How to get forgotten MySQL password from MySQL Workbench on Windows 10?

Asked 18/12, 2019 at 19:43 Answered 29/7 at 15:32

This question is essentially the same question as this one, but for Windows 10.

I have checked the documentation and still have no clear answer. A step by step for viewing the password would be perfect and truly appreciated!

Brogle answered 18/12, 2019 at 19:43 Comment(0)

First go check where your encrypted file is. Usually it is stored at %AppData%\MySQL\Workbench\workbench_user_data.dat

Now that you have the file location, open up powershell and copy & paste the following sequence of commands (order is important):

$cipher = Get-Content $env:APPDATA\MySQL\Workbench\workbench_user_data.dat -AsByteStream -Raw

Hit Enter

$scope = [System.Security.Cryptography.DataProtectionScope]::CurrentUser

Hit Enter

$mysqlpwd = [System.Security.Cryptography.ProtectedData]::Unprotect(
    $cipher, $null, $scope )

Hit Enter

[System.Text.UTF8Encoding]::UTF8.GetString($mysqlpwd)

Hit Enter

Now you can see the following output:

Mysql@X:Y@Z#DBUSER#DBPASSWORD
...
ssh@Z:22#SSHUSER#SSHPASSWORD
...

If you receive a TypeNotFound error:

Unable to find type [System.Security...].

you may also need to run the following to get access to "System.Security"

Add-Type -AssemblyName System.Security

References:

Miguelmiguela answered 23/2, 2021 at 14:47 Comment(8)

Legend - thanks for this. You may have to add the following to have access to System.Security.Cryptography.ProtectedData: "Add-Type -AssemblyName System.Security" – Capitol 1/4, 2021 at 13:43

This worked. Just a minor change to this command - $cipher = Get-Content $env:APPDATA\MySQL\Workbench\workbench_user_data.dat -Encoding Byte Instead run it as $cipher = Get-Content $env:APPDATA\MySQL\Workbench\workbench_user_data.dat -AsByteStream Reference github.com/PowerShell/GPRegistryPolicyParser/issues/5 – Waverly 17/1, 2022 at 5:3

i don't know how to get the encrypted file... Someone assist.. – Dichromatism 6/4, 2023 at 11:39

Amazing! - Now do we need to do anything to re-encrypt or undo those commands? – Balbo 1/9, 2023 at 23:25

@Balbo No, because you only read the contents and don't write the unencrypted contents back to the file. – Miguelmiguela 4/9, 2023 at 8:38

@L.John God Bless You. Saved me from reinstalling the database :) – Omen 28/9, 2023 at 15:38

Incidentally, I was getting an error when running the first command with -AsByteStream but "$cipher = Get-Content $env:APPDATA\MySQL\Workbench\workbench_user_data.dat -Encoding Byte" worked instead. I haven't updated Powershell on this version of Windows 10 so that might be why. – Maziemazlack 27/3 at 20:50

Hi, thanks for this, PowerShell 5.1 didn't work with provided get-content parameters, so adding another variant to get content, $cipher = [System.IO.File]::ReadAllBytes("$env:APPDATA\MySQL\Workbench\workbench_user_data.dat") – Phrenic 11/7 at 21:9

I made a quick Python solution adapted from the link in Mike's answer, since the PowerShell answer didn't work for me.

import os
import re
import win32crypt  # Requires pywin32 package

_group = '(?P<{}>{}+)'
WORKBENCH_PATTERN = '{dbm}@{host}:{port}\2{user}\3{password}'.format(
    dbm=_group.format('dbm', r'\w'),
    host=_group.format('host', r'[\w\.-]'),
    port=_group.format('port', r'\d'),
    user=_group.format('user', r'[\w\.-]'),
    password=_group.format('password', '.'),
)

def read_workbench_user_data(file_path=None):
    if file_path is None:
        file_path = os.path.join(os.getenv('APPDATA'), 'MySQL/Workbench/workbench_user_data.dat')

    with open(file_path, 'rb') as file:
        encrypted_data = file.read()
    decrypted_data = win32crypt.CryptUnprotectData(encrypted_data, None, None, None, 0)
    decrypted_content = decrypted_data[1].decode('utf-8')
    return decrypted_content.split('\n')[:-1]

if __name__ == '__main__':
    for item in read_workbench_user_data():
        match = re.match(WORKBENCH_PATTERN, item)

        print(f'{match.group("dbm")}:')
        print(f'\tHost: {match.group("host")}:{match.group("port")}')
        print(f'\tUsername: {match.group("user")}')
        print(f'\tPassword: {match.group("password")}')

Here's how the output looks:

Widget answered 1/8, 2023 at 13:0 Comment(2)

For those who are getting trouble in this program in line 21, maybe there's a character in the username that is not in the set. In my case, was a dot. Here's an updated version of the regex: (?P<dbm>[A-z]+)@(?P<host>[A-z0-9._-]+):(?P<port>[0-9]+)\2(?P<user>[A-z0-9\._-]+)\3(?P<password>.*) – Ebersole 28/6 at 9:37

Ah thanks, will update the answer. – Widget 28/6 at 9:51

There's no way to view the stored passwords in MySQL Workbench on Windows. The implementation uses Windows encryption APIs and stores the encrypted passwords in an own file, which can only be decrypted by the same user on the same host, from which it was encrypted.

The only solution to get passwords out from that vault is to use the code which also Workbench is using. That requires to write a small tool for this task.

Inbred answered 19/12, 2019 at 7:49 Comment(2)

"can only be decrypted by the same user on the same host" - it was encrypted by me on the host. How to decrypt is essentially my question. – Brogle 20/12, 2019 at 14:42

I know your question. My answer addressed that with a bit extra info. – Inbred 20/12, 2019 at 14:54

This worked with Powershell 5.1

$cipher = Get-Content $env:APPDATA\Roaming\MySQL\Workbench\workbench_user_data.dat -Raw Encoding Byte 

Add-Type -AssemblyName System.Security

$scope = [System.Security.Cryptography.DataProtectionScope]::CurrentUser

$mysqlpwd = [System.Security.Cryptography.ProtectedData]::Unprotect($cipher, $null, $scope )

[System.Text.UTF8Encoding]::UTF8.GetString($mysqlpwd)

Priceless answered 29/7 at 15:32 Comment(0)

Recommended topics

Hot tags