site
stats
By Anish Pillai Anish Pillai Posted under Not So Common Stuff

How to Decrypt an Encrypted Password in QTP

0 Flares Twitter 0 Facebook 0 Google+ 0 LinkedIn 0 Email -- 0 Flares ×

To encode or encrypt a password, QTP provides Encrypt method and Password Encoder tool. But what happens when a user wants to find out the decrypted (original) value of an encrypted password? QTP doesn’t provide a direct way to obtain the decrypted/decoded password.

The only method available is the SetSecure method which internally decrypts the value and sets it in the password fields.

The trick here is to use SetSecure method to decrypt the password but instead of entering the decrypted value in a password field (which displays text as ***), we will enter the value in a normal text field (which will display the text to the user in readable format). Lets see how this can be done.

Our Approach to Decrypt Password (In Brief)

a) Encrypt a password.
b) Create a VBScript InputBox.
c) Use the SetSecure method to write the decrypted value in the text field inside the InputBox

Detailed Steps to Decrypt Password

a) Let’s take an original password first (say – qwerty). When we encrypt this password using Password Encoder tool in QTP, we get 4e63eb23edd909f721d59eaa98fecb6d82a7 as the decrypted password (see below pic). Our aim is to use the decrypted password and obtain back the original password.

Encrypted String for Password – qwerty


b) Now the next step is to create an InputBox. To do this, write the following text in a notepad –
InputBox “The text box below displays the Decrypted Password”, “Decrypt Password”

Save the notepad as .vbs file in the local  disk (In this example, we are saving the notepad as ‘DecryptPwd.vbs’ in ‘D:’ drive). If we execute the ‘DecryptPwd.vbs’ file, it would display the InputBox as shown below.

InputBox to display the Decrypted (original) Password

c)  The final step is to use SetSecure method to display the original password in the InputBox. For this write the following code in QTP.

'Execute the .vbs code to display the InputBox
SystemUtil.Run “D:DecryptPwd.vbs”

'Type the decrypted password in WinEdit field of InputBox
Dialog("nativeclass:=#32770","text:=Decrypt Password").WinEdit("nativeclass:=Edit").SetSecure "4e63eb23edd909f721d59eaa98fecb6d82a7"

When you execute this code, the InputBox gets opened and the SetSecure method enters the original decrypted password in the InputBox as displayed in the figure below. Now you can note down this decrypted password and use it wherever required.

The InputBox displays the original password – qwerty

Note: It is not necessary that the user uses VBScript InputBox to display the decrypted password. The logic van be written for any application where a text field is available.

If you enjoyed this article, you can join our blog to get new articles delivered directly in your inbox.

You can also visit Automation Repository Home Page or the Archives Page to view the other articles.

0 Flares Twitter 0 Facebook 0 Google+ 0 LinkedIn 0 Email -- 0 Flares ×
  • Matthew Tommasi

    Hi Anish

    Thanks for this post!

    Do you know what type/level of encryption is applied when using QTP?

    Regards

    Matt

    • Hi Matt,

      I'm really not sure what level of encryption is applied in QTP. But anyways, QTP's way of password encryption is not that reliable (the above post mentions the workaround to get the original password).

      The same is specified in QTP help also – 'While the SetSecure method enables you to hide passwords on the screen when running a test, it is not intended to be a secure way to protect password information. '

      Personally if I need my passwords to be very secure, I'll try to create my own custom code to encrypt/decrypt the passwords.

      Regards,

      Anish

  • Pingback: Encrypt Passwords in QTP using Password Encoder & Crypt.Encrypt methods. Use the Encrypted Passwords using SetSecure()

  • Should read" we get 4e63eb23edd909f721d59eaa98fecb6d82a7 as the 'encrypted' password.

    Good stuff on this site, also another way is to stop running script before clicking the submit button to login and then using 'Inspect Element' on Firefox/Chrome or 'Developer tools(F12)' on IE. From there you can change the input type to be text instead of password, or just see the value in IE.

  • charles

    Really helped me. THank you!

    • Anish10110

      Cool.. 🙂

  • anurag dhiman

    ••••••••

  • anurag dhiman

    Solved this password ••••••••

0 Flares Twitter 0 Facebook 0 Google+ 0 LinkedIn 0 Email -- 0 Flares ×