Convert Sonicwall Export File to Plain Text

By | 2013/03/26

I’ve never worked on a Sonicwall firewall, but we’ll be gaining one shortly. This weekend, we’re moving a data center from Vermont to PA and incorporating it into our existing data center. We have very little documentation — none really. So we don’t know the traffic requirements for the data center we are inheriting. The natural place to look for clues to traffic flow is the firewall rules.

We obtained a Sonicwall export file, but it was only Gobbledygook (base64 encoded).

Base64 Gobbledygook

Base64 Gobbledygook

Here are the steps taken to convert it

1. First decode it. There are dozens of ways to solve this problem. I chose to write the world’s shortest python program:

import base64

base64.decode(open(“sonicwall.exp”), open(“sonicwall.txt”, “w”))

After decoding, the Gobbledygook is replaced with plain text, but it’s all on a single line (no line feeds in the file).

Decoded plaintext

Decoded but still hard to read

2. To add line feeds (again there are dozens of ways to accomplish this), I used ‘sed’ on a Linux box. First WinSCP the file to the Linux machine (if your desktop isn’t Linux), then run this command to insert a line feed before every “&” character:

sed -i ‘s/&/\n&/g’ sonicwall.txt

You can adjust this to insert the line feed somewhere else – if you know more about Sonicwall rules than I, you probably have a better specific solution. This just gives you the general idea.

The resulting file is now easier to read in Linux, but Windows will still show it all on one line (oops). We need to add a carriage return AND line feed (known as end-of-line, or EOL) for Windows to display properly. Try this instead of the command above, if you need to display the file in Windows:

sed -i ‘s/&/\r\n&/g’ sonicwall.txt

Now you should have a somewhat-formatted firewall configuration that can be used to determine traffic flow, if you find yourself sharing the misfortune of rebuilding a network you know nothing about. It’s still not pretty, but it’s better than nothing.

Readable

Readable Sonicwall config

22 thoughts on “Convert Sonicwall Export File to Plain Text

  1. Matthew

    This is actually a very useful piece of information. Running a SonicWall 2400 MX, I have a ghost named zone that had the interface move out from underneath it. I want to edit and load up the changes because the record is only partially visible in the GUI. I know it’s there because changes that would conflict with it throw an error saying that the …. anyway, this was helpful, thank you for taking the time.

    Reply
  2. Anon

    If you are on a Windows machine once you have the information decoded you can run it through powershell to format it into a readable format.
    (get-content sonicwall.txt) -replace ‘\&’,”`n” |out-file readable.txt

    Reply
    1. lhomsher Post author

      Thanks for the tip! My Linux skills are much better than my Windows powershell skills – I really appreciate your feedback!

      Reply
  3. Chris

    Just a note, I tried copying the python script and the sed command. The quotes on the website don’t work, I had to replace them with ” to get them to work.

    Reply
    1. lhomsher Post author

      Thanks for the feedback. I suspect WordPress may have changed the font. Hope everything else worked out well.

      Reply
  4. Chris

    what was the tool you used to decode the text? i’ve exported the settings and still at Gobbledygook stage 🙁

    Reply
    1. lhomsher Post author

      Chris – I wrote a little python program that contained just 2 lines of code shown in the blog post (note you may need to adjust the quotes due to font differences).

      There are lots of decode options – just Google ‘base64 decode’ and search for the right option for you.

      Reply
  5. JWSmythe

    I’m not sure if this will display right, but here’s a quick Perl script to decode the export file and save it as a text file. Just run decode.pl [filename]. It will work on most *nix systems, and with Cygwin on Windows.

    #!/usr/bin/perl
    use MIME::Base64;

    $infile = $ARGV[0];

    # I like some spacing here.
    print “\n\n”;

    if (!-f $infile){
    print “You must specify a file to decode. File ‘$infile’ does not exist.\n\n”;
    }else{
    print “Decoding file $infile\n\n”;
    };

    open (IN, “<$infile");
    $data = ;
    close(IN);

    $decoded = decode_base64($data);

    $decoded =~ s/\&/\n/g;

    print “Writing decoded file to $infile.plain.txt\n\n”;
    open (OUT, “>$infile.plain.txt”);
    print OUT $decoded;
    close (OUT);

    Reply
    1. lhomsher Post author

      Thanks JW! I always say we typically have 6 (or more) different ways to accomplish any given challenge. I appreciate your perl idea.
      Lori

      Reply
  6. robert

    on windows, you can use the “certutil -decode config.exp config.txt” command at the command line to decode the base64.

    Reply
  7. Richard Cascarina

    This is great Lori! I’m a security engineer who manages hundreds of the small 205 home unit’s for our company for various employees. One of our biggest time wasters is building these from scratch. We have about a 20 page document that takes about 30/45 minutes to build one, barring any human error. Using your script, some ingenuity, and a whole lot of caffeine, I was able to reverse engineer the configuration export, make the changes I needed to in certain parameters, then re-encode the whole thing and build a python script around it to automate new home unit deployments.

