Dralon.blog
large picture of the cover

Navicat 使用注册表查看账号密码

通过windows注册表查看navicat存储的账号密码:

reg query HKEY_CURRENT_USER\Software\PremiumSoft\ /s /v host  #查看主机
reg query HKEY_CURRENT_USER\Software\PremiumSoft\ /s /v username #查看用户名
reg query HKEY_CURRENT_USER\Software\PremiumSoft\ /s /v pwd 	#查看密码,密码需要解密

密码解密:在线运行JAVA网站https://www.nhooo.com/tool/java8/

JAVA脚本:

package org.example;
 
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.util.Arrays;
 
public class Main {
    public static void main(String []args) {
        //navicat11版本解密
        Navicat11Cipher de = new Navicat11Cipher();
        System.out.println(de.decryptString("15057D7BA390"));
        //navicat12以上版本解密
        Navicat12Cipher de12 = new Navicat12Cipher();
        System.out.println(de12.decryptString("503AA930968F877F04770B47DD731DC0"));
    }
    public static class Navicat11Cipher {
        public static final String DefaultUserKey = "3DC5CA39";
        private byte[] _IV;
 
        private SecretKeySpec _Key;
        private Cipher _Encryptor;
        private Cipher _Decryptor;
 
        private void initKey(String UserKey) {
            try {
                MessageDigest sha1 = MessageDigest.getInstance("SHA1");
                byte[] userkey_data = UserKey.getBytes(StandardCharsets.UTF_8);
                sha1.update(userkey_data, 0, userkey_data.length);
                _Key = new SecretKeySpec(sha1.digest(), "Blowfish");
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
 
        private void initChiperEncrypt() {
            try {
                // Must use NoPadding
                _Encryptor = Cipher.getInstance("Blowfish/ECB/NoPadding");
                _Encryptor.init(Cipher.ENCRYPT_MODE, _Key);
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
 
        private void initChiperDecrypt() {
            try {
                // Must use NoPadding
                _Decryptor = Cipher.getInstance("Blowfish/ECB/NoPadding");
                _Decryptor.init(Cipher.DECRYPT_MODE, _Key);
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
 
        private void initIV() {
            try {
                byte[] initVec = DatatypeConverter.parseHexBinary("FFFFFFFFFFFFFFFF");
                _IV = _Encryptor.doFinal(initVec);
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
 
        private void xorBytes(byte[] a, byte[] b) {
            for (int i = 0; i < a.length; i++) {
                int aVal = a[i] & 0xff; // convert byte to integer
                int bVal = b[i] & 0xff;
                a[i] = (byte) (aVal ^ bVal); // xor aVal and bVal and typecast to byte
            }
        }
 
        private void xorBytes(byte[] a, byte[] b, int l) {
            for (int i = 0; i < l; i++) {
                int aVal = a[i] & 0xff; // convert byte to integer
                int bVal = b[i] & 0xff;
                a[i] = (byte) (aVal ^ bVal); // xor aVal and bVal and typecast to byte
            }
        }
 
        {
            initKey(DefaultUserKey);
            initChiperEncrypt();
            initChiperDecrypt();
            initIV();
        }
 
        private byte[] Encrypt(byte[] inData) {
            try {
                byte[] CV = Arrays.copyOf(_IV, _IV.length);
                byte[] ret = new byte[inData.length];
 
                int blocks_len = inData.length / 8;
                int left_len = inData.length % 8;
 
                for (int i = 0; i < blocks_len; i++) {
                    byte[] temp = Arrays.copyOfRange(inData, i * 8, (i * 8) + 8);
 
                    xorBytes(temp, CV);
                    temp = _Encryptor.doFinal(temp);
                    xorBytes(CV, temp);
 
