How to Decrypt SqlDeveloper connections passwords

To recover password we need two files named connections.xml & product-preferences.xml .
Above files can be available in below locations

On Windows :
%APPDATA%\SQL Developer\system*\o.jdeveloper.db.connection*\connections.xml
%APPDATA%\SQL Developer\system*\o.sqldeveloper*\product-preferences.xml

On Linux :
user_home/.sqldeveloper/system/o.sqldeveloper/connections.xml
user_home/.sqldeveloper/system/o.sqldeveloper/product-preferences.xml

Get required data from connections.xml 
You can find encrypted password in connections.xml, which will looks like below tag

<Reference xmlns="" className="oracle.jdeveloper.db.adapter.DatabaseProvider" name="MyDev DB">
<Factory className="oracle.jdevimpl.db.adapter.DatabaseProviderFactory1212"/>
<RefAddresses>
<StringRefAddr addrType="password">
<Contents>vnmPXCpxyhukK4TmQjrMng==</Contents>
</StringRefAddr>
</RefAddresses>
</Reference>
Get System ID from product-preferences.xml
Search for "db.system.id" from “product-preferences.xml” and you can find similar below
<value n="db.system.id" v="e8a85bc1-414c-4f9e-8a48-9ac5a62382e2"/>

 

Java code to Decrypt
Use below code to Decrpt (Reference : https://github.com/maaaaz/sqldeveloperpassworddecryptor)

import java.security.MessageDigest;
import java.security.GeneralSecurityException;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import java.util.Base64;

public class Decrypt_V4 {

private static byte[] des_cbc_decrypt(
 byte[] encrypted_password,
 byte[] decryption_key,
 byte[] iv)
 throws GeneralSecurityException
 {

Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
 cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(decryption_key, "DES"), new IvParameterSpec(iv));
 return cipher.doFinal(encrypted_password);
}

private static byte[] decrypt_v4(
 byte[] encrypted,
 byte[] db_system_id)
 throws GeneralSecurityException
 {
byte[] encrypted_password = Base64.getDecoder().decode(encrypted);
byte[] salt = DatatypeConverter.parseHexBinary("051399429372e8ad");

// key = db_system_id + salt
 byte[] key = new byte[db_system_id.length + salt.length];
 System.arraycopy(db_system_id, 0, key, 0, db_system_id.length);
 System.arraycopy(salt, 0, key, db_system_id.length, salt.length);

java.security.MessageDigest md = java.security.MessageDigest.getInstance("MD5");
 for (int i=0; i<42; i++) {
 key = md.digest(key);
 }

// secret_key = key [0..7]
 byte[] secret_key = new byte[8];
 System.arraycopy(key, 0, secret_key, 0, 8);

// iv = key [8..]
 byte[] iv = new byte[key.length - 8];
 System.arraycopy(key, 8, iv, 0, key.length - 8);

return des_cbc_decrypt(encrypted_password, secret_key, iv);
 }

public static void main(String[] argv) { try {

byte[] encrypted = argv[0].getBytes();
 byte[] db_system_id = argv[1].getBytes();

byte[] x = decrypt_v4(encrypted, db_system_id);

String password = new String(x);

System.out.println(password);
 }
 catch (Exception e) {
 System.out.println(e.toString());
 }
 }
}

Save above code as Decrypt_V4.java .

Compile using javac Decrypt_V4.java 

Usage : “java Decryp_V4 encryped_Password sysem_ID_value”

java Decrypt_V4 vnmPXCpxyhukK4TmQjrMng e8a85bc1-414c-4f9e-8a48-9ac5a62382e2
C:\Oracle>java Decrypt_V4 vnmPXCpxyhukK4TmQjrMng e8a85bc1-414c-4f9e-8a48-9ac5a62382e2
tssqafr11g

 

References :-

https://github.com/maaaaz/sqldeveloperpassworddecryptor

Advertisements

2 thoughts on “How to Decrypt SqlDeveloper connections passwords

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s