Forgot Password.... Help

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2
Author Message
jmh9072
DD-WRT Guru


Joined: 04 Sep 2007
Posts: 800
Location: Ohio

PostPosted: Sun Aug 03, 2008 0:40    Post subject: Reply with quote
soulstace wrote:
There's no reason to store the salt separate (in another variable) from the hashed result.

Maybe one is the crypt password, and the other is MD5.

Crypt hashes are short. MD5 hashes are long and you will see $ to designate that it is in fact MD5 and separated the salt from the hash.

Oh. Duh!

I must have read an incorrect explanation about encryption functions in dd-wrt in another thread. Thanks for clearing that up.

_________________
WRT54G v3 - v24 r14471M NEWD Eko - AP
WRT350N v1.0
WRT600N v1.1 - halfway there!
Se7en is Darker...
Sponsor
soulstace
DD-WRT Guru


Joined: 04 Aug 2007
Posts: 6427

PostPosted: Sun Aug 03, 2008 0:52    Post subject: Reply with quote
No problem, it's easy to get mixed up with this stuff.

At this point I can't really remember if I reset the router after upgrading to SP1. I'm pretty sure I did, because I don't use the default password and dd-wrt asked me to change it on first boot.

But if you don't use default password and then upgrade without resetting, I think dd-wrt will automatically rehash it with MD5 and maybe store the old crypted password too. I could be wrong though..
cdkiller
DD-WRT User


Joined: 26 Jun 2007
Posts: 262
Location: Trinidad & Tobago

PostPosted: Sun Aug 03, 2008 1:13    Post subject: Reply with quote
Hey you mind if I ask wtf is salt? lol.
_________________
[everything is to be replicate]
soulstace
DD-WRT Guru


Joined: 04 Aug 2007
Posts: 6427

PostPosted: Sun Aug 03, 2008 1:18    Post subject: Reply with quote
Without a salt, if you run the same password through crypt or MD5 algorithm twice in a row, it will always produce the same result.

Using a salt prevents that. When you add salt to the equation, the same password hashed with different salt will likely produce two totally different results.

This helps prevent password cracking based on certain methods such as rainbow tables. And, when used properly, it also helps prevent someone from looking into the /etc/passwd or /etc/shadow files and see that two users have the same password.
cdkiller
DD-WRT User


Joined: 26 Jun 2007
Posts: 262
Location: Trinidad & Tobago

PostPosted: Sun Aug 03, 2008 1:36    Post subject: Reply with quote
Oh salt is like a key then but where it got the name salt from? Why salt? lol.
_________________
[everything is to be replicate]
soulstace
DD-WRT Guru


Joined: 04 Aug 2007
Posts: 6427

PostPosted: Sun Aug 03, 2008 1:59    Post subject: Reply with quote
I dunno where the term salt comes from :lol:

Keys are generally kept secret though. Salt can be left in the clear.
sztifler22
DD-WRT Novice


Joined: 25 Oct 2008
Posts: 2

PostPosted: Sat Oct 25, 2008 15:43    Post subject: Solved! Reply with quote
Hi everyone,

I changed my password in DD-WRT, and after that I wasn't able to log onto the gui anymore, but I still could telnet into the box. I managed to solve the problem, on my device at least.

What I did:

1. nvram get http_username
2. nvram get http_passwd

you'll get something like this back:
$1$Gx8FUhIl$.z7iEztD2uBp3ioztn22T1

The salt is: $1$Gx8FUhIl$

to get back the remaining part of the password/username I used a small script below:
(on an another linux box of course)

more test.php
#!/usr/bin/php

<?php
print crypt('admin', '$1$Gx8FUhIl$')."\n";

?>

If you start it you'll get something like this back:

$1$Gx8FUhIl$EBGajOJoX0pktF781blQ3.

Load this into your nvram (http_username+http_pass) and you should be able to log on to dd-wrt.

nvram set http_username='$1$Gx8FUhIl$EBGajOJoX0pktF781blQ3.'
nvram set http_passwd='$1$Gx8FUhIl$EBGajOJoX0pktF781blQ3.'

I also loaded it into newhttp_passwd I don't know if it makes sense.

After this you should be able to log on with admin/admin (user/pass).

I'm using dd-wrt v24 sp1.

Cheers,
Kornel Kovacs
deckardpt
DD-WRT Novice


Joined: 13 Feb 2008
Posts: 5

PostPosted: Sat Oct 25, 2008 18:41    Post subject: Default Password on whr-g54s dd-wrt24-sp1 Reply with quote
Hi m8s!

I just flashed my buffalo whr-g54s with dd-wrt24sp1 and i didn't changed the default password. Now i've tried root/admin and it doesn't work.

any ideas?

deckard
Murrkf
DD-WRT Guru


Joined: 22 Sep 2008
Posts: 12675

PostPosted: Sat Oct 25, 2008 18:45    Post subject: Re: Default Password on whr-g54s dd-wrt24-sp1 Reply with quote
deckardpt wrote:

any ideas?



You typed wrong. Or you didn't do the 30-30-30 reset after flashing.

telnet in and try those passwords...

_________________
SIG:
I'm trying to teach you to fish, not give you a fish. If you just want a fish, wait for a fisherman who hands them out. I'm more of a fishing instructor.
LOM: "If you show that you have not bothered to read the forum announcements or to follow the advices in them then the level of help available for you will drop substantially, also known as Murrkf's law.."
soulstace
DD-WRT Guru


Joined: 04 Aug 2007
Posts: 6427

PostPosted: Sat Oct 25, 2008 21:36    Post subject: Reply with quote
@sztifler22,
nice hack, but since you already had telnet access you could've just used the setuserpasswd command Razz
sztifler22
DD-WRT Novice


Joined: 25 Oct 2008
Posts: 2

PostPosted: Sun Oct 26, 2008 8:57    Post subject: Reply with quote
soulstace,
You don't say that there is a command for that? I was working for an hour to fix this yesterday... Smile
Thanks anyway.
Goto page Previous  1, 2 Display posts from previous:    Page 2 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum