Skip to content

Instantly share code, notes, and snippets.

@felipou
Last active November 7, 2024 19:20
Show Gist options
  • Save felipou/50b60309f99b70b1e28f6d22da5d8e61 to your computer and use it in GitHub Desktop.
Save felipou/50b60309f99b70b1e28f6d22da5d8e61 to your computer and use it in GitHub Desktop.
DBeaver password decryption script - for newer versions of DBeaver
# https://stackoverflow.com/questions/39928401/recover-db-password-stored-in-my-dbeaver-connection
# requires pycryptodome lib (pip install pycryptodome)
import sys
import base64
import os
import json
from Crypto.Cipher import AES
default_paths = [
'~/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json',
'~/.local/share/DBeaverData/workspace6/General/.dbeaver/credentials-config.json',
'~/.local/share/.DBeaverData/workspace6/General/.dbeaver/credentials-config.json',
'~/AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json',
]
if len(sys.argv) < 2:
for path in default_paths:
filepath = os.path.expanduser(path)
try:
f = open(filepath, 'rb')
f.close()
break
except Exception as e:
pass
else:
filepath = sys.argv[1]
print(filepath)
#PASSWORD_DECRYPTION_KEY = bytes([-70, -69, 74, -97, 119, 74, -72, 83, -55, 108, 45, 101, 61, -2, 84, 74])
PASSWORD_DECRYPTION_KEY = bytes([186, 187, 74, 159, 119, 74, 184, 83, 201, 108, 45, 101, 61, 254, 84, 74])
data = open(filepath, 'rb').read()
decryptor = AES.new(PASSWORD_DECRYPTION_KEY, AES.MODE_CBC, data[:16])
padded_output = decryptor.decrypt(data[16:])
output = padded_output.rstrip(padded_output[-1:])
try:
print(json.dumps(json.loads(output), indent=4, sort_keys=True))
except:
print(output)
@joaovitor-correa
Copy link

Amazing, simple and very usefull!

@peisenmann
Copy link

for Mac OS users

openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null

This works almost perfectly for me. The one change I had to make was that my workspace was not named General. If you get ~/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json: No such file or directory, then do an ls ~/Library/DBeaverData/workspace6 to find your workspace folder, then replace General in the above command.

@athossampayo
Copy link

I had a lot of connections with same DBs and sometimes same usernames, so...
If anyone need a version that gets the configuration of each connection also, I did a fork:

https://gist.github.com/athossampayo/c028acbfe3b9d0aa0ff230d4c9e35c83

@mohamedamara1
Copy link

thanks, still works

@trashreactor
Copy link

for Mac OS users

openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null

Thanks! Works flawlessly in Windows + WSL2: openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users//AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null

This works like a charm!, just adding the username placeholder
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users/<username>/AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null

@Fjmontesinospalma
Copy link

Works on mac sonoma 14.4.1 and dbeaver 24.0.2.2024, thanks

@ulidtko
Copy link

ulidtko commented Jun 19, 2024

Did not work for dbeaver 23.0.0 🫤

@vboerchers
Copy link

for Mac OS users

openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null

Thanks! Works flawlessly in Windows + WSL2: openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users//AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null

This works like a charm!, just adding the username placeholder openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users/<username>/AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null

Piping the result through jq . | less formats it nicely.

@bigga
Copy link

bigga commented Sep 1, 2024

The script saved my life. Thanks a lot!
Worked flawlessly with DBeaver 24.0.4.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment