Last active
March 14, 2021 15:52
-
-
Save h3xstream/1900b2bb6cc66e670c6c to your computer and use it in GitHub Desktop.
Decrypt Documentum database passwords.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* (C) 2012 MSRoth - msroth.wordpress.com | |
* | |
* recoverPW v2 | |
* | |
* This code will decrypt BOF and database passwords. It will *NOT* decrypt | |
* inline user passwords. | |
* | |
* From the D6.5 EMC Documentum Content Server Administration Guide, p. 353: | |
* "Passwords encrypted with encryptPassword cannot be decrypted explicitly | |
* by an application or user." | |
* | |
* usage: c:>java recoverPW <password> | |
* | |
* aek.key file must exist in c:\documentum\config | |
* | |
*/ | |
package com.dm_misc.recoverpw; | |
import com.documentum.fc.client.impl.crypto.CryptoUtils; | |
import com.documentum.fc.tools.RegistryPasswordUtils; | |
import com.documentum.dmcl.impl.DmclApi; | |
import com.documentum.web.formext.session.TrustedAuthenticatorTool; | |
import com.documentum.web.formext.session.TrustedAuthenticatorUtils; | |
import java.io.*; | |
public class RecoverPW { | |
private static final String AEK_PATH = "c:/documentum/config/aek.key"; | |
private static boolean decrypted = false; | |
private static String password = ""; | |
public static void main(String args[]) { | |
try { | |
if (args.length != 1) { | |
System.out.println("usage: c:>java recoverPW <password>"); | |
System.exit(1); | |
} | |
File file = new File(AEK_PATH); | |
if (!file.exists()) { | |
System.out.println("Could not find aek.key file. Please copy from Content Server to " + AEK_PATH); | |
System.exit(1); | |
} | |
// get encrypted password from command line | |
password = args[0];p | |
System.out.println("\nTrying to decrypt '" + password + "'...\n"); | |
// try decrypting with BOF utils - shorter, base64 encoded passwords | |
try { | |
String clearText = ""; | |
System.out.print("\tBOF Utils ->\t\t\t\t"); | |
clearText = RegistryPasswordUtils.decrypt(password); | |
if ((clearText != null) && (clearText.length() > 0)) { | |
System.out.println("'" + clearText + "'"); | |
decrypted = true; | |
} | |
} catch (Exception e) { | |
System.out.println("ERROR: " + e.getMessage()); | |
} | |
// try decrypting with API - longer, dm_encrypt_password passwords | |
try { | |
String clearText = ""; | |
System.out.print("\tAPI ->\t\t\t\t\t"); | |
DmclApi.getInstance().exec("initcrypto,c," + AEK_PATH); | |
clearText = DmclApi.getInstance().get("decrypttext,c,DM_ENCR_TEXT=" + password); | |
if ((clearText != null) && (clearText.length() > 0)) { | |
System.out.println("'" + clearText + "'"); | |
decrypted = true; | |
} | |
} catch (Exception e) { | |
System.out.println("ERROR: " + e.getMessage()); | |
} | |
// try decrypting with CryptoUtils(Password) | |
try { | |
String clearText = ""; | |
System.out.print("\tCryptoUtils (password) ->\t\t"); | |
CryptoUtils c = CryptoUtils.getInstance(); | |
clearText = c.decryptPassword("DM_ENCR_PASS=" + password); | |
if ((clearText != null) && (clearText.length() > 0)) { | |
System.out.println("'" + clearText + "'"); | |
decrypted = true; | |
} | |
} catch (Exception e) { | |
System.out.println("ERROR: " + e.getMessage()); | |
} | |
// try decrypting with CryptoUtils(Text) | |
try { | |
String clearText = ""; | |
System.out.print("\tCryptoUtils (text) ->\t\t\t"); | |
CryptoUtils c = CryptoUtils.getInstance(); | |
clearText = c.decryptText("DM_ENCR_TEXT=" + password, "p6lo3ly1oj5ne&"); | |
if ((clearText != null) && (clearText.length() > 0)) { | |
System.out.println("'" + clearText + "'"); | |
decrypted = true; | |
} | |
} catch (Exception e) { | |
System.out.println("ERROR: " + e.getMessage()); | |
} | |
// try WDK DES | |
try { | |
String clearText = ""; | |
System.out.print("\tTrustedAuthenticatorUtils (DES) ->\t"); | |
clearText = TrustedAuthenticatorUtils.decryptByDES(password); | |
if ((clearText != null) && (clearText.length() > 0)) { | |
System.out.println("'" + clearText + "'"); | |
decrypted = true; | |
} | |
} catch (Exception e) { | |
System.out.println("ERROR: " + e.getMessage()); | |
} | |
// try WDK decrypt | |
try { | |
String clearText = ""; | |
System.out.print("\tTrustedAuthenticatorUtils (decrypt) ->\t"); | |
clearText = TrustedAuthenticatorUtils.decrypt(password); | |
if ((clearText != null) && (clearText.length() > 0)) { | |
System.out.println("'" + clearText + "'"); | |
decrypted = true; | |
} | |
} catch (Exception e) { | |
System.out.println("ERROR: " + e.getMessage()); | |
} | |
// try WDK Authenticator Tool - just uses TrustedAuthenticatorUtils to encrypt | |
// This will never decrypt, running the main() only does encrypt. | |
try { | |
System.out.print("\tWDK authenticator tool -> \t\t"); | |
// create a stream to hold the output since WDK authenticator tool | |
// prints to console | |
ByteArrayOutputStream baos = new ByteArrayOutputStream(); | |
PrintStream ps = new PrintStream(baos); | |
PrintStream old = System.out; | |
System.setOut(ps); | |
// call tool to decrypt text | |
TrustedAuthenticatorTool.main(new String[]{password}); | |
// put things back | |
System.out.flush(); | |
System.setOut(old); | |
// see what happened | |
String clearText = baos.toString(); | |
int idx = clearText.indexOf("Decrypted:"); | |
if (idx > 0) { | |
clearText = clearText.substring(idx + "Decrypted: [".length(), clearText.length() - 3); | |
System.out.println("'" + clearText + "'"); | |
if (clearText.equalsIgnoreCase(password)) { | |
decrypted = false; | |
} else { | |
decrypted = true; | |
} | |
} else { | |
System.out.println("ERROR: could not decrypt with WDK Authenticator Tool"); | |
} | |
} catch (Exception e) { | |
System.out.println("ERROR: " + e.getMessage()); | |
} | |
} catch (Exception e) { | |
System.out.println("General Error: " + e.getMessage()); | |
} | |
System.out.println(); | |
if (!decrypted) { | |
System.out.println("\nSorry, could not decrypt '" + password + "'."); | |
} | |
System.out.println("Done."); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment