How to Convert Encoded Sonicwall Firewall Config File to Decode ClearText File.
MitatOnge
All-Knowing Sage ✭✭✭✭
Hi SonicWall Admins, Users and Customers,
You know, Sonicwall config is a encrypted config file.
Sometimes we need access to old configs, during transition process want to read old configs or we cannot access firewall and have to reset.
You can find out, how to create readable text file from encrypted config files and you can pull all information from text (except admin passwords).
you can use this option linux and mac osx. (Below screen shot taken from mac osx)
1) Convert to bas64 encrypted config file to text file with Base64 command line
2) replace "&" string to "new line string \n" from sonic-1.txt config and export new file to sonic-2.txt
3) replace "%20" (space ascii code) to " " One space character and save as sonic-2.txt to sonic-3.txt
New format screenshot: You can find all information on readable config.
Best regards,
I hope it will be useful for you.
Mitat Önge
Comments
@MitatOnge just for the sake of calming down the expectations due to the bait like Subject. It is not encrypting anything, it's just decoding the Base64 ENCODED config.
This can be done with a single liner as well:
If anyone finds a way to really decrypt the included Passwords (PPPoE Login etc.), this would be really helpful.
--Michael@BWC
@BWC
thank you for advice. yes totaly not encryption but normaly cannot readble file for end users.
tr cli tools fit for this situation. 👍️ I didn't know this tool.
sed is advanced tool but I don't want to read all man page files.
I don't think someone can convert to encrypted password to cleartext.
best regads,
Mitat Önge
I use this from bash
base64 -d -i sonicwall-NSA_66..........exp | sed 's/&/\n/g' > config.txt
@preston I checked the TSR from my TZ at home, but Sensitive Keys does not even show the PPPoE Username, I checked all for TSR and Login shows up but Password is not in it. Maybe this was valid in the past, but at least 6.5.4.10 does not have it.
That's all what is shown beneath the PPPoE Username in the TSR.
--Michael@BWC
@BWC , I tried removing my comment after testing myself, the TSR will show the Wireless keys and Radius keys, but for some reason not the PPPoE
on gen6.5 devices in the WAN Interface you can right click and inspect then change the HTML from password to text and it will show you in cleartext but not on Gen7 appliances, on the Gen7 devices it just shows ?????????
@preston all good, when I have physical access to an appliance with missing PPPoE credentials I always helped myself with a Mikrotik Router providing a PPPoE Server to trick the SNWL to spill out the credentials in the clear. Sometimes desperate situations ask for deperate measures :)
--Michael@BWC
@BWC it might be worth putting in a Feature request with SonicWall to add the PPPoE details to the TSR if selecting Sensitive Keys as it would help with Migrations.
Can i use it on windows 11 machine ?
like this ?
base64 -d -i sonicwall-NSA_66..........exp | sed 's/&/\n/g' > config.txt
Hi @Alberto
you can use powershell cli encoding and decoding options.