bytes |
32 | Byte array | Salt | Random salt added to password |
4 | Unsigned LE Int | Magic check | Encrypted Magic 0xB1A1AC88 to verify if password is correct |
Encryption setup
- A random salt of 32 bytes is generated (
RouterOS only populates the first 16 bytes, mistake?) (Fixed) - The password is appended to the salt
- salt+password result is hashed using SHA1
- RC4 cipher is keyed with the SHA1 hash
- RC4 cipher is used to encrypt or decrypt 0x300 (256 * 3 = 768) bytes (of arbitrary value)
- The first 4 bytes are decrypted and compared to 0xB1A1AC88 to check if password is correct before performing a decryption
Encrypted version (AES128-CTR)
RouterOS v6.43+ only
Size (byte) | Type | Name | Description |
---|---|---|---|
4 | Unsigned LE Int | Magic | 0x7391A8EF |
4 | Unsigned LE Int | File size | length in bytes |
32 | Byte array | Salt | Random salt added to password |
32 | Byte array | Signature | SHA256 HMAC |
4 | Unsigned LE Int | Magic check | Encrypted Magic 0xB1A1AC88 to verify if password is correct |
Encryption setup
- A random salt of 32 bytes is generated
- The password is appended to the salt
- salt+password result is hashed using SHA256
- AES128-CTR cipher is keyed with the first half of the SHA256 hash
- CTR mode's nonce is initialized with the first half of the salt
- HMAC-SHA256 is keyed with the second half of the SHA256 hash
- AES cipher is used to encrypt or decrypt 16 bytes (of arbitrary value)
- The first 4 bytes are decrypted and compared to 0xB1A1AC88 to check if password is correct before performing a decryption
- The HMAC result is verified against what's stored in the file when performing a decryption
Body structure
In the body are saved all file pair with extension .idx and .dat inside /flash/rw/store/
For each file:
Size (byte) | Type | Name | Description |
---|---|---|---|
4 | Unsigned LE Int | Filename length | Filename length without extension (.idx .dat) |
Filename length | String | Filename | String without null byte terminator (and without extension .idx .dat) |
4 | Unsigned LE Int | IDX File size | length in bytes |
IDX File size | Byte array | IDX File | content of IDX file |
4 | Unsigned LE Int | DAT File size | length in bytes |
DAT File size | Byte array | DAT File | content of DAT file |
IDX file structure
The index file contains infos about each entry of DAT file.
For each entry:
Size (byte) | Type | Name | Description |
---|---|---|---|
4 | Signed Int | Entry Index | The position of this entry in the Webfig/Winbox list, if -1 it means the entry was deleted and it won't be shown on Webfig/Winbox. |
4 | Signed Int | Entry Size | The size of this entry in bytes |
4 | Signed Int | Unused | It's always 5 (but in net/devices.idx it's 6 and in port_lock.idx it's -1) for each entry |
Comments
- When you delete some config (in Webfig or Winbox), they are not really deleted, they are only disabled and hidden, so if you unpack your backup, you can still recover them
Dependences
- argparse
- pyca/cryptography
Rust version
A friend of mine rewrote this tool in rust: https://github.com/marcograss/routerosbackuptools