Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

How to Convert Encoded Sonicwall Firewall Config File to Decode ClearText File.

MitatOngeMitatOnge Cybersecurity Overlord ✭✭✭

Hi SonicWall Admins, Users and Customers,

You know, Sonicwall config is a encrypted config file.

Sometimes we need access to old configs, during transition process want to read old configs or we cannot access firewall and have to reset.

You can find out, how to create readable text file from encrypted config files and you can pull all information from text (except admin passwords).

you can use this option linux and mac osx. (Below screen shot taken from mac osx)

1) Convert to bas64 encrypted config file to text file with Base64 command line

2) replace "&" string to "new line string \n" from sonic-1.txt config and export new file to sonic-2.txt

3) replace "%20" (space ascii code) to " " One space character and save as sonic-2.txt to sonic-3.txt


New format screenshot: You can find all information on readable config.


Best regards,

I hope it will be useful for you.

Mitat Önge

Category: Firewall Management and Analytics
Reply

Comments

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @MitatOnge just for the sake of calming down the expectations due to the bait like Subject. It is not encrypting anything, it's just decoding the Base64 ENCODED config.

    This can be done with a single liner as well:

    base64 -D <firewall.exp | tr "&" "\n"
    

    If anyone finds a way to really decrypt the included Passwords (PPPoE Login etc.), this would be really helpful.

    --Michael@BWC

  • MitatOngeMitatOnge Cybersecurity Overlord ✭✭✭

    @BWC

    thank you for advice. yes totaly not encryption but normaly cannot readble file for end users.

    tr cli tools fit for this situation. 👍️ I didn't know this tool.

    sed is advanced tool but I don't want to read all man page files.

    I don't think someone can convert to encrypted password to cleartext.

    best regads,

    Mitat Önge

  • AlbertoAlberto Newbie ✭

    I use this from bash


    base64 -d -i sonicwall-NSA_66..........exp | sed 's/&/\n/g' > config.txt

  • prestonpreston Enthusiast ✭✭
    edited July 1


  • BWCBWC Cybersecurity Overlord ✭✭✭

    @preston I checked the TSR from my TZ at home, but Sensitive Keys does not even show the PPPoE Username, I checked all for TSR and Login shows up but Password is not in it. Maybe this was valid in the past, but at least 6.5.4.10 does not have it.

    That's all what is shown beneath the PPPoE Username in the TSR.

    Password                                        : <Password exists>
    

    --Michael@BWC

  • prestonpreston Enthusiast ✭✭
    edited July 1

    @BWC , I tried removing my comment after testing myself, the TSR will show the Wireless keys and Radius keys, but for some reason not the PPPoE

    on gen6.5 devices in the WAN Interface you can right click and inspect then change the HTML from password to text and it will show you in cleartext but not on Gen7 appliances, on the Gen7 devices it just shows ?????????

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @preston all good, when I have physical access to an appliance with missing PPPoE credentials I always helped myself with a Mikrotik Router providing a PPPoE Server to trick the SNWL to spill out the credentials in the clear. Sometimes desperate situations ask for deperate measures :)

    --Michael@BWC

  • prestonpreston Enthusiast ✭✭

    @BWC it might be worth putting in a Feature request with SonicWall to add the PPPoE details to the TSR if selecting Sensitive Keys as it would help with Migrations.

  • AlbertoAlberto Newbie ✭

    Can i use it on windows 11 machine ?

    like this ?

    base64 -d -i sonicwall-NSA_66..........exp | sed 's/&/\n/g' > config.txt

  • MitatOngeMitatOnge Cybersecurity Overlord ✭✭✭

    Hi @Alberto


    you can use powershell cli encoding and decoding options.


Sign In or Register to comment.