Post
Ask Question

Forgot KeyStore Password (.jks File)? You Can Still Recover It!

Introduction 

 
Android apps are mostly signed into using .jks files. If you have forgotten your .jks (Java KeyStore) password, you can still recover it. Yes, yes, and yes, you can. Nothing is impossible in this world of technology.
 
On a side-note, if you want to try open using GUI: use http://keystore-explorer.org/ software, the solution would help to people having these problems.
  1. Forgot the Java KeyStore password but remember the private key passwords (at least one) but using a different system (system format or memory clean up).
  2. Forgot any or every password of the Java KeyStore file and using the same system (no format or change of computer).
  3. Forgot any or every password but remember certain parts or phrases of the password for the dictionary attack.
This won't help the people who have forgotten every password of the JKS file and have changed their systems or formatted systems.
 
Maybe someday, this problem will also be solved.
 
If you are still continuing to read this article, maybe you won't fall into a deadlock. Have patience, you can restore it. With lots of intense research when I was in this same situation, I found out many ways.
 
Solution 1 for people having the same old system.
 
There are 3 ways to recover your lost key store password:
  1. From the logs: If you have your logs intact, then you can find the password in the Android Studio log files: Go to ~/Library/Logs -> AndroidStudio ->idea.log.1 and search for "Pandroid.injected.signing.key.password" and you can see the key password. (or simply search for a password using Ctrl + F)
  2. From the taskArtifacts: You can retrieve the password from the taskArtifacts in your .gradle directory. Look in .gradle\2.4\taskArtifacts\taskArtifacts.bin. This doesn't seem to work for newer versions of Gradle (2.10 and above).
  3. Using Brute-force: If you do remember some part of the password, then you might use the brute-force technique to get your password. Brute-force can be done in different ways: 
    • Dictionary Attack - Specify some words in a text file and each one is tried once. 
    • Smart Wordlist Attack - You specify some password segments in a textfile. All the segments will be permuted and mixed together with numbers.
If none of the above works, there's a way to reset the Keystore password!
 
The code is available here.
  1. Download the zip file here.
  2. Install JAVA into your computer
  3. Keep all the files(the Keystore, extracted java files) in one folder
  4. Open Command Prompt there. (Shift + RightClick)
  5. Run javac ChangePassword.java
  6. Run java ChangePassword <keystore file> <new Keystore file> 
     
    javac ChangePassword.java java ChangePassword oldkey.jks newkey.jks 
     
  7. Enter a password when asked. