RSS

How to retrieve stored password from Oracle SQLdeveloper

24 Dec

>This is mainly a reminder for myself. Last week I forgot a schema password but my SQL developer had it stored in it’s configuration.

So I found this post. All credits to kornelissietsma and passshok.

<Reference name="my Database" className="oracle.jdeveloper.db.adapter.DatabaseProvider" xmlns="">      <Factory className="oracle.jdeveloper.db.adapter.DatabaseProviderFactory"/>      <RefAddresses>        <StringRefAddr addrType="password">        <Contents>05A1B2C3D4E5F6A7B939B5E1234A6E94D76745678724ABCD12</Contents>        </StringRefAddr>

The length of the hash is 50 hex characters.
The first byte is constant: 05
The next 8 bytes represent the randomly generated secret key (for the DES cipher): A1B2C3D4E5F6A7B9
The remaining bytes are the encrypted password: 39B5E1234A6E94D76745678724ABCD12

import oracle.jdevimpl.db.adapter.DatabaseProviderHelper;

class Decode
{
  String pass = "";
  public Decode()
  {
    pass = DatabaseProviderHelper.comingIn("05xxxxxxxxx");
    System.out.println(pass);
  }

public static void main(String[] args)
{
  new Decode();
}
  }

Then compile:
javac -classpath .;D:\Oracle\sqldeveloper-2.1.1.64.45\modules\oracle.adf.model_11.1.1\db-ca.jar;D:\Oracle\sqldeveloper-2.1.1.64.45\sqldeveloper\extensions\oracle.datamodeler\ojmisc.jar sqldeveloper_hash_decode.java

And run:
java -classpath .;D:\Oracle\sqldeveloper-2.1.1.64.45\modules\oracle.adf.model_11.1.1\db-ca.jar;D:\Oracle\sqldeveloper-2.1.1.64.45\sqldeveloper\extensions\oracle.datamodeler\ojmisc.jar Decode

And voila the result a cleartext password.

About these ads
 
9 Comments

Posted by on 24-12-2010 in Oracle, SQLDeveloper

 

Tags: ,

9 responses to “How to retrieve stored password from Oracle SQLdeveloper

  1. mchital

    18-06-2012 at 17:54

    Thanks this worked perfectly for me.

     
  2. Benjamin

    15-12-2012 at 23:08

    I like the valuable information you provide in your articles.
    I’ll bookmark your blog and check again here frequently. I’m quite certain I will learn many new stuff
    right here! Good luck for the next!

     
  3. Pierluigi Vernetto

    10-01-2013 at 15:31

    Master, thanks a lot, your intelligence is so superior that you are clearly not of earthly nature, maybe a God has generated you (do I sound a bit too sycophantic?).

    A question: how to do the reverse: generate the 50 bit string from the cleartext password? I want to generate a connections.xml file from a table of connection parameters…

     
    • jvzoggel

      14-01-2013 at 10:42

      Lol Pier, you idiot ;-) how’s life treating you ? :)

       
  4. Pierluigi Vernetto

    10-01-2013 at 15:43

    oh I think here http://stackoverflow.com/questions/1032721/does-anybody-know-what-encrypting-technique-is-jdeveloper-sql-developer-using-to they give the solution, there is a method goingOut(clearTextPassword)… I will try it immediately.

     
    • jvzoggel

      14-01-2013 at 13:43

      and did it work ?

       
      • PIerluigi

        14-01-2013 at 14:47

        yes, like an Italian watch! (ok, I know, Italians are not famous for their precision… let’s say “like an Italian Prime Minister running after adolescent prostitutes” )

         
  5. Christian Diaz

    06-11-2013 at 18:45

    It Works!!! Thank you so much

     
  6. Suresh

    14-01-2014 at 11:48

    Great tutorial very helpful :)

     

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

Join 343 other followers

%d bloggers like this: