Reputation: 16119
Extract password hash from Java keystore
I signed my Android app with a keystore a couple years ago, now need to update it, and have forgotten the password that I used. I know it was probably a simple password, so is there any way to extract the hash of the password so I can brute force it?
I have been working with Patator to brute force the keystore but it seems like Patator can only try candidates from a list, not generate new candidates. But if I can get that password hash it seems like it would be an easier problem to solve.
Or if anyone knows anything else about brute forcing a password from a keystore I am all ears.
Upvotes: 0
Views: 1357
Answers (1)
Reputation: 52956
It's not that simple, but if you want to have go at it, the format is here: http://metastatic.org/source/JKS.html You can also find relevant source on that site (for the store implementation, but you should be able to modify it try new things).
Getting the hash would only help you if use a rainbow table (precomputed hashes for common words/passwords). Since the JKS implementation has a salt (of sorts), you probably wouldn't be able to use a ready made table, and generating one would take about the same time. If you are sure it's simple, try using a larger dictionary. If it has numbers, symbols, combine the dictionary with those.
Or just publish the app again.
Upvotes: 1
Related Questions
- Extract Key from android keystore
- Lost java keystore password
- Recover Password of my keystore
- Java keystore for passwords
- How to re-generate .keystore file from keystore password
- How to reset keystores when you do not know their password?
- Read java keystore password from file
- How to recover the key password into a keystore?
- Validate KeyStore password in Java
- KeyStore get key without password