Last active
July 2, 2024 14:56
-
-
Save felipou/50b60309f99b70b1e28f6d22da5d8e61 to your computer and use it in GitHub Desktop.
DBeaver password decryption script - for newer versions of DBeaver
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# https://stackoverflow.com/questions/39928401/recover-db-password-stored-in-my-dbeaver-connection | |
# requires pycryptodome lib (pip install pycryptodome) | |
import sys | |
import base64 | |
import os | |
import json | |
from Crypto.Cipher import AES | |
default_paths = [ | |
'~/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
'~/.local/share/DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
'~/.local/share/.DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
'~/AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
] | |
if len(sys.argv) < 2: | |
for path in default_paths: | |
filepath = os.path.expanduser(path) | |
try: | |
f = open(filepath, 'rb') | |
f.close() | |
break | |
except Exception as e: | |
pass | |
else: | |
filepath = sys.argv[1] | |
print(filepath) | |
#PASSWORD_DECRYPTION_KEY = bytes([-70, -69, 74, -97, 119, 74, -72, 83, -55, 108, 45, 101, 61, -2, 84, 74]) | |
PASSWORD_DECRYPTION_KEY = bytes([186, 187, 74, 159, 119, 74, 184, 83, 201, 108, 45, 101, 61, 254, 84, 74]) | |
data = open(filepath, 'rb').read() | |
decryptor = AES.new(PASSWORD_DECRYPTION_KEY, AES.MODE_CBC, data[:16]) | |
padded_output = decryptor.decrypt(data[16:]) | |
output = padded_output.rstrip(padded_output[-1:]) | |
try: | |
print(json.dumps(json.loads(output), indent=4, sort_keys=True)) | |
except: | |
print(output) |
Did not work for dbeaver 23.0.0 🫤
for Mac OS users
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
Thanks! Works flawlessly in Windows + WSL2: openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users//AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
This works like a charm!, just adding the username placeholder
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users/<username>/AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
Piping the result through jq . | less
formats it nicely.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Works on mac sonoma 14.4.1 and dbeaver 24.0.2.2024, thanks