Decodes the passwords HeidiSQL stores for its saved sessions. Plain HTML and JavaScript, runs in any browser, no install, no network calls.
Open index.html in a browser. Paste the encoded hex string from a HeidiSQL session into the input, click Decode!, and the cleartext password is shown below the button.
The page loads no remote resources. You can save the file and run it offline, or open it straight off a USB stick.
HeidiSQL stores session passwords in the Windows registry under:
HKEY_CURRENT_USER\Software\HeidiSQL\Servers\<Session Name>\Password
In portable mode the same value lives in portable_settings.txt next to heidisql.exe, under the same key. Copy the value verbatim. It is a single hex string with no separators.
HeidiSQL appends a one-digit decimal shift to the end of the hex string. To decode:
- Read the last character as a digit
shift(0 to 9). - For each two-hex-digit pair in the rest of the string, parse it as a byte, subtract
shift, and take the result as a UTF-16 code point.
This is obfuscation, not encryption. Anyone who can read the registry value can recover the password. Treat the encoded string with the same caution you would the cleartext.
The HeidiSQL author has kept this scheme unchanged across versions for backward compatibility with existing saved sessions, so this decoder works against current releases (verified on HeidiSQL 12.17).
- No network calls. The page is static and runs entirely in your browser.
- No registry access. You copy the encoded string in by hand.
- No
portable_settings.txtparser. The file is plain text, you can pull the value out yourself.
MIT.