Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to handle a lost KeyStore password in Android?

People also ask

How one can recover a Java Keystore if the keystore password is forgotten?

Resolution. The only way to recover is then to create a duplicate keystore with a new store password. All of the certs from the original trustore can be copied as-is into the new keystore. We will use /opt/CA/jre/lib/security/cacerts as the example but this will work with any Java Keystore (jks).


Just encountered this problem myself - luckily I was able to find the password in some Gradle's temporary file. Just in case anyone lands here:

try looking for this file

..Project\.gradle\2.4\taskArtifacts\taskArtifacts.bin

or

.gradle/3.5/taskHistory/taskHistory.bin
.gradle/5.1.1/executionHistory/executionHistory.bin
.gradle/caches/5.1.1/executionHistory/executionHistory.bin
.gradle/5.1.1/executionHistory/executionHistory.bin
.gradle/3.5/taskHistory/taskHistory.bin
.gradle/2.10/taskArtifacts/taskArtifacts.bin

and search for

storePassword

It was there in cleartext. In general, if you do remember at least a part of your password, try searching for a file containing this substring and hopefully you will fish out something.

Wanted to throw it out here, maybe it will eventually help someone.


Edit: Added new insight from comments, just to be more visible. Edit 2: Added some more locations reported in comments.

Thanks to Vivek Bansal, Amar Ilindra and Uzbekjon for these.


See this link

It's unfortunate, but when you lose your keystore, or the password to your keystore, your application is orphaned. The only thing you can do is resubmit your app to the market under a new key.

ALWAYS backup up your keystore and write the passwords down in a safe location.


In case a wrong password is provided, even just once, it keeps saying on next attempts:

Keystore tampered with or password incorrect.

Even when you provide the correct one. I tried it several times, maybe it's some kind of protection.
Close the export wizard and start it again with the correct password, now it works :)


Brute is your best bet!

Here is a script that helped me out:

https://code.google.com/p/android-keystore-password-recover/wiki/HowTo

You can optionally give it a list of words the password might include for a very fast recover (for me it worked in <1 sec)