Menu
I recently realized that I have lost the password to my keystore (or perhaps the keystore got corrupted somehow)
It keeps giving me the error: Keystore tampered or password incorrect
I created an (quite unoptimized) algorithm to Brute-Force the password by letting it run all the night. However, I am not sure how many unsuccessful password attempts will lock the keystore down.
Does anyone know anything like this?
UPDATE
The algorithm I devised works okay (I am using Java), but I realized that normally, the Keystore tool asks for the password only when I press enter. but to get the brute-force to work, I would want it to have a switch and accept password in the same line. is it possible?
587
It's unfortunate, but when you lose your keystore, or the password to your keystore, your application is orphaned. The only thing you can do is resubmit your app to the market under a new key.
The only way to recover is then to create a duplicate keystore with a new store password. All of the certs from the original trustore can be copied as-is into the new keystore. We will use /opt/CA/jre/lib/security/cacerts as the example but this will work with any Java Keystore (jks).
Since the keystore file is secured with a password, we have used the brute-force and the dictionary attack to crack the password of the keystore file in Ethereum wallets. Our results showed that the dictionary attack is more efficient to hack the keystore file than the brute-force attack.
Sharing my experience after trying everything available.
1- Smart word list attack from android-keystore-password-recover is what eventually worked for me after spending a day trying different lists. Unfortunately, it does not support multithreading and I couldn't get it to run faster than 30,000 trials/second. I might contribute multithreading support to project soon.
2- KeystoreBrute was the best for brute-force attack at 320,000 trials/second. However, if you do the numbers, it will take 3.5 days for 6 characters long password and 177 days for 7 characters long.
3- If you only need to crack the keystore password, but not the certificate password (also referred to as the alias password), this tool will just changes it for you.
Good luck!
184
No amount of password attempts will corrupt the key.
I was having this same issue. I solved the problem by creating my own keystore brute force application.
here is a link to the github repository for this code.
https://github.com/volure/keystoreBrute
Anyone on the planet may use this or add to it.
It Works on the basis of Password segments.
My password was like
foo@543Pass
so I added all the possible segments
foo Foo FOO
and so on. Then ran through the items like an odometer.
Its crude code but hard coded to work on up to 5 segments.
My attempt was successful. Hope yours is too.
38
No, brute-forcing will not corrupt the keystore. However, one thing to note, if you are trying to manually guess the password using the Android Studio or Eclipse wizards, even if you enter a wrong password is provided, even just once, it keeps saying on next attempts: "Keystore tampered with or password incorrect", even if you provide the correct password. To get around this, just close and re-open the wizard.
P.S. If the intent behind asking this question is that you have forgotten your keystore password, then you can try the steps mentioned in the Android keystore password recovery guide.
2
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
