The format of the file is as follows (as of MySQL 5.6.7-RC):4 Bytes Zero (Vers

1. The format of the file is as follows (as of MySQL 5.6.7-RC):
2. 4 Bytes Zero (Version Information)
3. 20 Bytes Key Generation Matter
4. Repeated:
5. 4 Bytes Length information
6. Length bytes crypted matter. The crypt is done using the AES ENCRYPT function, which in itself is insecure: It is an aes-128-ecb with a NULL IV.
7.  
8. The key used by AES 128 needs to be CHAR(16), but the function accepts any string as a key generation matter. It generates the key from the key generation matter by xor-ing the key generation matter onto itself in a 16 byte loop, starting with a buffer of NULL bytes.
9.  
10. <?php
11.  
12. $fp = fopen("mylogin.cnf", "r");
13. if (!$fp) {
14. die("Cannot open mylogin.cnf");
15. }
16.  
17. # read key
18. fseek($fp, 4);
19. $key = fread($fp, 20);
20.  
21. # generate real key
22. $rkey = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
23. for ($i = 0; $i < strlen($key); $i++) {
24. $rkey[$i % 16] = ( $rkey[$i % 16] ^ $key[$i] );
25. }
26.  
27. # for each line
28. while ($len = fread($fp, 4)) {
29. # as integer
30. $len = unpack("V", $len);
31. $len = $len[1];
32.  
33. # decrypt
34. $crypt = fread($fp, $len);
35. $plain = openssl_decrypt($crypt, 'aes-128-ecb', $rkey, true);
36.  
37. # print
38. print $plain;
39. }
40. ?>
41. The file itself is then a simple text file, not much different from before.
42.  
43. [safelogin]
44. user = root
45. password = mG[..]kb
46. host = localhost