Page 1 of 1

Ever needed to recover a TM1 user's password when using native security i.e. mode 1?

Posted: Sat Apr 01, 2023 4:01 am
by gtonkin
The below script uses some undocumented functions to do the decryption.
These are not recognized in PAW but save and just ignore the error or use Architect.

Create a new process with a string parameter called pClient then add the following to the prolog section:

Code: Select all

IF(pClient@='');
  pClient=TM1User;
ENDIF;

sKey='}@BujrF]uxPmWkqw}&t]MeOwNOx{tvYO,eD';
sPassword='';
sCipher=CellGetS('}ClientProperties', pClient, 'PASSWORD');
sCipher=EncodePassword(sCipher);
sModifier=INT(LOG(Long(sCipher)+1))-2;
sModifier=IF(sModifier<0, 2, 0);

nIndex=Long(sKey);
While(nIndex>2);
  If(Mod(nIndex-sModifier,3)=0);
    sCharacter=SUBST(sKey,nIndex-2,1);
    nCode=CODEW(sCharacter,1);
    sCharacter=CHAR( nCode- INT(nIndex/3));
    sPassword=sCharacter | sPassword;
  
  Endif;
nIndex=nIndex-1;
End;

TextOutput('password.txt',pClient, sCipher, sPassword);
Save and run the process, giving it a valid client or leave blank for your user.
After the run completes, view the password.txt file located in your data folder for the result.

Re: Ever needed to recover a TM1 user's password when using native security i.e. mode 1?

Posted: Sun Apr 02, 2023 2:38 am
by Wim Gielis
It works but I didn’t know that all my coworkers use the same password :shock: