Decryption of Weblogic 8 3DES passwords in config.xml…

So, yesterday I couldn’t find the password that is used to connect to one of the Oracle DBs for an application…

The password is saved in config.xml for this weblogic domain, but it’s encrypted…

I can see the hash “{3DES}vx1VMjDei4ur7Ews12m4zQ==” in the config.xml file…

I’ve read a few threads that mentioned that the decryption key is in SerializedSystemIni.dat located in the domain folder…

I tried to use OpenSSL to do the work, but couldn’t get it working, and BEA’s dev2dev portal is no longer working so that I can check anything out…

Lucky for me, I’ve found this post, he got this working for Weblogic 10, however, the config file structure is a bit different, so I had to do a little tweak in the regular expressions…

And here’s the working source code, you need to include weblogic.jar and jsafe.jar in your class path for this to compile and work…

package weblogic_dec;

import java.io.*;  
import java.util.regex.*;  
import weblogic.security.internal.SerializedSystemIni;  
import weblogic.security.internal.encryption.ClearOrEncryptedService;  
public class WebLogicDecryptor {  
    protected static final String REGEX_FOR_XML = "\\{3DES\\}.*\"$";  
    protected static final String REGEX_FOR_PROPERTIES = "\\{3DES\\}.*";  
    protected boolean isXML;  
    protected Pattern pattern;  
    protected ClearOrEncryptedService ces;  
    public static void main(String[] args) throws Exception {  
        if (args.length < 2) {  
            throw new Exception("Usage: [domainDir] [configFile]");  
        }  
        File domainDir = new File(args[0]);  
        File configFile = new File(args[1]);  
        if (!domainDir.exists() || !domainDir.isDirectory() || !configFile.exists() || configFile.isDirectory()) {  
            throw new Exception("Files or directories provided as parameters do not exist.");  
        }  
        new WebLogicDecryptor().run(domainDir, configFile);  
    }  
    public void run(File domainDir, File configFile) throws Exception {  
        ces = new ClearOrEncryptedService(SerializedSystemIni.getEncryptionService(domainDir.getAbsolutePath()));  
        processFile(configFile);  
    }  
    public void processFile(File file) throws Exception {  
        isXML = file.getName().endsWith(".xml");  
        pattern = Pattern.compile(getRegex());  
        BufferedReader in = null;  
        try {  
            in = new BufferedReader(new FileReader(file));  
            String line = null;  
            while ((line = in.readLine()) != null) {  
                System.out.println(processLine(line));  
            }  
        }  
        finally {  
            if (in != null) {  
                in.close();  
            }  
        }  
    }  
    protected String processLine(String line) {  
        String result = line;  
        Matcher m = pattern.matcher(result);  
        while (m.find()) {  
            String encoded = result.substring(m.start(), m.end());  
            encoded = encoded.replace("\\", "");
            String decoded = ces.decrypt(encoded);   
            result = result.replaceFirst(getRegex(), decoded + (isXML ? "\"" : ""));
            m.reset(result);  
        }  
        return result;  
    }  
    protected String getRegex() {  
        return isXML ? REGEX_FOR_XML : REGEX_FOR_PROPERTIES;  
    }  

The differences from the original post is marked in BOLD above…

I’ve done this in Eclipse, this will generate a fully working config.xml with all the passwords decrypted…

Enjoy…

Advertisements

2 Responses

  1. Thanks Buddy. The code works like a charm…

  2. […] Decryption of Weblogic 8 3DES passwords in config.xml … – Mar 31, 2009 · So, yesterday I couldn’t find the password that is used to connect to one of the Oracle DBs for an application… The password is saved in config.xml for …… […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: