Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Lost Keystore password [duplicate]

Tags:

android

apk

I want to update my Application to playstore and I lost my keystore password.Now I am trying to create a new one . Will there be any problem if I build APK with another keystore password ?

like image 372
user2306862 Avatar asked May 04 '13 07:05

user2306862


People also ask

What do I do if I forgot my keystore password?

It's unfortunate, but when you lose your keystore, or the password to your keystore, your application is orphaned. The only thing you can do is resubmit your app to the market under a new key.

How one can recover a Java keystore if the keystore password is forgotten?

The only way to recover is then to create a duplicate keystore with a new store password. All of the certs from the original trustore can be copied as-is into the new keystore. We will use /opt/CA/jre/lib/security/cacerts as the example but this will work with any Java Keystore (jks).

Can we change password of keystore file?

You can change the default keystore password as follows: Change the keystore password in the keystore using the following command: $ keytool -storepasswd -keystore /path/to/security/keystore. jceks -storetype JCEKS -storepass 'changeit' -new 'newPassword'

What is the difference between keystore password and key password?

Keystore is a binary file that contains a set of private keys. Private key represents the entity to be identified with the app, such as a person or a company. So Keystore password is used to open a keystore and simple password is password of private entity stored in keystore file..!!


1 Answers

As @CRUSADER said, Android Keystore Password Recovery might work for you. I could retrieve my password with it. Here is how to do that. I was on Windows 7.

Run the following command,

java -jar AndroidKeystoreBrute_v1.05.jar

Then you will get the following guide,

AndroidKeystorePasswordRecoveryTool by M@xiking

Version 1.03
There are 3 Methods to recover the key for your Keystore:

1: simply bruteforce - good luck
2: dictionary attack - your password has to be in the dictionary
3: smart dictionary attack - you specify a dictionary with regular pieces you use in your passwords. Numbers are automat
icly added and first letter will tested uppercase and lowercase

args:
-m <1..3> Method
-k <path>  path to your keystore
-d <path> dictionary (for method 2 and 3)
-w saves the certificate in a new Keystore with same passwort than key

-start <String> sets start String of the word (for method 1)

-p use common replacements like '@' for 'a'(for method 3) WARNING - very slow!!

-h prints this helpscreen

Max memory: 247M

I've used method 2 because I had some guess of my password. I typed the following command,

java -jar AndroidKeystoreBrute_v1.05.jar -m 2 -k android.keystore -d dict.txt

In case you might wonder, my dict.txt was something like this,

gussedpassword1
gussedpassword2
gussedpassword3

I could successfully retrieve my password and alias.

like image 165
Yoo Matsuo Avatar answered Nov 10 '22 06:11

Yoo Matsuo