-
Star
(129)
You must be signed in to star a gist -
Fork
(23)
You must be signed in to fork a gist
-
-
Save felipou/50b60309f99b70b1e28f6d22da5d8e61 to your computer and use it in GitHub Desktop.
| # https://stackoverflow.com/questions/39928401/recover-db-password-stored-in-my-dbeaver-connection | |
| # requires pycryptodome lib (pip install pycryptodome) | |
| import sys | |
| import base64 | |
| import os | |
| import json | |
| from Crypto.Cipher import AES | |
| default_paths = [ | |
| '~/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
| '~/.local/share/DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
| '~/.local/share/.DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
| '~/AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json', | |
| ] | |
| if len(sys.argv) < 2: | |
| for path in default_paths: | |
| filepath = os.path.expanduser(path) | |
| try: | |
| f = open(filepath, 'rb') | |
| f.close() | |
| break | |
| except Exception as e: | |
| pass | |
| else: | |
| filepath = sys.argv[1] | |
| print(filepath) | |
| #PASSWORD_DECRYPTION_KEY = bytes([-70, -69, 74, -97, 119, 74, -72, 83, -55, 108, 45, 101, 61, -2, 84, 74]) | |
| PASSWORD_DECRYPTION_KEY = bytes([186, 187, 74, 159, 119, 74, 184, 83, 201, 108, 45, 101, 61, 254, 84, 74]) | |
| data = open(filepath, 'rb').read() | |
| decryptor = AES.new(PASSWORD_DECRYPTION_KEY, AES.MODE_CBC, data[:16]) | |
| padded_output = decryptor.decrypt(data[16:]) | |
| output = padded_output.rstrip(padded_output[-1:]) | |
| try: | |
| print(json.dumps(json.loads(output), indent=4, sort_keys=True)) | |
| except: | |
| print(output) |
Did not work for dbeaver 23.0.0 🫤
for Mac OS users
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "${HOME}/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/nullThanks! Works flawlessly in Windows + WSL2: openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users//AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
This works like a charm!, just adding the username placeholder
openssl aes-128-cbc -d -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -in "/mnt/c/Users/<username>/AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json" | dd bs=1 skip=16 2>/dev/null
Piping the result through jq . | less formats it nicely.
The script saved my life. Thanks a lot!
Worked flawlessly with DBeaver 24.0.4.
Still works on DBeaver 25.1.2, thank you !
For those looking to encrypt using OpenSSL, the following is shell-compatible syntax:
(sh -c 'head -c 16 /dev/zero; cat credentials-config-plain.json') | openssl aes-128-cbc -K babb4a9f774ab853c96c2d653dfe544a -iv 00000000000000000000000000000000 -out credentials-config.json
Thanks!
works with windows 11 + DBeaver 25
Here is a fresh solution of mine (decrypt passwords matching them with the datasource names): https://github.com/antonio-petricca/dbeaver-password-decrypter .
I hope it may be useful to anybody.
Works on mac sonoma 14.4.1 and dbeaver 24.0.2.2024, thanks