/decrypt_jenkins.rb
Created Oct 28, 2016
Decrypt jenkins password / token
| #!/usr/bin/env ruby | |
| # refer to | |
| # https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/hudson/util/Secret.java | |
| # https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/jenkins/security/ApiTokenProperty.java | |
| require 'base64' | |
| require 'digest' | |
| require 'openssl' | |
| MAGIC = '::::MAGIC::::' | |
| ALGORITHM = 'AES-128-ECB' | |
| def try_decrypt(master_key, hudson_secret_key) | |
| hashed_master_key = Digest::SHA256.digest(master_key)[0..15] | |
| intermediate = OpenSSL::Cipher.new(ALGORITHM) | |
| intermediate.decrypt | |
| intermediate.key = hashed_master_key | |
| salted_final = intermediate.update(hudson_secret_key) + intermediate.final | |
| raise 'no magic key in a' unless salted_final.include?(MAGIC) | |
| salted_final[0..15] | |
| end | |
| def main(filename, input) | |
| abort "usage: #{filename} <master.key> <hudson.util.Secret> encryptedText" unless input.length == 3 | |
| master_key = File.read(input[0]) | |
| hudson_secret_key = File.read(input[1]) | |
| encrypted_text = Base64.decode64(input[2]) | |
| key = try_decrypt(master_key, hudson_secret_key) | |
| cipher = OpenSSL::Cipher.new(ALGORITHM) | |
| cipher.decrypt | |
| cipher.key = key | |
| text = cipher.update(encrypted_text) + cipher.final | |
| text = text[0..(text.length-MAGIC.size-1)] | |
| # if api token (md5 hash) | |
| # text = Digest::MD5.new.update(text).hexdigest | |
| puts text | |
| end | |
| if __FILE__ == $0 | |
| main(__FILE__, ARGV) | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment