Cisco uses relatively weak encryption to protect user and group passwords in a PCF file, and HAL-9000 of evilscientists.de discovered and posted the algorithm. This page uses cisco-decrypt.c written by Maurice Massar for the decryption.
Reference: Cisco Security Notice: Cisco IPsec VPN Implementation Group Password Usage Vulnerability
You can find the encrypted password by opening a PCF file and taking everything on the line after enc_GroupPwd= or enc_UserPassword=. For example with the following line
enc_GroupPwd=9196FE0075E359E6A2486905A1EFAE9A11D652B2C588EF3FBA15574237302B74C194EC7D0DD16645CB534D94CE85FEC4
The encrypted password would be:
9196FE0075E359E6A2486905A1EFAE9A11D652B2C588EF3FBA15574237302B74C194EC7D0DD16645CB534D94CE85FEC4
Enter the encrypted user or group password in the field below and press the Decode button to decrypt the password.
lilian Says:
Dmitry Says:
MAK Says:
Derek Brown Says:
Andy Says:
Joe Says:
mister Says:
marco Says:
iPhone User Says:
iPhone Says:
Mustafa Gökhan Kurt Says:
DY Says:
schmuk Says:
Mike Says:
tungsten2k Says:
sam Says:
Eric Says:
Amy Says:
aas Says:
Amlan Says:
Patrice Says:
Chris Says:
Gee Says:
dan Says:
offall Says:
Kerpal Says:
VoIPDee Says:
C Garrett Says:
Ludwig Says:
Jo Says:
January 30th, 2009 at 4:20 am
Thanks !
It works perfectly !
February 13th, 2009 at 10:01 am
Cheers, your VPN set up guide and VPN password decryption is as laconic as effective! Set up my VPN connection in 3 minutes
March 19th, 2009 at 1:29 am
Thanks a million ..
April 15th, 2009 at 9:54 am
This is an absolute godsend. I am running Windows 7 x64, and since Cisco won't get with the times and offer a 64-bit IPSec VPN client, I am using a third party client from Shrew. The client works well enough, but there is no PCF import. Now I don't have to try and get the PSK from the remote party anymore, and can do my own version of a PCF import :)
April 17th, 2009 at 11:07 pm
@Derek – Cisco has no plans to offer a 64-bit IPSec client either, instead they're pushing people towards their SSL VPN option, AnyConnect.
April 20th, 2009 at 2:34 am
Brilliant. Saved hours of faffing around when setting up VPN on iPhone.
Cheers!
May 31st, 2009 at 7:26 am
[...] here to decrypt the password from vpn-uniwue.pcf here http://coreygilmore.com/projects/decrypt-cisco-vpn-password/ (you could also copy the encrypted password to the file above at [...]
June 9th, 2009 at 11:30 am
Thanks! This allowed me to setup my VPN on my IPhone where I cannot use the PCF file.
June 28th, 2009 at 10:37 pm
Jeremy or others that might be interested:
I have Cisco VPN software on home desktop to connnect to work. I can see my name but the password has asterisks. This is under group authentication. I used the decrypted password for group password. Now for Iphone cisco I also have a place for account and password. This is in addition to the group name and secret which I guess are the name that I could see and the decrypted password. I am not sure what to put in for the account and password.
July 12th, 2009 at 11:46 pm
this is def a godsend. I've tried all kinds of Google searches until i stumbled onto the algorithm w/o knowing how to implement it. This way is very user friendly :)
now I can finally use VPN on my iPhone!
cheers
July 19th, 2009 at 2:29 am
[...] password from a PCF (profile) file. Fortunately, I recalled this was particularly simple given this [coreygilmore.com] awesome [...]
July 28th, 2009 at 5:24 pm
Thanks a lot. It worked perfectly.
September 15th, 2009 at 1:32 pm
Thank you for making this decryption algorithm so easily accessible. You're a lifesaver for all of us with Cisco PCF files with encrypted "shared secret" passwords with IT staff not willing to share the secret.
September 18th, 2009 at 3:26 pm
[...] VPN on iPhone By jill I was having a little trouble setting up my iPhone to use VPN so I could connect to work… it needed something labeled "Secret" after the Group Name. Then I found this handy site which would decode the encoded group password from the .pcf file here. [...]
September 24th, 2009 at 1:54 pm
Worked like a charm, I did this before for my iPod Touch but then I didn't find this site and had to spend a lot more time breakning it. When it ws time for configuring the iPhone I couldn't find my notes with the pwd, some googling got me here and hey presto, simple and perfect!
October 8th, 2009 at 6:56 am
Hi there,
How can i encrypted my password for cisco vpn pcf file.
e.g
password : my password
encryped :905A1EFAE9A11D652B2C588EF3FBA15574237302B74C194EC7D0DD16645CB534D94CE85FEC4KJ5K6H5K6H5K65K6
decryped : my password
Could you please write me experience software or website.
Thanks in advanced.
October 12th, 2009 at 12:30 pm
[...] corey gilmore: Descifrar el secreto de una VPN Cisco Si tienes instalada la utilidad VPN Client de Cisco, y usas Snow Leopard, o iPhone OS 3.0, es posible utilizar el cliente nativo que proporcionan estos sistemas operativos si analizamos el contenido de los perfiles de conexión de cisco en <tt>/private/etc/opt/cisco-vpnclient/Profiles/</tt>, y seguimos las instrucciones de esta página. (tags: IT Mac OSX SnowLeopard Cisco VPNclient configuration password decryption) [...]
January 4th, 2010 at 10:17 pm
Thanks a lot. It works~~
January 21st, 2010 at 5:47 pm
AWSOME! needed to set up iPHONE coreygilmore=genius!
February 11th, 2010 at 9:24 am
where can i find the PCF file???
:(
February 13th, 2010 at 5:06 pm
nice work ::thumbsup::
February 22nd, 2010 at 8:04 am
9576d4a23a9ee508844d6052bb2118ce i dare if some one can Decrypt it ,,
no one do :S
plz who know send me email at pink.991@hotmail.com
March 12th, 2010 at 5:10 pm
[...] la seguridad de las claves no es que sea muy allá y de hecho el algoritmo de Cisco está roto. Aquí podrás encontrar cómo [...]
March 16th, 2010 at 5:20 pm
Thank you! Works great to convert those pcf files for both Snow Leopard and the iPhone.
March 30th, 2010 at 7:49 pm
[...] not storing it. But if that doesn't make you feel any better, don't make use of the program. Go to this web page instead and decrypt just the shared secret. Share and [...]
April 2nd, 2010 at 10:35 am
I followed the directions exactly but the auto decrypt just says it was not able to decrypt. Is my Admin smarter than I think or am I likely doing something incorrect?
Thanks,
April 2nd, 2010 at 10:38 am
Never mind. I'm an idiot. Extra space on the end. This is a lifesaver!
April 12th, 2010 at 7:18 pm
The Best, It blew the lid of my sysadmin. He sill does not know how!
April 17th, 2010 at 10:53 am
Hi Corey,
Fantastic work! Loved it. However I have one issue with trying to get my iPad to talk to the corp. network at work. It connects fine now with the decrypted password. However, after that the NAT'ing doesn't work. I am getting an IP address, but cant talk to or ping any host on that network. Of course using the cisco 3000 client from mac it works fine.
Any ideas?
-Amlan
PS: I was using the IPSec option and seems even from mac snow leopard its the same problem. Anyone ever run into something like this?
April 29th, 2010 at 11:04 am
Hi,
On Snow Leopard, should Shared Secret in the Cisco IPSec configuration be the decrypted Plain Text Password?
April 30th, 2010 at 3:05 pm
@Patrice – Yes, shared secret is the same as the decrypted plain text password.
April 30th, 2010 at 3:08 pm
@Amlan which NATing? I haven't tested this on an iPad yet, but I thought I read there were some IP address/DHCP related issues with the iPad? Could you try manually assigning an IP address and see if that works? I'm not even sure if that's doable on an iPad/iPhone, come to think of it.
May 19th, 2010 at 1:52 am
Thanks, you saved my day!
June 1st, 2010 at 3:07 am
thanks a million, such handy tool
crack the head and my ipad can now talk to the office via cisco and RDP PC..
real awsomeness thumps up mate.
Geev
June 17th, 2010 at 5:18 am
Cool – if you have the .pcf…. what about if I have the config file from the concentrator and need to crack the hex passwords for all the groups?
previous admin did not keep records and I need to import into a ASA now.
thks
July 1st, 2010 at 7:10 pm
It works perfectly!!!!!
I cannot say how much I appreciate!
Brilliant work!
July 3rd, 2010 at 9:00 am
Can you send me the .c file?
July 8th, 2010 at 1:17 pm
Koooll – i am now using my iphone through VPN to connect to Cisco Call Manager PBX and make and receive calls from my iphone as if it was my work desk phone.Sweet web site.VPN PW via .pcf was annoying but this site sorted that. Thanks you!
July 19th, 2010 at 3:43 pm
Wow, thanks a zillion. Worked like a charm, and now I am up and running on Mac OS X 10.6 snow leopard. Thanks for the great work!
July 20th, 2010 at 4:16 am
Fantastic, looks like everyone with an iPhone and an Cisco ASA, will or should come accross this site. Only worry is the pain in the bum it is that if somone can get one of our PCF files and a valid network password it gives them the key to the corporate door…. bugger.. especially when keeping that door locked is my responsibility!!!
July 29th, 2010 at 5:36 am
Ssl VPN, cisco any connect. Where do you find the group password hash?
July 29th, 2010 at 5:39 am
Nice page, especially since I'm so lazy
August 31st, 2010 at 5:36 pm
Works great! VPN setup on Mac (Snow Leopard) took seconds with standard, pre-installed Apple software.