(added 3/1/2008)
On the 3rd January, manio [at] skyboo [dot] net e-mailed me asking for some hints / tips / advice about how the passwords are stored in the MikroTik Router OS image. (To his credit, he said he realised it was XOR based pretty much after he hit sent the mail). The user/password information is stored in /nova/store/user.dat. His homepage is http://manio.skyboo.net/mikrotik/.
According to him, the following passwords had the following encrypted text:
zero length pw 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0 78 BF DE 06 49 5A 0E 2D 09 D5 FB 27 B1 44 EC 93 01 aaa 29 D3 BF 06 49 5A 0E 2D 09 D5 FB 27 B1 44 EC 93 01 ala 29 DE BF 06 49 5A 0E 2D 09 D5 FB 27 B1 44 EC 93 01 0000 48 8F EE 36 49 5A 0E 2D 09 D5 FB 27 B1 44 EC 93 01
Initially, we can note that :
The bytes after the password length are unchanged.
Characters after changed characters still are hashed the the same.
This made me think it was something trivial such as an XOR based scheme.
If it is, we can work out what the first XOR byte is by:
>>> hex(0x78 ^ ord('0'))
'0x48'
This works due to the properties of XOR.
Continuing on with our analysis / assumption that it is XOR on the second char, we take the suspected xor byte of 0xbf, and XOR them against the decimal value of a and l
>>> hex(0xbf ^ ord('a'))
'0xde'
>>> hex(0xbf ^ ord('l'))
'0xd3'
As we can see, the returned bytes are the same as the second bytes from the "hash" from aaa and ala respectively.
Since we now know the "encryption" key, we can write a decoder trivially. (As a side note, I like Python's doctest module :) )
$ python mikrotik_password.py 29 de bf 06 49 5a 0e 2d 09 d5 fb 27 b1 44 ec 93 01 aaa
The password decoder can be found here for those who care.
I do not know if the encryption key changes on different releases of RouterOS, or if it is dependant upon license key or anything like that - this was coded with the information manio (lowercased upon his request) provided to me. manio said that he would investigate this when he gets a chance.