Decrypting wpa_supplicant.conf on Samsung Galaxy mobiles

Question

When I do cat on wpa_supplicant.conf file on Samsung mobiles, I see that the passwords are encrypted. But when I open the same file on LG mobiles, I can see the passwords in plain text.

This is what I see on my Galaxy S5. The information below is for my network which has a WPA password 77807780 (psk is the encrypted passkey):

network={
        ssid=""
        psk=fce6c4f64304b00c5783199bbd2b1f91
        key_mgmt=WPA-PSK
        priority=10
        frequency=2462
        autojoin=1
        usable_internet=0
        skip_internet_check=0
}

Is this a feature on Samsung mobiles? What kind of encryption is used to encrypt the password and how to decrypt them?

Yeah, I can confirm that it's in plain text on LG Nexus 4. Researching a bit also confirms that Samsung does encrypt/hash it, but I haven't found the method yet. — Andrew T., Jan 15 '15 at 09:04
On my Galaxy S5, it uses OpenSSL's EVP_Encrypt* methods with the EVP_aes_128_cbc cipher, i.e. AES with a 128-bit key in CBC mode. It makes sense since all encrypted PSKs I've seen have a length modulo 32 hex chars (32*4 bits = 128 bits, the block size of AES). No idea what's being used as the key or the IV. — johnwait, Dec 26 '15 at 12:54
Related: Retrieve WiFi password, How to recover stored wifi password? — Andrew T., Jan 16 '22 at 10:18

Ben Cook · Answer 1 · 2015-11-15T01:28:22.253

Use wpa_supplicant's wpa_passphrase tool to create your own "real" psk. Actually, the plain-text psk (double-quoted) must be processed at every startup and config reload to generate the real, 64 hex-digit (256-bit) psk. So, using wpa_passphrase to manually create the fully-processed PSK actually optimizes wpa_supplicant's startup & config reload time. :)

About decrypting them... wpa_supplicant uses an AES-based cipher, which is well respected. I think TKIP is deprecated and possibly exploitable.

score 3 · Answer 2 · edited Dec 21 '15 at 18:32

3

I got a solution:

Go to root browser
Go to /etc/secure_storage/.system.wpa_supplicant then delete this folder (only ".secure.supplicant.conf"), then reboot.
Strange number gone

Note: It only works for Samsung devices, all saved WiFi hotspots will be lost for the first time.

edited Dec 21 '15 at 18:32

GiantTree

4,062
1
20
26

answered Dec 21 '15 at 11:45

mohammed from india

31
1

score 2 · Answer 3 · edited Apr 11 '18 at 01:46

2

Find the following line in build.prop:

ro.securestorage.support=true

and change it to

ro.securestorage.support=false

Then reboot the device. Now retype password of your Wi-Fi network.

If your phone is rooted, you can view passwords either by reading wpa_supplicant.conf file or by installing "WiFi Key Recovery" app.

edited Apr 11 '18 at 01:46

krzywo97

132
11

answered Sep 11 '15 at 19:49

Wirus

21
2

currently i don't have a device to test your solution on, but anyway that's not what i asked for i need to know the encryption type and how to decrypt an already encrypted password – MOHAMMAD RASIM Sep 12 '15 at 12:49
This is the same as the one above that deletes the secure storage folder, but applies to everything that uses Secure Server. – cde Jun 11 '16 at 22:57
@MOHAMMAD it's unlikely you will ever decrypt one once encrypted. – cde Jun 11 '16 at 22:59

Decrypting wpa_supplicant.conf on Samsung Galaxy mobiles

3 Answers3

Linked