    One mention I will make, is that the native export file is not 100% base64 encoded. If you base64 –decode file.exp in linux cmd line, you’ll notice it decodes it but throws an error in the end that python does not show you. It’s because there are trailing ampersands at the end that they add to the export file, I’m assuming to signal to the sonicwall that it is the EOF. I’ll make a second post shortly showing how to properly re-base64encode the file, add the trailing ampersands, and remove all new lines from the file (ran into a huge problem with new lines even though it appeared to be one line after the re-encoding process)

    Reply
    1. lhomsher Post author

      Richard – Wow…you took this to a completely new level and I’m totally impressed! I’d love to include your subsequent work if you’d like to follow up with another post.
      Thanks for the info!

      Reply
    2. Jason Conway

      I was able to load up notepad++ and delete the 2 ampersands at the end of the file. I then was able to run the “certutil -decode config.exp config.txt” to decode the file from base64. I then was able to go in to powershell and run (get-content config.txt) -replace ‘\&’,”`n” |out-file readable.txt to make the file Windows-friendly.

      No linux required! All done in Windows command line and pwershell. Thanks to the posters above who provided these commands.

      Reply
      1. lhomsher Post author

        Wow Jason…I am in awe of your Windows prowess! I’ve always been more comfortable with Linux command line than Windows powershell, but you have motivated me to give powershell another try!
        Thanks for your contribution to the post.

        Reply
  8. Russ

    Hey there I am so thrilled I found your webpage, I really found
    you by mistake, while I was searching on Bing for something else, Anyhow I am here now and
    would just like to say thank you for a fantastic post and a all round entertaining blog (I also love the theme/design),
    I don’t have time to go through it all at the minute but
    I have book-marked it and also added in your RSS feeds, so when I have time I will
    be back to read a lot more, Please do keep up the fantastic b.

    Reply
  9. Daryl

    Along with the other comments on how to decode this, i’ve knocked up a Go program to combine the steps of removal of the ampersands, decoding and formatting the lines.

    Takes exp on stdin and outputs the decoded config to stdout.
    > cat sonicwall.exp | ./convert-sonicwall > decoded-config.txt
    ——————————————
    package main

    import (
    “encoding/base64”
    “strings”
    “os”
    “io/ioutil”
    “log”
    “fmt”
    )

    func main() {
    stdin, err := ioutil.ReadAll(os.Stdin)
    if err != nil {
    log.Fatal(err)
    }

    ec := strings.TrimSuffix(string(stdin), “&&”)
    dc, err := base64.StdEncoding.DecodeString(ec)
    if err != nil {
    log.Fatal(err)
    }

    config := strings.Replace(string(dc), “&”, “\n”, -1)
    fmt.Println(config)
    }

    Reply
    1. lhomsher Post author

      Nice solution, Daryl! And you’ve also introduced me to the GO programming language, which is new to me. Thanks!

      Reply
  10. Dave O.

    Thanks for the tips! This page was very helpful, including the comments.

    But, am I missing something? The config is still not really usable in any form, once it’s converted. The data is there, but it’s individual fields per rule and not very intuitive.

    But, while searching for a solution, i found this tool along with your blog page! Hope this helps.
    NOTE: It took a while to process my policy–i thought it was hung, but low and behold, it finished sucessfully. You can save as an HTML page and then do what you want with it from there.
    https://sourceforge.net/projects/sonicreader/

    Reply
    1. lhomsher Post author

      Hey Dave O – thanks for the post! I suspect my original needs may have predated the sonicreader tool, but it’s nice to see someone has put together a good solution. Based on the number of people who are still searching for a solution, I’d say it’s necessary. Thanks for sharing!

      Reply
  11. Len Krygsman

    Building off of Richard Cascarina’s powershell work, I wrote a self-contained powershell function to do this with a single command.

    It creates a rather arbitrary couple of temporary files and I know it could be improved on in many ways, but it does the job.

    Usage:
    1. Run the below code to add the function to your session. Feel free to add it to $profile if you use it a lot.
    2. Convert-SonicWALLexp -FilePath [-OutFile ]
    (in absence of -Outfile, it will use the same filename as -FilePath, but ending in .txt)

    Note: I hope this dialogue box doesn’t change the quotes to “smart quotes,” because that will mess things up. They need to be regular straight quotes and apostrophes, with the exception of the `n in line 8 which is, of course, a back-tick

    Code:

    function Convert-SonicWALLexp ($FilePath,$OutFile=(“$($FilePath.Substring(0,$FilePath.Length – 4)).txt”))
    {
    $tempFile = “.\asdfadasasdfawefasdfawef”
    (Get-Content $FilePath) -replace “.{2}$” | Out-File -Encoding default -FilePath “$($tempFile).exp”
    $arguments = @(“-decode”,”$($tempFile).exp”,”$($tempFile).txt”)
    & certutil.exe $arguments
    #echo certutil.exe -decode “$($tempFile).exp” “$($tempFile).txt”
    (Get-Content “$($tempFile).txt”) -replace ‘\&’,”`n” | Out-File $OutFile
    Remove-Item “$($tempFile).txt”
    Remove-Item “$($tempFile).exp”
    }

    Reply
    1. lhomsher Post author

      Hi Len – thanks for posting this alternate solution! One of the things I’ve always loved about coding is how multiple solutions can be created for any single problem. Coding is a great combination of science and art. The science is what we’re taught, and the art adds our personal spin to the solution.

      Thanks also for pointing out the smart-quote challenge – I’ve had that mess me up MANY times in the past!

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*