Android Keystore Password Recovery
A few weeks ago I just forgot the password for my android keystore, so I couldnt update my app for the market. So I decided to code a little bruteforcing tool to recovery my password.
Java 7 is required to run this tool!!
download here
Download latest version: Android_Keystore_Password_Recover_1.07.jar
Details
The tool recovers the key for your alias. By default this is the same like the keystore password. I will try to add an option to recover both passwords if they are not equal. Now there is an option to save the key in a new keystore with the same password than the key! You can use this, to sign your apk and update your app in the Playstore.
There are 3 Methods to recover your keystore password:
- - Simply Bruteforce
- - Dictionary Attack
- - Smart Wordlist Attack
In my opinion the last option is the best. You specify some password segments in a textfile. All the segments will be permute and mixed together with numbers.
for example:
your password is: got2loveYa123 in your dictionary should be:
got
love
ya
Numbers are added automatically. Each word will be added twice, once like you wrote and once with the first letter capitalized, so you just have to write your words once if your are not shure if you first letter was uppercase or lowercase
Good luck
Thanks to Casey Marshall rsdio@metastatic.org for JKS API http://metastatic.org/source/JKS.html
TODO
- Possibility to specify chars used for bruteforce (regex)
Recover both passwords (keystore and key) if they are not equal
Changelog
version 1.07
- The SmartWordlist method is now multithreaded for increased performance on multi-core processors.
- The SmartWordlist method now automatically saves its progress every 30 seconds. If the tool is interrupted before it finishes checking all combinations in the word list it will resume from the last save.
- Added new -firstchars parameter for use with SmartWordlist method. This parameter allows the user to specify known characters at the start of the password. For example, if the user knows that the forgotten password starts with "Apple", the tool can insert "Apple" at the front of tested passwords.
- Added new -pieces parameter for use with SmartWordlist method. This parameter allows the user to specify minimum and maximum number of word pieces to use when building passwords. The tool will start at the first combination of minimum word pieces and stop at the last combination of maximum word pieces.
- Thanks to ravensbane for this update!
version 1.06
- -onlylower for only lowercase letters. Works for method 1 and 3.
- -l
specify the minimum length of password in method 3. - Thanks to Rafael Fonseca for this update !
version 1.05
- Now you can set the start String for Brute Force, so you can continue if you had to terminate the tool
version 1.04
- Now with MultiThreading for BruteForcing. Should give you a good chance for Passwords that are 6 or 7 chars long
version 1.03
Now there is an option to save the key in a new keystore with the same password than the key!
New option to specify the minimum length of the password (for brute force)
version 1.02
- added new option for smart wordlist attack. With the parameter '-p' you activate the common replacements permutation mode. Thanks to Jeff Lauder, who wrote the code for this. More Information are in the wiki
version 1.01
- small fixes
P.S.
If I helped you, you may want donate a few cents, so i can buy me a beer :D
Thanks for Donation:
- SebyFactory
- Martin Harvey
- Joshua Slauson
- Roman Marak
- Orestis Anavaloglou
- Jan Teluch
- Martin Sander
- Fabrice Marchal
- Louis Moga
- Ole Jørgen Brønner
- Yasith Vidanaarachchi
- Marcus Honnacker
- Kidinov Andrey
- michael sweeney
- Ali Karabalci
- Karthik Venkatesh
- Musaqil Musabeyli
- Benjamin Allison