I have a set of database files (i.e. .data
, .properties
and .script
file) in hsqldb format, but the person who managed them previously quit and left no credentials. When I try to connect to the database using any means to access the standalone file-based database (such as SqlTool or DatabaseManager), passing default "sa" user and default empty password, I get something like that:
java.sql.SQLException: User not found: SA at org.hsqldb.jdbc.Util.sqlException(Unknown Source) at org.hsqldb.jdbc.jdbcConnection.(Unknown Source) at org.hsqldb.jdbcDriver.getConnection(Unknown Source) at org.hsqldb.jdbcDriver.connect(Unknown Source) at java.sql.DriverManager.getConnection(DriverManager.java:582) at java.sql.DriverManager.getConnection(DriverManager.java:185) ...
Is there a way to easily bypass the whole hsqldb authentication and grants scheme and just reset the "sa" user in its full rights? I've digged up whole hsqldb documentation and done some research over Google, but I can't find any means to just bypass it?
Or it's completely impossible without brute-forcing (i.e. file is in fact encrypted with a given password)? This question mentions that passwords are stored in .script
file, but it looks like that the one I have is set to COMPRESSED
or BINARY
format (I can't tell which one with my bare eyes) using SET SCRIPTFORMAT
command, albeit I see raw live string data in the .data
file. Is it possible to decrypt BINARY format?
If you see cleartext strings in the .data file, then the database is not encrypted.
As HSQLDB is opensource, you can edit the source to print out the user name and password to the console when the database is opened. Find the class named
User
for this purpose. This cannot be done with encrypted databases, which are not opened at all without the encryption key.