Is there any way to extract credentials saved by TortoiseSVN?

Short answer: You can use TortoiseSVN Password Decrypter to easily display your cached credentials, including passwords.

Long answer: Here's how the tool works.

The credentials are saved in subdirectories of %APPDATA%\Subversion\auth\. Listed from this previous answer they are:

• svn.simple contains credentials for basic authentication (username/password)
• svn.ssl.server contains SSL server certificates
• svn.username contains credentials for username-only authentication (no password needed)

The first directory is the one of interest. It appears to contain files with names that look like GUIDs; one for each repository for which you've saved credentials.

The passwords in these files are encrypted by the Windows Data Protection API. The tool above uses sample code from Obviex to interface with this API and perform decryption.

In order for it to work, you must have access to the same Windows user account you were running under when you checkmarked the "Save authentication" checkbox. This is because the Windows Data Protection API uses an encryption key that is tied to your Windows account. If you lose this account (or, I believe, if an administrator resets your password) then you will no longer be able to decrypt the passwords (except perhaps by using brute force / a third party tool). Having a new Windows account with the same username/password (or probably even SID's) is not sufficient.

Based on the info below it sounds like you could possible decrypt them locally in some fashion...

UPDATE: Definitive answer from TortiseSVN community

When they're sent over the wire encrypted, they're encrypted using a handshake and/or agreed-upon key at the time of connection.

When they're stored/read locally, they're encrypted/decrypted via the Windows Crypto API which uses a key tied to your Windows account.

The locally-encrypted copy can't be decrypted by the server because the keys are local to your account.

So when you connect (let's say via HTTPS), your client gets the credentials decrypted via the appropriate Windows API, then includes them in the HTTPS transmission. HTTPS encrypts the whole communication between client & server using SSL certificates, not just the credentials.

I wanted to point out that decrypting this file is also relatively easy to do in a few lines of Python. I opened my credential file in a text editor and copied the password field into a Python bytestring.

import win32crypt
import base64

B64code = b"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA0gRG39G8tEeNNERc7dE/CQAAAAAyAAAAYQB1AHQAaABfAHMAdgBuAC4AcwBpAG0AcABsAGUALgB3AGkAbgBjAHIAeQBwAHQAAAADZgAAwAAAABAAAAB8vKqUfD/lPrHNuMFtgbgeAAAAAASAAACgAAAAEAAAAD2i0OVU7jJCpFMjacfRp7AIAAAAX+9IfPO1DssU\nAAAABzNvUA+WmZn0Olll9otzhObha6o="

bytescode = base64.decodebytes(B64code)
plaintext = win32crypt.CryptUnprotectData(bytescode)
print(plaintext)

The output of this gives ('auth_svn.simple.wincrypt', b'1337H4X') which includes the password in the second field. "win32crypt" is part of the pywin32 package and interfaces the same windows API that SVN presumably uses to encrypt it.

rkagerer's answer provides great detail and background and I would not have been able to figure this out without it.