Recently I needed to retrieve a mysql-password I had stored in SQLyog, but nowhere else. First I "feared" I had to change the password and update it in some places, but luckily SQLyog is open source, so a had a quick glance at the source to see how the password was stored. I suspected that it couldn't be a very good encryption because you don't have a master-password. I'd have guessed as a windows-only application they'd use the protected storage to be a bit secure against offline attacks, but it quickly turned out that the passwords are only obfuscated with a simple bit-manipulation.
The relevant function is
DecodePassword in CommonHelper.cpp which just decodes the Base64-encoding and then rotates the bits of each character one bit to the left. I used this python-script to decrypt my password.
import base64
import sys
def deobfuscate(c):
b = ord(c)
return chr(((b << 1) & 0xFF) | (b >> (8 - 1)))
encoded = sys.stdin.readline();
print(''.join(map(deobfuscate, base64.b64decode(encoded))))
BTW: if you ever want to generate a configuration from an existing source, you could of course do the reverse of this (rotate right, then base64).
Comments
foreach(str_split(base64_decode('YOUR_ENCODED_PASS_HERE')) as $chr) echo chr(((($chr = ord($chr)) << 1) & 0xFF) | ($chr >> (8 - 1)));thanks mon!require "base64" puts Base64.decode64(gets).unpack("C*").map { |u| ((u << 1) & 255) | (u >> 7) }.pack("U*")Console.WriteLine(string.Join("",Convert.FromBase64String("YOUR_ENCODED_PASS_HERE").Select(b => { return (char)(((b << 1) & 0xFF) | (b >> (8-1))); }));