                    System.arraycopy(temp, 0, ret, i * 8, 8);
                }
 
                if (left_len != 0) {
                    CV = _Encryptor.doFinal(CV);
                    byte[] temp = Arrays.copyOfRange(inData, blocks_len * 8, (blocks_len * 8) + left_len);
                    xorBytes(temp, CV, left_len);
                    System.arraycopy(temp, 0, ret, blocks_len * 8, temp.length);
                }
 
                return ret;
            } catch (Exception e) {
                e.printStackTrace();
                return null;
            }
        }
 
        public String encryptString(String inputString) {
            try {
                byte[] inData = inputString.getBytes(StandardCharsets.UTF_8);
                byte[] outData = Encrypt(inData);
                return DatatypeConverter.printHexBinary(outData);
            } catch (Exception e) {
                e.printStackTrace();
                return "";
            }
        }
 
        private byte[] Decrypt(byte[] inData) {
            try {
                byte[] CV = Arrays.copyOf(_IV, _IV.length);
                byte[] ret = new byte[inData.length];
 
                int blocks_len = inData.length / 8;
                int left_len = inData.length % 8;
 
                for (int i = 0; i < blocks_len; i++) {
                    byte[] temp = Arrays.copyOfRange(inData, i * 8, (i * 8) + 8);
 
                    temp = _Decryptor.doFinal(temp);
                    xorBytes(temp, CV);
                    System.arraycopy(temp, 0, ret, i * 8, 8);
                    for (int j = 0; j < CV.length; j++) {
                        CV[j] = (byte) (CV[j] ^ inData[i * 8 + j]);
                    }
                }
 
                if (left_len != 0) {
                    CV = _Encryptor.doFinal(CV);
                    byte[] temp = Arrays.copyOfRange(inData, blocks_len * 8, (blocks_len * 8) + left_len);
 
                    xorBytes(temp, CV, left_len);
                    for (int j = 0; j < temp.length; j++) {
                        ret[blocks_len * 8 + j] = temp[j];
                    }
                }
 
                return ret;
            } catch (Exception e) {
                e.printStackTrace();
                return null;
            }
        }
 
        public String decryptString(String hexString) {
            try {
                byte[] inData = DatatypeConverter.parseHexBinary(hexString);
                byte[] outData = Decrypt(inData);
                return new String(outData, StandardCharsets.UTF_8);
            } catch (Exception e) {
                e.printStackTrace();
                return "";
            }
        }
    }
    public static class Navicat12Cipher {
        private SecretKeySpec _AesKey;
        private IvParameterSpec _AesIV;
 
        {
            _AesKey = new SecretKeySpec("libcckeylibcckey".getBytes(StandardCharsets.UTF_8), "AES");
            _AesIV = new IvParameterSpec("libcciv libcciv ".getBytes(StandardCharsets.UTF_8));
        }
 
        public String encryptString(String plaintext) {
            try {
                Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
                cipher.init(Cipher.ENCRYPT_MODE, _AesKey, _AesIV);
                byte[] ret = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8));
                return DatatypeConverter.printHexBinary(ret);
            } catch (Exception e) {
                e.printStackTrace();
                return "";
            }
        }
 
        public String decryptString(String ciphertext) {
            try {
                Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
                cipher.init(Cipher.DECRYPT_MODE, _AesKey, _AesIV);
                byte[] ret = cipher.doFinal(DatatypeConverter.parseHexBinary(ciphertext));
                return new String(ret, StandardCharsets.UTF_8);
            } catch (Exception e) {
                e.printStackTrace();
                return "";
            }
        }
    }
}

php运行脚本:

<?php
namespace FatSmallTools;
class NavicatPassword
{
    protected $version = 0;
    protected $aesKey = 'libcckeylibcckey';
    protected $aesIv = 'libcciv libcciv ';
    protected $blowString = '3DC5CA39';
    protected $blowKey = null;
    protected $blowIv = null;
    public function __construct($version = 12)
    {
        $this->version = $version;
        $this->blowKey = sha1('3DC5CA39', true);
        $this->blowIv = hex2bin('d9c7c3c8870d64bd');
    }
    public function encrypt($string)
    {
        $result = FALSE;
        switch ($this->version) {
            case 11:
                $result = $this->encryptEleven($string);
                break;
            case 12:
                $result = $this->encryptTwelve($string);
                break;
            default:
                break;
        }
        return $result;
    }
    protected function encryptEleven($string)
    {
        $round = intval(floor(strlen($string) / 8));
        $leftLength = strlen($string) % 8;
        $result = '';
        $currentVector = $this->blowIv;
        for ($i = 0; $i < $round; $i++) {
            $temp = $this->encryptBlock($this->xorBytes(substr($string, 8 * $i, 8), $currentVector));
            $currentVector = $this->xorBytes($currentVector, $temp);
            $result .= $temp;
        }
        if ($leftLength) {
            $currentVector = $this->encryptBlock($currentVector);
            $result .= $this->xorBytes(substr($string, 8 * $i, $leftLength), $currentVector);
        }
 
        return strtoupper(bin2hex($result));
 
    }
 
    protected function encryptBlock($block)
    {
        return openssl_encrypt($block, 'BF-ECB', $this->blowKey, OPENSSL_RAW_DATA|OPENSSL_NO_PADDING); 
    }
 
    protected function decryptBlock($block)
    {
        return openssl_decrypt($block, 'BF-ECB', $this->blowKey, OPENSSL_RAW_DATA|OPENSSL_NO_PADDING); 
    }
 
    protected function xorBytes($str1, $str2)
    {
        $result = '';
        for ($i = 0; $i < strlen($str1); $i++) {
            $result .= chr(ord($str1[$i]) ^ ord($str2[$i]));
        }
        return $result;
    }
 
    protected function encryptTwelve($string)
    {
        $result = openssl_encrypt($string, 'AES-128-CBC', $this->aesKey, OPENSSL_RAW_DATA, $this->aesIv);
        return strtoupper(bin2hex($result));
    }
    
    public function decrypt($string)
    {
        $result = FALSE;
        switch ($this->version) {
            case 11:
                $result = $this->decryptEleven($string);
                break;
            case 12:
                $result = $this->decryptTwelve($string);
                break;
            default:
                break;
        }
        return $result;
    }
    
    protected function decryptEleven($upperString)
    {
        $string = hex2bin(strtolower($upperString));
        $round = intval(floor(strlen($string) / 8));
        $leftLength = strlen($string) % 8;
        $result = '';
        $currentVector = $this->blowIv;
        for ($i = 0; $i < $round; $i++) {
            $encryptedBlock = substr($string, 8 * $i, 8);
            $temp = $this->xorBytes($this->decryptBlock($encryptedBlock), $currentVector);
            $currentVector = $this->xorBytes($currentVector, $encryptedBlock);
            $result .= $temp;
        }
        if ($leftLength) {
            $currentVector = $this->encryptBlock($currentVector);
            $result .= $this->xorBytes(substr($string, 8 * $i, $leftLength), $currentVector);
        }
        return $result;
    }
 
    
 
    protected function decryptTwelve($upperString)
    {
        $string = hex2bin(strtolower($upperString));
        return openssl_decrypt($string, 'AES-128-CBC', $this->aesKey, OPENSSL_RAW_DATA, $this->aesIv);
    }
}
 
 
 
use FatSmallTools\NavicatPassword;
 
//需要指定版本,11或12
 
//$navicatPassword = new NavicatPassword(12);
 
$navicatPassword = new NavicatPassword(11);
 
 
 
//解密
$decode = $navicatPassword->decrypt('15057D7BA390');
echo $decode."\n";

打开网页 https://tool.lu/coderunnerhttp://www.dooccn.com/php7 可在线运行代码

将原来内容替换为复制的代码块,将密码替换,点击执行 即可对密码进行解密

如果执行后的密码乱码,更换版本即可。

site logo

Hi,Friends.This is Dralon's blog.

© 2025 Dralon.blog