How to Decrypt SqlDeveloper connections passwords

To recover password we need two files named connections.xml & product-preferences.xml .
Above files can be available in below locations

On Windows :
%APPDATA%\SQL Developer\system*\o.jdeveloper.db.connection*\connections.xml
%APPDATA%\SQL Developer\system*\o.sqldeveloper*\product-preferences.xml

On Linux :

Get required data from connections.xml 
You can find encrypted password in connections.xml, which will looks like below tag

<Reference xmlns="" className="oracle.jdeveloper.db.adapter.DatabaseProvider" name="MyDev DB">
<Factory className="oracle.jdevimpl.db.adapter.DatabaseProviderFactory1212"/>
<StringRefAddr addrType="password">
Get System ID from product-preferences.xml
Search for "" from “product-preferences.xml” and you can find similar below
<value n="" v="e8a85bc1-414c-4f9e-8a48-9ac5a62382e2"/>


Java code to Decrypt
Use below code to Decrpt (Reference :

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import java.util.Base64;

public class Decrypt_V4 {

private static byte[] des_cbc_decrypt(
 byte[] encrypted_password,
 byte[] decryption_key,
 byte[] iv)
 throws GeneralSecurityException

Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
 cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(decryption_key, "DES"), new IvParameterSpec(iv));
 return cipher.doFinal(encrypted_password);

private static byte[] decrypt_v4(
 byte[] encrypted,
 byte[] db_system_id)
 throws GeneralSecurityException
byte[] encrypted_password = Base64.getDecoder().decode(encrypted);
byte[] salt = DatatypeConverter.parseHexBinary("051399429372e8ad");

// key = db_system_id + salt
 byte[] key = new byte[db_system_id.length + salt.length];
 System.arraycopy(db_system_id, 0, key, 0, db_system_id.length);
 System.arraycopy(salt, 0, key, db_system_id.length, salt.length); md ="MD5");
 for (int i=0; i<42; i++) {
 key = md.digest(key);

// secret_key = key [0..7]
 byte[] secret_key = new byte[8];
 System.arraycopy(key, 0, secret_key, 0, 8);

// iv = key [8..]
 byte[] iv = new byte[key.length - 8];
 System.arraycopy(key, 8, iv, 0, key.length - 8);

return des_cbc_decrypt(encrypted_password, secret_key, iv);

public static void main(String[] argv) { try {

byte[] encrypted = argv[0].getBytes();
 byte[] db_system_id = argv[1].getBytes();

byte[] x = decrypt_v4(encrypted, db_system_id);

String password = new String(x);

 catch (Exception e) {

Save above code as .

Compile using javac 

Usage : “java Decryp_V4 encryped_Password sysem_ID_value”

java Decrypt_V4 vnmPXCpxyhukK4TmQjrMng e8a85bc1-414c-4f9e-8a48-9ac5a62382e2
C:\Oracle>java Decrypt_V4 vnmPXCpxyhukK4TmQjrMng e8a85bc1-414c-4f9e-8a48-9ac5a62382e2


References :-


2 thoughts on “How to Decrypt SqlDeveloper connections passwords

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s