Decoding MySQL ~/.mylogin.cnf

Little tool to decode MySQL鈥檚 badly secured login-path. It does the same like the official MySQL server tools 鈥渕y_print_defaults鈥 (based on MySQL OSS python libs).

More security can be achieved by: https://www.percona.com/blog/2016/10/12/encrypt-defaults-file/

#!/usr/bin/env php
<!--?php

$fp = fopen(getenv('HOME') . '/.mylogin.cnf', "r");
if (!$fp) {
    die("Cannot open .mylogin.cnf");
}

fseek($fp, 4);
$key = fread($fp, 20);

// generate real key
$rkey = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
for ($i = 0; $i < strlen($key); $i++) {
    $rkey[$i % 16] = ($rkey[$i % 16] ^ $key[$i]);
}

$section = null;
$settings = [];

while ($len = fread($fp, 4)) {

    // as integer
    $len = unpack("V", $len);
    $len = $len[1];

    // decrypt
    $crypt = fread($fp, $len);
    $plain = openssl_decrypt($crypt, 'aes-128-ecb', $rkey, true);
    $decoded = preg_replace("/[^\\x32-\\xFFFF]/", "", $plain);
    if (preg_match('/^\[([^\]]+)]/', $decoded, $matches)) {
        $section = $matches[1];
        $settings[$section] = [];
    } elseif (preg_match('/^(\w+)=(.*)/', $decoded, $matches)) {
        $settings[$section][$matches[1]] = $matches[2];
    }
}
fclose($fp);

echo json_encode($settings, JSON_PRETTY_PRINT);

Source: https://gist.github.com/robocoder/024442d06b8a75d292d58c5884be4642

Source of mycli (Python): _mylogin_cnf of mycli

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.