HP BSM: Decrypt Management password

You will need filesystem access.

1. Get crypt.seed.key from %HPBSM%\conf\seed.properties (also note crypt.seed.conf, it is usually AES/ECB)
2. Get crypt.secret.key from %HPBSM%\conf\encryption.properties (also note crypt.conf.1 [substitute your crypt.conf.active.id], should be same as crypt.seed.conf)
3. Split crypt.secret.key around the one Z in it.
   
   1. pre-Z part: cryptedSecretKey
   2. post-Z part: MAC
4. Get ManagementDb.password from %HPBSM%\conf\TopazInfra.ini
   
   1. Split the HEX string to 4 pieces, there are three Z-s in it.
   2. Third of the four parts is the cryptText
   3. Note: This method was only checked out with ManagementDb.dbEType=1, and crypt.seed.conf=AES/ECB settings.
5. Go here: http://aes.online-domain-tools.com
   
   1. Input text (hex): cryptedSecretKey
   2. Key (hex): crypt.seed.key
   3. Function: AES (note: crypt.seed.conf)
   4. Mode: ECB (note: crypt.seed.conf)
   5. Decrypted text: plaintextSecretKey, will be a HEX string, trim the 0x0A-like garbages from the end (some kind of padding I did not bother to research).
6. Go here again: http://aes.online-domain-tools.com
   
   1. Input text (hex): cryptText
   2. Key (hex): plaintextSecretKey
   3. Function: AES (note: crypt.seed.conf)
   4. Mode: ECB (note: crypt.seed.conf)
   5. Decrypted text: will be the plaintext database password used for the ConnectString in TopazInfra.ini, trim the garbage bytes again, as usual.