Where does Raccoon store my credentials (and how can I view them)?

People ask (me) fairly often, how Raccoon handles their Google account (and if it’s safe to trust the software with their passwords). From my point of view, that’s a funny question. I’m always tempted to answer: “if the idea of loosing your account sounds scary to you, then maybe you already trusted Google too much!”. But that’s a discussion for another day.

Raccoon keeps all of it’s meta data in a local, embedded SQL database. You can find the files in $RACCOON_HOME/contents/database . Don’t bother asking me for help in case you modified anything there and Raccoon stops working afterwards! The only proper way of accessing the database is by using the API. However, if you are read this far, you probably already decided to toy with the files directly anyway, so final warning: do not read on without backing up the database directory first! I will not offer support for repairing a broken Raccoon installation (unless you pay me to)!

In theory, a simple text editor is sufficient to view/edit Raccoon’s database ( $RACCOON_HOME/contents/database/raccoondb_4.script ). The safer choice is to use to use an SQL browser (e.g. DBeaver or SQuirreL). Keep in mind that only one process at a time is allowed to open the database (the browsers will honor that constraint, a text editor won’t). If you don’t want to install additional software, you can also use HSQLDB’s own browser which comes bundled with Raccoon (though it’s rather barebones):

If the above seems arcane to you, stop reading here, do not bother emailing me about it. I will not give personal instructions about basic shell commands, filesystem organization and SQL usage (unless you pay me to).

Your credentials are stored in the PLAYPROFILES table. You can view them with a simple select query:

Note that Raccoon (v4) does not store your password! Your password is only used once by the setup wizard to log into the Google network in order to request an auth token (think: a cookie). There is no way to derive your password from that token.

Posted in Tips and Tricks