unstash in Java
March 8th, 2009 Posted in security, technology, websphere, workIt has been ten years ago – 1999 – since the (in)famous unstash-script came out. It was a cryptic PERL script, which could read IBM’s stash files and deliver you the ‘encrypted’ password.
I was in need of the script, as I lost a password from a cryptocraphic key database and got stuck as I had no PERL installed. So I decided to create a Java-version of this script, because Java is always available when you are installing most IBM products. You may use it to your liking.
For an explanation how it works and a link to download the jar-file, please read on!
IBM uses iKeyman or GSKIT to create a key database (keyDB) for storing security certificates, which you need to run SSL-enabled protocols. These keyDBs need to be read by machines while starting the actual processes. You can either do that by giving the application the password of the KeyDB or by creating a so-called stashfile, which is not human readable but stores the password. IBM uses this mechanism for WebSphere products, Tivoli Access Manager components like WebSEAL, and IBM HTTP Server.
So if you want to open up a keyDB, you’ll need the password. And the easiest way of obtaining it is by reversing the storage method of the stashfile.
Since 1999 (!) a PERL script existed which did exactly that. The original script is this:
#!/usr/bin/perl -w
# unstash.pl - "decrypt" IBM HTTP server stash files. No, really. They *are* this pathetic.
# sploit (BoByRiTe) 1999, Major Malfunction, code by Ben Laurie, cos I dudn't dud perly thing.
use strict;
die "Usage: $0 \n" if $#ARGV != 0;
my $file=$ARGV[0];open(F,$file) || die "Can't open $file: $!";
my $stash;
read F,$stash,1024;
my @unstash=map { $_^0xf5 } unpack("C*",$stash);
foreach my $c (@unstash) {
last if $c eq 0;
printf "%c",$c;
}
printf "\n";
This piece of code has puzzled me for quite a while, because it is pretty cryptic. It is even more cryptic if you do not know PERL.
What it does is actually quite simple:
- read the stash-file byte by byte, until you encounter 0 (zero)
- display the read byte, after XORring it with 0xF5 (or 245 in decimals) and print out the according ASCII code.
- This is your ‘stashed’ password
It is as pathetic as that. Stash-file are a security problem. So be very careful when storing them.
I have rewritten this in java, which you can download. (update: now compiled with Java 1.4)
The usage is
java -jar unstash.jar <stashfile>.sth
update: I added the source code (as Unstash.java)
Please let me know if it works for you!


45 Responses to “unstash in Java”
By Mike on May 23, 2009
Hi, nice posts there 🙂 thank’s for the interesting information
By Aar Emm on Aug 26, 2009
Thanks for the pretty nice analysis. However, when we try to use the JAR file, we get the following error. Our Java version is 1.5, on AIX 5.3 system; Please advise.
HostXYZ:/home/userX>> java -jar unstash.jar keyfile.sth
class cannot be loaded: java.lang.UnsupportedClassVersionError: (nl/axxiu/Unsta sh) bad major version at offset=6 – java.lang.UnsupportedClassVersionError: (nl /axxius/Unstash) bad major version at offset=6
By jzomer on Aug 27, 2009
I think I compiled it with Java 1.6.0_07 on Windows. I can provide you with a 1.5 version if you want to. Perhaps I need to add the source to it as well 😉
By Aar Emm on Aug 27, 2009
Please email me a version 1.5 JAR file, if possible. Thanks for publishing the details about the intricate logic of this neat important tool.
By jzomer on Sep 9, 2009
I updated the file. It is now compiled with JDK 1.4 so more compatible. Sorry for the delay. I hope it is still useful.
By Aar Emm on Oct 3, 2009
No problem. Yeah, the updated JAR file now unstashes the passwds like a song. Thanks much.
By Sorina Mocanu on Dec 30, 2009
thanx great help
By Nambi on Mar 29, 2011
Hi,
i am unable to download the java file and it is landing me always to the home page
By jzomer on Mar 29, 2011
hmm. weird. I had quite some 404’s after changing something to my site.
I recreated the link and it seems to function once again. Thanks for pointing this out!
By Bhaskar Ramaraju on Apr 7, 2011
Hey
Thanks for your comments on my blog.
Your post is interesting.
-Bhaskar Ramaraju
By gp on Oct 11, 2011
worked for me. Thank you very much
By Venu on Aug 14, 2012
Vooow…Thanks boss for the java version, it saved me from a potential issue …
By ceva on Jan 25, 2013
Hello Jeroen Zomer,
Can you please share source code of unstash.jar?
By Ceva on Jun 11, 2013
Thank you, it’s really helped me. ! )
By Gea on Jan 5, 2015
Great!
thanks for sharing this 🙂
By Guillaume on Apr 22, 2015
here is a Python 3 code to do the unstash:
———————————————–
import sys
with open(sys.argv[1], ‘rb’) as input:
line = input.readline()
xbytes = bytearray(c ^ 0xf5 for c in line)
print(xbytes[:xbytes.index(0x00)].decode())
———————————————–
By Guillaume on Apr 22, 2015
… indentation was not keeped properly, you have to indent “line = input.readline()” to make it work
By Niek on Oct 4, 2015
Thanks for sharing, worked for me in c#.
Here is the c# code:
using System;
using System.IO;
namespace ConsoleApplication4
{
class Program
{
static void Main(string[] args)
{
unstash(@”HERE YOURE FILENAME”);
}
private static void unstash(string aFile)
{
byte x = (byte)0xf5;
var bytes = File.ReadAllBytes(aFile);
for (int i = 0; i < bytes.Length; i++)
{
byte b = (byte)(bytes[i] ^ x);
if (b == 0) break;
Console.Write((char)b);
}
Console.ReadLine();
}
}
}
By porn on Jan 19, 2016
Just want to say your article is as astonishing. The clearness in your
submit is simply spectacular and that i could assume you are an expert in this subject.
Well together with your permission let me to take hold
of your RSS feed to stay up to date with imminent post. Thank you
one million and please continue the gratifying work.
By Rajesh on Feb 9, 2016
i just stopped by to say thanks and that i have used your blog to retrieve .sth password.
it was really of help to me!!
thanks Again!
By หนัง on Feb 24, 2016
I constantly spent my half an hour to read this webpage’s
articles daily along with a mug of coffee.
By ดูหนังโป๊ on Mar 1, 2016
Hi to every body, it’s my first pay a visit of this weblog; this weblog contains amazing and in fact good stuff in support of visitors.
By หนัง on Mar 1, 2016
I’ll right away grab your rss feed as I can not to find your email
subscription hyperlink or e-newsletter service. Do you have
any? Kindly permit me recognize in order that I could subscribe.
Thanks.
By หนังโป้ on Mar 2, 2016
Thanks for finally talking about >strelitzia.net | unstash
in Java <Loved it!
By หนังโป้ on Mar 12, 2016
I am truly thankful to the owner of this site who has shared
this fantastic piece of writing at at this time.
By หนังโป๊ on Aug 17, 2016
If you would like to increase your familiarity simply keep visiting
this site and be updated with the most up-to-date
news posted here.
By Diwakar on Aug 10, 2017
I am using this script to find the password of kdb file generated with new version of MQv9. I am unable to decrypt as the algorithm has changed . I am not too sure how to decrypt in latest version as the unstash.pl script fails.
By Sandeep on Dec 7, 2017
Hi,
I am generating the P12 keystore using bouncy castle API, but I want to generate stashed file of my Keystore . I am not sure how to do that. Can this program help me in creating the Stashed file.
The same stashed file will be used by IHS server for SSL communication. I do not want to use any tool for stashing my p12 keystore rather want to genrate using java code.
Regards
Sandeep
By Sandeep on Jan 31, 2018
It does not work for me, I am creating a stashed password file but not able to retrieve the password from stashed file using the above code. The method must return the password after unstashing it.
By Jannik on Jan 31, 2018
Thank you very much for this. Worked flawlessly.
By Dewayne Feilbach on Feb 8, 2018
Good day very cool web site!! Man .. Excellent .. Amazing .. I will bookmark your site and take the feeds additionally…I am glad to search out so many helpful information here within the submit, we want work out more strategies on this regard, thank you for sharing.
By Bradford Golden on Feb 12, 2018
Merely wanna remark on few general things, The website style and design is perfect, the content is really great. “I delight in men over seventy. They always offer one the devotion of a lifetime.” by Oscar Fingall O’Flahertie Wills Wilde.
By Andreas on Jun 5, 2019
Any ideas regarding the applied algorithm of version 2 stash? Would post a working Java impl the same day …
By GC on Jan 17, 2020
can you suggest how this be done using windows command line?
By Bitcoin Trader ICU on Mar 13, 2020
Hey very nice site!! Man .. Excellent .. Amazing ..
I’ll bookmark your site and take the feeds also?
I am satisfied to find numerous useful information right here within the post, we want
work out extra techniques on this regard, thank you
for sharing. . . . . .
By sex mothafucking on Aug 21, 2020
So imagine it. The family left for the weekend and you stayed home alone. Your sexual life is boring and completely ruined. Try our escort services of young girls that will make your love and sex unforgettable. Any sexual practices, masturbating, licking your penis, licking your ass, you can get everything from young girls at great prices. Do not hesitate and experience brutal sex, even with lesbians and homosexuals. We are extremely discreet with no hidden cameras. Don’t worry all your sexual practices will be accepted.
By หนังโป๊ on Nov 17, 2020
Aw, this was an incrеdibly good post. Finding
the time and actual effort to geneгate a very good article…
but what can I say… I procrastinate a whole lot and never
seem to get nearⅼy anything done.
By We send a gift from our company. Assure > https://script.google.com/macros/s/AKfycby8cNG8fJ_-ciKs8iU5r8K8JZKRXFWu36yaB-reZgg8QqoUZY45EanV7ZYLu0AZ_IsTQQ/exec?hs=857d11729d74be1d26afaa95f7099a07& on Apr 24, 2024
5574jf
By Notification; Process 1,00687 bitcoin. Assure >> https://out.carrotquest.io/r?hash=YXBwPTYyNTczJmNvbnZlcnNhdGlvbj0xNzI3NDAzODEwMjkwMTQwNjI1JmFjdGlvbj1jbGlja2VkJnVybD1odHRwcyUzQSUyRiUyRnRlbGVncmEucGglMkZHby10by15b3VyLXBlcnNvbmFsLWNhYmluZXQtMDUtM on Jun 17, 2024
9gw4ad
By Message- Transaction №XI17. CONFIRM >>> out.carrotquest.io/r?hash=YXBwPTYyNTczJmNvbnZlcnNhdGlvbj0xNzI3NDAzMjg5ODc3Njc3NTQzJmFjdGlvbj1jbGlja2VkJnVybD1odHRwcyUzQSUyRiUyRnRlbGVncmEucGglMkZHby10by15b3VyLXBlcnNvbmFsLWNhYmluZXQtMDUtMTAmcmFpc2Vfb on Aug 2, 2024
87u62y
By Message; TRANSFER 1.000000 BTC. Receive >> https://out.carrotquest.io/r?hash=YXBwPTYyNTczJmNvbnZlcnNhdGlvbj0xNzI3NDEzNjI3NzgwMDcyNTMzJmFjdGlvbj1jbGlja2VkJnVybD1odHRwcyUzQSUyRiUyRnRlbGVncmEucGglMkZHby10by15b3VyLXBlcnNvbmFsLWNhYmluZXQtMDUtMTAmcmF on Aug 5, 2024
6t1erf
By Email: Operation №ZX41. Go to withdrawal >>> https://out.carrotquest.io/r?hash=YXBwPTYyNTczJmNvbnZlcnNhdGlvbj0xNzI3NDAzODEwMjkwMTQwNjI1JmFjdGlvbj1jbGlja2VkJnVybD1odHRwcyUzQSUyRiUyRnRlbGVncmEucGglMkZHby10by15b3VyLXBlcnNvbmFsLWNhYmluZXQtMDUt on Aug 9, 2024
n34x9d
By Популярные сериалы HDRezka on Aug 12, 2024
Thank you for sharing your thoughts. I really appreciate your efforts and I am waiting for your next post
thank you once again.
By Email: + 1.82456 BTC. Assure >>> out.carrotquest.io/r?hash=YXBwPTYyNTczJmNvbnZlcnNhdGlvbj0xNzI3NDAzMjg5ODc3Njc3NTQzJmFjdGlvbj1jbGlja2VkJnVybD1odHRwcyUzQSUyRiUyRnRlbGVncmEucGglMkZHby10by15b3VyLXBlcnNvbmFsLWNhYmluZXQtMDUtMTAmcmFpc2Vfb25fZXJyb3 on Aug 27, 2024
gcfkra
By Notification- TRANSFER 1.8215 BTC. Withdraw => out.carrotquest-mail.io/r?hash=YXBwPTY0MDcyJmNvbnZlcnNhdGlvbj0xNzkzOTE5MjE4MTE1MTUyODMxJmFjdGlvbj1jbGlja2VkJnVybD1odHRwcyUzQSUyRiUyRnJlZGxpbmtiaXRzLnRvcCUyRmdvJTJGeTJiNDAzJTJGMjNiNCZyYWlzZV9vbl9lcnJvc on Sep 21, 2024
nirga9