A simple script to decrypt mangled and obfuscated passwords from Tibco EMS
- Support mangled
"$man$"and obfuscated"#!"passwords - Standalone Windows executable available
$ python tibcopasswordrevealer.py -h
Usage: tibcopasswordrevealer.py [options] '<obfuscated_password>' (on UNIX, do not forget to simple quote the password to avoid bash interpretation)
Version: 1.0
Options:
-h, --help show this help message and exit
Mangled password:
-m MANGLED_PASSWORD, --mangled-password=MANGLED_PASSWORD
mangled password that you want to unmangle. Ex. -m
'$man$Dc6rE3mh8giUDcPkQEhEE5CnUKA='
Obfuscated password:
-o OBFUSCATED_PASSWORD, --obfuscated-password=OBFUSCATED_PASSWORD
obfuscated password that you want to deobfuscate Ex:
-o '#!/Zbs+cF+HftERpGvBh03jFtPMJQuLItP'
$ python tibcopasswordrevealer.py '$man$Dc6rE3mh8giUDcPkQEhEE5CnUKA='
tibcopasswordrevealer.py version 1.0
[+] mangled password: $man$Dc6rE3mh8giUDcPkQEhEE5CnUKA=
[+] unmangled password: toto
> tibcopasswordrevealer.exe #!/Zbs+cF+HftERpGvBh03jFtPMJQuLItP
tibcopasswordrevealer.py version 1.0
[+] obfuscated password: #!/Zbs+cF+HftERpGvBh03jFtPMJQuLItP
[+] deobfuscated password: lolilol
- For the
Pythonversion: PyCrypto (apt-get install python-cryptoorpip install pycrypto) - For the Windows standalone version: nothing
- version 1.0 - 03/06/2016: Initial commit
- Tibco for their clear API and their false sense of security with the use of 'obfuscation' as a security measure for credentials storage: 'Passwords encrypted using Obfuscate Utility cannot be decrypted. Ownership is with customers to remember passwords in clear text. There is no utility provided by TIBCO to decrypt passwords encrypted using Obfuscate Utility.'
- Previous research around decryption