DBeaver password decryption script - for newer versions of DBeaver

decrypt_dbeaver.py

# https://stackoverflow.com/questions/39928401/recover-db-password-stored-in-my-dbeaver-connection

# requires pycryptodome lib (pip install pycryptodome)

import argparse
import contextlib
import os
import json
from Crypto.Cipher import AES


parser = argparse.ArgumentParser(description="Recover DB password stored in DBeaver connection")
parser.add_argument("filepath", nargs="?", help="Path to credentials-config.json file")
args = parser.parse_args()

if args.filepath:
    filepath = args.filepath
else:
    default_paths = (
        "~/Library/DBeaverData/workspace6/General/.dbeaver/credentials-config.json",
        "~/.local/share/DBeaverData/workspace6/General/.dbeaver/credentials-config.json",
        "~/.local/share/.DBeaverData/workspace6/General/.dbeaver/credentials-config.json",
        "~/AppData/Roaming/DBeaverData/workspace6/General/.dbeaver/credentials-config.json",
    )
    for path in default_paths:
        filepath = os.path.expanduser(path)
        with contextlib.suppress(FileNotFoundError):
            with open(filepath, "rb"):
                pass
            break
    else:
        raise Exception("Credentials file not found in any of default paths.")

print(filepath)

# PASSWORD_DECRYPTION_KEY = bytes([-70, -69, 74, -97, 119, 74, -72, 83, -55, 108, 45, 101, 61, -2, 84, 74])
PASSWORD_DECRYPTION_KEY = bytes([186, 187, 74, 159, 119, 74, 184, 83, 201, 108, 45, 101, 61, 254, 84, 74])

with open(filepath, "rb") as f:
    data = f.read()

decryptor = AES.new(PASSWORD_DECRYPTION_KEY, AES.MODE_CBC, data[:16])
padded_output = decryptor.decrypt(data[16:])
output = padded_output.rstrip(padded_output[-1:])

try:
    print(json.dumps(json.loads(output), indent=4, sort_keys=True))
except Exception:
    print(output)