How to Decode HeidiSQL Stored Passwords: A Step-by-Step Guide

Description

HeidiSQL is a popular open-source administration tool for MySQL, MariaDB, and PostgreSQL. While it offers a convenient way to manage databases, users should be aware of how it handles session security (specifically how it stores passwords).

In this blog post, we will explore how HeidiSQL encodes passwords in its settings files and how that encoding can be easily reversed.

Download HeidiSQL

Get the latest version from it's official site.

Link: https://www.heidisql.com/download.php

Recovering HeidiSQL Connection Passwords

We will cover two methods to recover stored passwords from HeidiSQL:

• a code based approach
• an online GUI-based tool

Before we start this demo, let’s first create a test connection in HeidiSQL to generate the encrypted credentials file.

Step 1: Creating a Test Session

It allows you to create a new session with different network types, such as MariaDB, ProxySQL, PostgreSQL, Microsoft SQL Server, etc.

1. At the bottom left, click on New -> Session in root folder.
2. For the demo, set the password as rootpassword.
3. Leave the other settings as they are.
4. Click Save.
5. Try to open the session. The connection may fail because no database server is running (no setup is required).

You do not actually need to connect to a live database for this demonstration because we only need the entry stored in the configuration.

We have sucessfully created a new database session.

Step 2: Exporting the settings file

After creating a session, we can export the settings file. This file contains all the database settings, encoded passwords, etc.

To export the settings, follow these steps:

1. At the bottom right, click on More.
2. Then click on the Export Settings File... option.
3. Provide a file name and save it to the desired location.
4. Open the saved file and search for the keyword "password".
5. The encoded password will be located there.

We have the encoded password for our test session: 776673697472756678787C7477695

Step 3: Understanding decryption

It is important to note that HeidiSQL does not use true encryption (like AES) for these passwords. Instead, it uses a simple Shift Cipher (a variation of the Caesar Cipher) based on Hex values.

The Logic:

• The Shift Key: The very last character of the hex string is the "Shift Value."
• Data Prep: Remove that last character. The remaining string consists of two-character hex pairs.
• The Math: For every hex pair, convert it to a decimal integer and subtract the Shift Value.

The Result: Convert that new integer back into an ASCII character.

Demo Code In Python:

def heidi_decode(hex_string: str) -> str:
    # 1. Extract the shift value (the last digit)
    shift = int(hex_string[-1])
    
    # 2. Clean the string by removing the last character
    clean_hex = hex_string[:-1]
    
    # 3. Iterate through hex pairs and subtract the shift
    decoded_chars = []
    for i in range(0, len(clean_hex), 2):
        hex_pair = clean_hex[i:i+2]
        # Convert hex to int, subtract shift, then to ASCII
        plain_char = chr(int(hex_pair, 16) - shift)
        decoded_chars.append(plain_char)
        
    return ''.join(decoded_chars)

Step 4: Decoding HeidiSQL Password

Save the Python code above on your local machine, or run it using an online compiler:

https://keydecryptor.com/misc-tools/compiler

We have recovered the decoded password for 776673697472756678787C7477695: randompassword

Step 5: Online Alternative for Decoding HeidiSQL Passwords

If you have problem running the code, you can use the online alternative provided by KeyDecryptor at https://keydecryptor.com/misc-tools/heidisql-password-recovery.

Just enter the encoded password and click on Decrypt Password button to get the original password.