Retrieve passwords stored in SQLyog

Recently I needed to retrieve a mysql-password I had stored in SQLyog, but nowhere else. First I "feared" I had to change the password and update it in some places, but luckily SQLyog is open source, so a had a quick glance at the source to see how the password was stored. I suspected that it couldn't be a very good encryption because you don't have a master-password. I'd have guessed as a windows-only application they'd use the protected storage to be a bit secure against offline attacks, but it quickly turned out that the passwords are only obfuscated with a simple bit-manipulation.

The relevant function is DecodePassword in CommonHelper.cpp which just decodes the Base64-encoding and then rotates the bits of each character one bit to the left. I used this python-script to decrypt my password.
import base64
import sys

def deobfuscate(c):
  b = ord(c)
  return chr(((b << 1) & 0xFF) | (b >> (8 - 1)))

encoded = sys.stdin.readline();
print(''.join(map(deobfuscate, base64.b64decode(encoded))))

BTW: if you ever want to generate a configuration from an existing source, you could of course do the reverse of this (rotate right, then base64).

Comments

  • Cool. Worked very good. Thanks man.
  • here is the php version:
    foreach(str_split(base64_decode('YOUR_ENCODED_PASS_HERE')) as $chr)
      echo chr(((($chr = ord($chr)) << 1) & 0xFF) | ($chr >> (8 - 1)));
    
    thanks mon!
  • Great, thanks for the PHP version!
  • Ruby:
    require "base64"
    
    puts Base64.decode64(gets).unpack("C*").map { |u| ((u << 1) & 255) | (u >> 7) }.pack("U*")
    
  • Thanks Greg!
  • Here's the C# code:
    Console.WriteLine(string.Join("",Convert.FromBase64String("YOUR_ENCODED_PASS_HERE").Select(b => {
      return (char)(((b << 1) & 0xFF) | (b >> (8-1)));
    }));
     
  • Great to see versions for different languages still coming in after over three years. :-)