Cisco uses relatively weak encryption to protect user and group passwords in a PCF file, and HAL-9000 of evilscientists.de discovered and posted the algorithm. This page uses cisco-decrypt.c written by Maurice Massar for the decryption.
Reference: Cisco Security Notice: Cisco IPsec VPN Implementation Group Password Usage Vulnerability
You can find the encrypted password by opening a PCF file and taking everything on the line after enc_GroupPwd= or enc_UserPassword=. For example with the following line
enc_GroupPwd=9196FE0075E359E6A2486905A1EFAE9A11D652B2C588EF3FBA15574237302B74C194EC7D0DD16645CB534D94CE85FEC4
The encrypted password would be:
9196FE0075E359E6A2486905A1EFAE9A11D652B2C588EF3FBA15574237302B74C194EC7D0DD16645CB534D94CE85FEC4
Enter the encrypted user or group password in the field below and press the Decode button to decrypt the password.
lilian Says:
Dmitry Says:
MAK Says:
Derek Brown Says:
Andy Says:
Joe Says:
mister Says:
marco Says:
iPhone User Says:
iPhone Says:
Mustafa Gökhan Kurt Says:
DY Says:
schmuk Says:
January 30th, 2009 at 4:20 am
Thanks !
It works perfectly !
February 13th, 2009 at 10:01 am
Cheers, your VPN set up guide and VPN password decryption is as laconic as effective! Set up my VPN connection in 3 minutes
March 19th, 2009 at 1:29 am
Thanks a million ..
April 15th, 2009 at 9:54 am
This is an absolute godsend. I am running Windows 7 x64, and since Cisco won't get with the times and offer a 64-bit IPSec VPN client, I am using a third party client from Shrew. The client works well enough, but there is no PCF import. Now I don't have to try and get the PSK from the remote party anymore, and can do my own version of a PCF import :)
April 17th, 2009 at 11:07 pm
@Derek – Cisco has no plans to offer a 64-bit IPSec client either, instead they're pushing people towards their SSL VPN option, AnyConnect.
April 20th, 2009 at 2:34 am
Brilliant. Saved hours of faffing around when setting up VPN on iPhone.
Cheers!
May 31st, 2009 at 7:26 am
[...] here to decrypt the password from vpn-uniwue.pcf here http://coreygilmore.com/projects/decrypt-cisco-vpn-password/ (you could also copy the encrypted password to the file above at [...]
June 9th, 2009 at 11:30 am
Thanks! This allowed me to setup my VPN on my IPhone where I cannot use the PCF file.
June 28th, 2009 at 10:37 pm
Jeremy or others that might be interested:
I have Cisco VPN software on home desktop to connnect to work. I can see my name but the password has asterisks. This is under group authentication. I used the decrypted password for group password. Now for Iphone cisco I also have a place for account and password. This is in addition to the group name and secret which I guess are the name that I could see and the decrypted password. I am not sure what to put in for the account and password.
July 12th, 2009 at 11:46 pm
this is def a godsend. I've tried all kinds of Google searches until i stumbled onto the algorithm w/o knowing how to implement it. This way is very user friendly :)
now I can finally use VPN on my iPhone!
cheers
July 19th, 2009 at 2:29 am
[...] password from a PCF (profile) file. Fortunately, I recalled this was particularly simple given this [coreygilmore.com] awesome [...]
July 28th, 2009 at 5:24 pm
Thanks a lot. It worked perfectly.
September 15th, 2009 at 1:32 pm
Thank you for making this decryption algorithm so easily accessible. You're a lifesaver for all of us with Cisco PCF files with encrypted "shared secret" passwords with IT staff not willing to share the secret.
September 18th, 2009 at 3:26 pm
[...] VPN on iPhone By jill I was having a little trouble setting up my iPhone to use VPN so I could connect to work… it needed something labeled "Secret" after the Group Name. Then I found this handy site which would decode the encoded group password from the .pcf file here. [...]
September 24th, 2009 at 1:54 pm
Worked like a charm, I did this before for my iPod Touch but then I didn't find this site and had to spend a lot more time breakning it. When it ws time for configuring the iPhone I couldn't find my notes with the pwd, some googling got me here and hey presto, simple and perfect!
October 8th, 2009 at 6:56 am
Hi there,
How can i encrypted my password for cisco vpn pcf file.
e.g
password : my password
encryped :905A1EFAE9A11D652B2C588EF3FBA15574237302B74C194EC7D0DD16645CB534D94CE85FEC4KJ5K6H5K6H5K65K6
decryped : my password
Could you please write me experience software or website.
Thanks in advanced.
October 12th, 2009 at 12:30 pm
[...] corey gilmore: Descifrar el secreto de una VPN Cisco Si tienes instalada la utilidad VPN Client de Cisco, y usas Snow Leopard, o iPhone OS 3.0, es posible utilizar el cliente nativo que proporcionan estos sistemas operativos si analizamos el contenido de los perfiles de conexión de cisco en <tt>/private/etc/opt/cisco-vpnclient/Profiles/</tt>, y seguimos las instrucciones de esta página. (tags: IT Mac OSX SnowLeopard Cisco VPNclient configuration password decryption) [...]
January 4th, 2010 at 10:17 pm
Thanks a lot. It works~~
January 21st, 2010 at 5:47 pm
AWSOME! needed to set up iPHONE coreygilmore=genius!