Home » Android » java – Android – Forgot keystore password. Can I decrypt keystore file?

java – Android – Forgot keystore password. Can I decrypt keystore file?

Posted by: admin April 23, 2020 Leave a comment

Questions:

I have lost password of keystore file used to sign my apk. I cannot update my app now and I think I have to release it as new app by signing it with new keystore. Is it possible to decrypt keystore file as I have keystore file and password is present in keystore file. Or can anyone provide me with link of program that is used to brute force password. If anyone of you have been able to recover password of keystore file please share your method. Thanks in advance.

How to&Answers:

I use this one for bruteforce at the moment: Android keystore password recover

Answer:

There are 3 ways to this recover your lost keystore password:

  1. If you have your logs intact, then you can find the password in the
    Android Studio log files : Go to ~/Library/Logs -> AndroidStudio
    ->idea.log.1 and search for Search for “Pandroid.injected.signing.key.password” and you can see the key
    password.

  2. You can retrieve the password from the in your .gradle directory.
    Look in .gradle\2.4\taskArtifacts\taskArtifacts.bin. This doesn’t
    seem to work for newer versions of Gradle (2.10 and above).

  3. Use AndroidKeystoreBrute to guess or bruteforce your password as per
    Alex Kutsko’s answer above.

Solution link

Answer:

I too had this similar problem!

There are a few ways to find the password :

  1. Using the logs file of android studio
  2. Using the taskArtifacts
  3. Using bruteforce

Detailed answer is mentioned in http://techzog.com/development/android/retrieve-saved-keystore-password-android-studio/

If none of the above works, there’s a way to reset the keystore password!
The code is available here

  1. Download the zip file here.
  2. Install JAVA into your computer
  3. Keep all the files(the keystore, extracted java files) in one folder
  4. Open Command Prompt there. (Shift + RightClick -> Open command window here)
  5. Run javac ChangePassword.java
  6. Run java ChangePassword <keystore file> <new keystore file>

    e.g. java ChangePassword oldkey.jks newkey.jks

  7. Enter a password when asked. Remember the new password for the new jks file.

Open jks file using the new password

Answer:

Been off Android dev and its IDE for some months.

Took couple of hours to figure out that I had actually entered the right password during second attempt. The next dialog shows exactly the same error icon as if I were entering a wrong password — though it actually says that I need to enter password for the selected key!

Not really related to the original question, but you probably already entered the correct password! So much for UI design..

Answer:

I am sharing a simple way.I hope my way will solve your problem.

first way->
click

.gradle->latest gradle version->task histroy->taskHistory.bin

Second way->

.gradle->latest gradle version->taskArtifacts->taskArtifacts.bin

Answer:

The most efficient way to crack your password is using the tool I released together with hashcat (a password cracker software):

https://github.com/floyd-fuh/JKS-private-key-cracker-hashcat

If you have a powerful graphic card (GPU), the cracking will be much faster. Otherwise hashcat will use your CPU.

It boils down to the following two commands:

java -jar JksPrivkPrepare.jar your_JKS_file.jks > hash.txt
./hashcat -m 15500 -a 3 hash.txt

The reason why this is much more efficient is that it will crack the private key password directly rather than the key store password. It uses an algorithm that no other password cracker has used before. Most password crackers are not very efficient (as they calculate the entire key store file into the SHA1 calculation) and in the worst case might even crack the key store password (which might not be the private key password that can be used for decryption of the key). If you need more details you can read the POC||GTFO journal article I wrote, which can be found here or on various other free mirrors: POC||GTFO journal – 15:12 Nail in the Java Key Store Coffin

For example if you have a NVidia 1080 graphic card you can try all alphanumeric passwords of length 8 in roughly 8 hours.

Answer:

See KeystoreBreaker for recovery lost password.