Last active
September 1, 2024 15:21
-
-
Save felipou/50b60309f99b70b1e28f6d22da5d8e61 to your computer and use it in GitHub Desktop.
DBeaver password decryption script - for newer versions of DBeaver
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# https://stackoverflow.com/questions/39928401/recover-db-password-stored-in-my-dbeaver-connection | |
# requires pycryptodome lib (pip install pycryptodome) | |
import sys | |
import base64 | |
import os | |
import json | |
from Crypto.Cipher import AES | |
default_paths = [ | |
'~/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
'~/.local/share/DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
'~/.local/share/.DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
'~/AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
] | |
if len(sys.argv) < 2: | |
for path in default_paths: | |
filepath = os.path.expanduser(path) | |
try: | |
f = open(filepath, 'rb') | |
f.close() | |
break | |
except Exception as e: | |
pass | |
else: | |
filepath = sys.argv[1] | |
print(filepath) | |
#PASSWORD_DECRYPTION_KEY = bytes([-70, -69, 74, -97, 119, 74, -72, 83, -55, 108, 45, 101, 61, -2, 84, 74]) | |
PASSWORD_DECRYPTION_KEY = bytes([186, 187, 74, 159, 119, 74, 184, 83, 201, 108, 45, 101, 61, 254, 84, 74]) | |
data = open(filepath, 'rb').read() | |
decryptor = AES.new(PASSWORD_DECRYPTION_KEY, AES.MODE_CBC, data[:16]) | |
padded_output = decryptor.decrypt(data[16:]) | |
output = padded_output.rstrip(padded_output[-1:]) | |
try: | |
print(json.dumps(json.loads(output), indent=4, sort_keys=True)) | |
except: | |
print(output) |
for Mac OS users
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
Thanks! Works flawlessly in Windows + WSL2: openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users//AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
This works like a charm!, just adding the username placeholder
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users/<username>/AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
Piping the result through jq . | less
formats it nicely.
The script saved my life. Thanks a lot!
Worked flawlessly with DBeaver 24.0.4.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Did not work for dbeaver 23.0.0 🫤