· 9 years ago · Oct 09, 2016, 12:38 PM
1import javax.crypto.*;
2import javax.crypto.spec.*;
3import java.security.*;
4
5/**
6 * Decrypt passwords stored in Oracle SQL Developer.
7 * This is intended for password recovery.
8 *
9 * Passwords are stored in ~/.sqldeveloper/system2.1.1.64.39/o.jdeveloper.db.connection.11.1.1.2.36.55.30/connections.xml
10 */
11public class Decrypt {
12 public static byte[] decryptPassword(byte[] result) throws GeneralSecurityException {
13 byte constant = result[0];
14 if (constant != (byte)5) {
15 throw new IllegalArgumentException();
16 }
17
18 byte[] secretKey = new byte[8];
19 System.arraycopy(result, 1, secretKey, 0, 8);
20
21 byte[] encryptedPassword = new byte[result.length - 9];
22 System.arraycopy(result, 9, encryptedPassword, 0, encryptedPassword.length);
23
24 byte[] iv = new byte[8];
25 for (int i = 0; i < iv.length; i++) {
26 iv[i] = 0;
27 }
28
29 Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
30 cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(secretKey, "DES"), new IvParameterSpec(iv));
31 return cipher.doFinal(encryptedPassword);
32 }
33
34 public static void main(String [] args) {
35 if (args.length != 1) {
36 System.err.println("Usage: java Decrypt <password>");
37 System.exit(1);
38 }
39
40 if (args[0].length() % 2 != 0) {
41 System.err.println("Password must consist of hex pairs. Length is odd (not even).");
42 System.exit(2);
43 }
44
45 byte [] secret = new byte[args[0].length() / 2];
46 for (int i = 0; i < args[0].length(); i += 2) {
47 String pair = args[0].substring(i, i + 2);
48 secret[i / 2] = (byte)(Integer.parseInt(pair,16));
49 }
50
51 try {
52 System.out.println(new String(decryptPassword(secret)));
53 } catch (GeneralSecurityException e) {
54 e.printStackTrace();
55 System.exit(3);
56 }
57 }
58}