Skip to content

Instantly share code, notes, and snippets.

@felipou
Last active October 10, 2024 15:53
Show Gist options
  • Save felipou/50b60309f99b70b1e28f6d22da5d8e61 to your computer and use it in GitHub Desktop.
Save felipou/50b60309f99b70b1e28f6d22da5d8e61 to your computer and use it in GitHub Desktop.
DBeaver password decryption script - for newer versions of DBeaver
# https://stackoverflow.com/questions/39928401/recover-db-password-stored-in-my-dbeaver-connection
# requires pycryptodome lib (pip install pycryptodome)
import sys
import base64
import os
import json
from Crypto.Cipher import AES
default_paths = [
'~/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json',
'~/.local/share/DBeaverData/workspace6/General/.dbeaver/credentials-config.json',
'~/.local/share/.DBeaverData/workspace6/General/.dbeaver/credentials-config.json',
'~/AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json',
]
if len(sys.argv) < 2:
for path in default_paths:
filepath = os.path.expanduser(path)
try:
f = open(filepath, 'rb')
f.close()
break
except Exception as e:
pass
else:
filepath = sys.argv[1]
print(filepath)
#PASSWORD_DECRYPTION_KEY = bytes([-70, -69, 74, -97, 119, 74, -72, 83, -55, 108, 45, 101, 61, -2, 84, 74])
PASSWORD_DECRYPTION_KEY = bytes([186, 187, 74, 159, 119, 74, 184, 83, 201, 108, 45, 101, 61, 254, 84, 74])
data = open(filepath, 'rb').read()
decryptor = AES.new(PASSWORD_DECRYPTION_KEY, AES.MODE_CBC, data[:16])
padded_output = decryptor.decrypt(data[16:])
output = padded_output.rstrip(padded_output[-1:])
try:
print(json.dumps(json.loads(output), indent=4, sort_keys=True))
except:
print(output)
@callmetal
Copy link

callmetal commented Nov 29, 2022

The script worked great on windows 10.
I have DBeaver installed from the Windows Store, and my path is:
r'C:\Users\[username]\AppData\Local\Packages\DBeaverCorp.DBeaverCE_1b7tdvn0p0f9y\LocalCache\Roaming\DBeaverData\workspace6\General.dbeaver\credentials-config.json'

A few tips for others using windows 10:
If you don't have Python installed, you can open the command line as an Administrator and type:
Python
Click enter and it will open the Windows Store with the Python 3.10 page ready to download
If you need to install pycryptodome then go back to the command line and type:
pip install pycryptodome
Click enter

@J4YF7O
Copy link

J4YF7O commented Feb 21, 2023

Thank you very much,

I tested it, and both the python script and the openssl cmd work very well on mac.

I wonder if anyone has the openssl line to encrypt the file?

My flow would be to be able to generate connections from a script that would retrieve the data from AWS SSM.

@iRajjal
Copy link

iRajjal commented Feb 24, 2023

Thanks very much for the solution.

Is it possible to re-encrypt the modified json, for example I want to update the expired passwords automatically?

@thmsklngr
Copy link

Thank you so much, this script saved my day!

@BhuiyanMH
Copy link

Thanks, works for DBeaver 22.3.0 on the Windows platform.

@mixa42
Copy link

mixa42 commented May 15, 2023

thank you very much) the most necessary script that should be at hand

@joaovitor-correa
Copy link

Amazing, simple and very usefull!

@peisenmann
Copy link

for Mac OS users

openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null

This works almost perfectly for me. The one change I had to make was that my workspace was not named General. If you get ~/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json: No such file or directory, then do an ls ~/Library/DBeaverData/workspace6 to find your workspace folder, then replace General in the above command.

@athossampayo
Copy link

I had a lot of connections with same DBs and sometimes same usernames, so...
If anyone need a version that gets the configuration of each connection also, I did a fork:

https://gist.github.com/athossampayo/c028acbfe3b9d0aa0ff230d4c9e35c83

@mohamedamara1
Copy link

thanks, still works

@trashreactor
Copy link

for Mac OS users

openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null

Thanks! Works flawlessly in Windows + WSL2: openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users//AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null

This works like a charm!, just adding the username placeholder
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users/<username>/AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null

@Fjmontesinospalma
Copy link

Works on mac sonoma 14.4.1 and dbeaver 24.0.2.2024, thanks

@ulidtko
Copy link

ulidtko commented Jun 19, 2024

Did not work for dbeaver 23.0.0 🫤

@vboerchers
Copy link

for Mac OS users

openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null

Thanks! Works flawlessly in Windows + WSL2: openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users//AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null

This works like a charm!, just adding the username placeholder openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users/<username>/AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null

Piping the result through jq . | less formats it nicely.

@bigga
Copy link

bigga commented Sep 1, 2024

The script saved my life. Thanks a lot!
Worked flawlessly with DBeaver 24.0.4.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment