Monday, 13 July 2009

Eclipse password recovery (cvs, subversion, ..)

Eclipse stores all the passwords under a file named .keyring, and it makes somewhat difficult to recover them.

Or at least, it only seems difficult to do so. Using a plugin to enable beanshell code execution such as Eclipse-shell, the information may be recovered easily in a few lines of code:

import org.eclipse.core.internal.runtime.auth.AuthorizationDatabase;
import java.lang.reflect.Field;
import java.io.File;

File file = new File("c:/Eclipse/configuration/org.eclipse.core.runtime/.keyring");
String path = file.getAbsolutePath();
AuthorizationDatabase aut = new AuthorizationDatabase(path, "");
Field f = aut.getClass().getDeclaredField("authorizationInfo");
f.setAccessible(true);
f.get(aut);

1 comment:

  1. import org.eclipse.equinox.security.storage.SecurePreferencesFactory;
    import org.eclipse.equinox.security.storage.ISecurePreferences;

    ISecurePreferences root = SecurePreferencesFactory.getDefault();
    root.childrenNames();
    ISecurePreferences node = root.node("node_name");
    node.get("password", "")

    ReplyDelete