Skip to content

Instantly share code, notes, and snippets.

@h3xstream

h3xstream/RecoverPW.java

Last active March 14, 2021 15:52
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save h3xstream/1900b2bb6cc66e670c6c to your computer and use it in GitHub Desktop.
Save h3xstream/1900b2bb6cc66e670c6c to your computer and use it in GitHub Desktop.
Download ZIP
Decrypt Documentum database passwords.
Raw
RecoverPW.java
/*
* (C) 2012 MSRoth - msroth.wordpress.com
*
* recoverPW v2
*
* This code will decrypt BOF and database passwords. It will *NOT* decrypt
* inline user passwords.
*
* From the D6.5 EMC Documentum Content Server Administration Guide, p. 353:
* "Passwords encrypted with encryptPassword cannot be decrypted explicitly
* by an application or user."
*
* usage: c:>java recoverPW <password>
*
* aek.key file must exist in c:\documentum\config
*
*/
package com.dm_misc.recoverpw;
import com.documentum.fc.client.impl.crypto.CryptoUtils;
import com.documentum.fc.tools.RegistryPasswordUtils;
import com.documentum.dmcl.impl.DmclApi;
import com.documentum.web.formext.session.TrustedAuthenticatorTool;
import com.documentum.web.formext.session.TrustedAuthenticatorUtils;
import java.io.*;
public class RecoverPW {
private static final String AEK_PATH = "c:/documentum/config/aek.key";
private static boolean decrypted = false;
private static String password = "";
public static void main(String args[]) {
try {
if (args.length != 1) {
System.out.println("usage: c:>java recoverPW <password>");
System.exit(1);
}
File file = new File(AEK_PATH);
if (!file.exists()) {
System.out.println("Could not find aek.key file. Please copy from Content Server to " + AEK_PATH);
System.exit(1);
}
// get encrypted password from command line
password = args[0];p
System.out.println("\nTrying to decrypt '" + password + "'...\n");
// try decrypting with BOF utils - shorter, base64 encoded passwords
try {
String clearText = "";
System.out.print("\tBOF Utils ->\t\t\t\t");
clearText = RegistryPasswordUtils.decrypt(password);
if ((clearText != null) && (clearText.length() > 0)) {
System.out.println("'" + clearText + "'");
decrypted = true;
}
} catch (Exception e) {
System.out.println("ERROR: " + e.getMessage());
}
// try decrypting with API - longer, dm_encrypt_password passwords
try {
String clearText = "";
System.out.print("\tAPI ->\t\t\t\t\t");
DmclApi.getInstance().exec("initcrypto,c," + AEK_PATH);
clearText = DmclApi.getInstance().get("decrypttext,c,DM_ENCR_TEXT=" + password);
if ((clearText != null) && (clearText.length() > 0)) {
System.out.println("'" + clearText + "'");
decrypted = true;
}
} catch (Exception e) {
System.out.println("ERROR: " + e.getMessage());
}
// try decrypting with CryptoUtils(Password)
try {
String clearText = "";
System.out.print("\tCryptoUtils (password) ->\t\t");
CryptoUtils c = CryptoUtils.getInstance();
clearText = c.decryptPassword("DM_ENCR_PASS=" + password);
if ((clearText != null) && (clearText.length() > 0)) {
System.out.println("'" + clearText + "'");
decrypted = true;
}
} catch (Exception e) {
System.out.println("ERROR: " + e.getMessage());
}
// try decrypting with CryptoUtils(Text)
try {
String clearText = "";
System.out.print("\tCryptoUtils (text) ->\t\t\t");
CryptoUtils c = CryptoUtils.getInstance();
clearText = c.decryptText("DM_ENCR_TEXT=" + password, "p6lo3ly1oj5ne&");
if ((clearText != null) && (clearText.length() > 0)) {
System.out.println("'" + clearText + "'");
decrypted = true;
}
} catch (Exception e) {
System.out.println("ERROR: " + e.getMessage());
}
// try WDK DES
try {
String clearText = "";
System.out.print("\tTrustedAuthenticatorUtils (DES) ->\t");
clearText = TrustedAuthenticatorUtils.decryptByDES(password);
if ((clearText != null) && (clearText.length() > 0)) {
System.out.println("'" + clearText + "'");
decrypted = true;
}
} catch (Exception e) {
System.out.println("ERROR: " + e.getMessage());
}
// try WDK decrypt
try {
String clearText = "";
System.out.print("\tTrustedAuthenticatorUtils (decrypt) ->\t");
clearText = TrustedAuthenticatorUtils.decrypt(password);
if ((clearText != null) && (clearText.length() > 0)) {
System.out.println("'" + clearText + "'");
decrypted = true;
}
} catch (Exception e) {
System.out.println("ERROR: " + e.getMessage());
}
// try WDK Authenticator Tool - just uses TrustedAuthenticatorUtils to encrypt
// This will never decrypt, running the main() only does encrypt.
try {
System.out.print("\tWDK authenticator tool -> \t\t");
// create a stream to hold the output since WDK authenticator tool
// prints to console
ByteArrayOutputStream baos = new ByteArrayOutputStream();
PrintStream ps = new PrintStream(baos);
PrintStream old = System.out;
System.setOut(ps);
// call tool to decrypt text
TrustedAuthenticatorTool.main(new String[]{password});
// put things back
System.out.flush();
System.setOut(old);
// see what happened
String clearText = baos.toString();
int idx = clearText.indexOf("Decrypted:");
if (idx > 0) {
clearText = clearText.substring(idx + "Decrypted: [".length(), clearText.length() - 3);
System.out.println("'" + clearText + "'");
if (clearText.equalsIgnoreCase(password)) {
decrypted = false;
} else {
decrypted = true;
}
} else {
System.out.println("ERROR: could not decrypt with WDK Authenticator Tool");
}
} catch (Exception e) {
System.out.println("ERROR: " + e.getMessage());
}
} catch (Exception e) {
System.out.println("General Error: " + e.getMessage());
}
System.out.println();
if (!decrypted) {
System.out.println("\nSorry, could not decrypt '" + password + "'.");
}
System.out.println("Done.");
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment