unstash in Java

It has been ten years ago – 1999 – since the (in)famous unstash-script came out. It was a cryptic PERL script, which could read IBM’s stash files and deliver you the ‘encrypted’ password.

I was in need of the script, as I lost a password from a cryptocraphic key database and got stuck as I had no PERL installed. So I decided to create a Java-version of this script, because Java is always available when you are installing most IBM products. You may use it to your liking.

For an explanation how it works and a link to download the jar-file, please read on!

IBM uses iKeyman or GSKIT to create a key database (keyDB) for storing security certificates, which you need to run SSL-enabled protocols. These keyDBs need to be read by machines while starting the actual processes. You can either do that by giving the application the password of the KeyDB or by creating a so-called stashfile, which is not human readable but stores the password. IBM uses this mechanism for WebSphere products, Tivoli Access Manager components like WebSEAL, and IBM HTTP Server.

So if you want to open up a keyDB, you’ll need the password. And the easiest way of obtaining it is by reversing the storage method of the stashfile.

Since 1999 (!) a PERL script existed which did exactly that. The original script is this:

#!/usr/bin/perl -w
# unstash.pl - "decrypt" IBM HTTP server stash files. No, really. They *are* this pathetic.
# sploit (BoByRiTe) 1999, Major Malfunction, code by Ben Laurie, cos I dudn't dud perly thing.
use strict;
die "Usage: $0 \n" if $#ARGV != 0;
my $file=$ARGV[0];open(F,$file) || die "Can't open $file: $!";
my $stash;
read F,$stash,1024;
my @unstash=map { $_^0xf5 } unpack("C*",$stash);
foreach my $c (@unstash) {
  last if $c eq 0;
  printf "%c",$c;
printf "\n";

This piece of code has puzzled me for quite a while, because it is pretty cryptic. It is even more cryptic if you do not know PERL.

What it does is actually quite simple:

  • read the stash-file byte by byte, until you encounter 0 (zero)
  • display the read byte, after XORring it with 0xF5 (or 245 in decimals) and print out the according ASCII code.
  • This is your ‘stashed’ password

It is as pathetic as that. Stash-file are a security problem. So be very careful when storing them.

I have rewritten this in java, which you can download. (update: now compiled with Java 1.4)

The usage is
java -jar unstash.jar <stashfile>.sth

update: I added the source code (as Unstash.java)

Please let me know if it works for you!

39 responses to “unstash in Java”

  1. Mike says:

    Hi, nice posts there :-) thank’s for the interesting information

  2. Aar Emm says:

    Thanks for the pretty nice analysis. However, when we try to use the JAR file, we get the following error. Our Java version is 1.5, on AIX 5.3 system; Please advise.

    HostXYZ:/home/userX>> java -jar unstash.jar keyfile.sth
    class cannot be loaded: java.lang.UnsupportedClassVersionError: (nl/axxiu/Unsta sh) bad major version at offset=6 – java.lang.UnsupportedClassVersionError: (nl /axxius/Unstash) bad major version at offset=6

  3. jzomer says:

    I think I compiled it with Java 1.6.0_07 on Windows. I can provide you with a 1.5 version if you want to. Perhaps I need to add the source to it as well 😉

  4. Aar Emm says:

    Please email me a version 1.5 JAR file, if possible. Thanks for publishing the details about the intricate logic of this neat important tool.

  5. jzomer says:

    I updated the file. It is now compiled with JDK 1.4 so more compatible. Sorry for the delay. I hope it is still useful.

  6. Aar Emm says:

    No problem. Yeah, the updated JAR file now unstashes the passwds like a song. Thanks much.

  7. Sorina Mocanu says:

    thanx great help

  8. Nambi says:


    i am unable to download the java file and it is landing me always to the home page

  9. jzomer says:

    hmm. weird. I had quite some 404’s after changing something to my site.
    I recreated the link and it seems to function once again. Thanks for pointing this out!

  10. Hey
    Thanks for your comments on my blog.
    Your post is interesting.

    -Bhaskar Ramaraju

  11. gp says:

    worked for me. Thank you very much

  12. Venu says:

    Vooow…Thanks boss for the java version, it saved me from a potential issue …

  13. ceva says:

    Hello Jeroen Zomer,
    Can you please share source code of unstash.jar?

  14. Ceva says:

    Thank you, it’s really helped me. ! )

  15. Gea says:

    thanks for sharing this :)

  16. Guillaume says:

    here is a Python 3 code to do the unstash:

    import sys

    with open(sys.argv[1], ‘rb’) as input:
    line = input.readline()
    xbytes = bytearray(c ^ 0xf5 for c in line)

  17. Guillaume says:

    … indentation was not keeped properly, you have to indent “line = input.readline()” to make it work

  18. Niek says:

    Thanks for sharing, worked for me in c#.
    Here is the c# code:

    using System;
    using System.IO;

    namespace ConsoleApplication4
    class Program
    static void Main(string[] args)
    unstash(@”HERE YOURE FILENAME”);

    private static void unstash(string aFile)
    byte x = (byte)0xf5;
    var bytes = File.ReadAllBytes(aFile);
    for (int i = 0; i < bytes.Length; i++)
    byte b = (byte)(bytes[i] ^ x);
    if (b == 0) break;

  19. porn says:

    Just want to say your article is as astonishing. The clearness in your
    submit is simply spectacular and that i could assume you are an expert in this subject.
    Well together with your permission let me to take hold
    of your RSS feed to stay up to date with imminent post. Thank you
    one million and please continue the gratifying work.

  20. Rajesh says:

    i just stopped by to say thanks and that i have used your blog to retrieve .sth password.

    it was really of help to me!!

    thanks Again!

  21. หนัง says:

    I constantly spent my half an hour to read this webpage’s
    articles daily along with a mug of coffee.

  22. Hi to every body, it’s my first pay a visit of this weblog; this weblog contains amazing and in fact good stuff in support of visitors.

  23. หนัง says:

    I’ll right away grab your rss feed as I can not to find your email
    subscription hyperlink or e-newsletter service. Do you have
    any? Kindly permit me recognize in order that I could subscribe.

  24. Thanks for finally talking about >strelitzia.net | unstash
    in Java <Loved it!

  25. I am truly thankful to the owner of this site who has shared
    this fantastic piece of writing at at this time.

  26. If you would like to increase your familiarity simply keep visiting
    this site and be updated with the most up-to-date
    news posted here.

  27. Diwakar says:

    I am using this script to find the password of kdb file generated with new version of MQv9. I am unable to decrypt as the algorithm has changed . I am not too sure how to decrypt in latest version as the unstash.pl script fails.

  28. Sandeep says:

    I am generating the P12 keystore using bouncy castle API, but I want to generate stashed file of my Keystore . I am not sure how to do that. Can this program help me in creating the Stashed file.
    The same stashed file will be used by IHS server for SSL communication. I do not want to use any tool for stashing my p12 keystore rather want to genrate using java code.

  29. Sandeep says:

    It does not work for me, I am creating a stashed password file but not able to retrieve the password from stashed file using the above code. The method must return the password after unstashing it.

  30. Jannik says:

    Thank you very much for this. Worked flawlessly.

  31. Good day very cool web site!! Man .. Excellent .. Amazing .. I will bookmark your site and take the feeds additionally…I am glad to search out so many helpful information here within the submit, we want work out more strategies on this regard, thank you for sharing.

  32. Merely wanna remark on few general things, The website style and design is perfect, the content is really great. “I delight in men over seventy. They always offer one the devotion of a lifetime.” by Oscar Fingall O’Flahertie Wills Wilde.

  33. Andreas says:

    Any ideas regarding the applied algorithm of version 2 stash? Would post a working Java impl the same day …

  34. GC says:

    can you suggest how this be done using windows command line?

  35. Hey very nice site!! Man .. Excellent .. Amazing ..
    I’ll bookmark your site and take the feeds also?
    I am satisfied to find numerous useful information right here within the post, we want
    work out extra techniques on this regard, thank you
    for sharing. . . . . .

  36. So imagine it. The family left for the weekend and you stayed home alone. Your sexual life is boring and completely ruined. Try our escort services of young girls that will make your love and sex unforgettable. Any sexual practices, masturbating, licking your penis, licking your ass, you can get everything from young girls at great prices. Do not hesitate and experience brutal sex, even with lesbians and homosexuals. We are extremely discreet with no hidden cameras. Don’t worry all your sexual practices will be accepted.

  37. Aw, this was an incrеdibly good post. Finding
    the time and actual effort to geneгate a very good article…
    but what can I say… I procrastinate a whole lot and never
    seem to get nearⅼy anything done.

Leave a Reply