Cisco Business Dashboard uses a Java VM to run its code. The reverse engineering process of the passwords management component shows the following working scheme:
- Take a base64 encoded string as input
- Decode the base64 encoded string, it gives an encrypted payload
- Use a static key "Who1sy0urDaddy?!" that is hashed using SHA512 algorithm
- From hash result (which is 64 bytes long), the first 16 bytes of the result is then used as the AES encryption key
- An AES-128-CBC decryption is performed to obtain the original data
The code was tested using Debian Buster. List of prerequisites:
- gcc
- libtomcrypt-dev
In order to compile the code, invoke the following command: gcc decrypt_cbd_password.c -o decrypt_cbd_password -ltomcrypt
Simply run the compiled program and issue the base64 encoded string (as shown in the JSON configuration of the device inside the CBD).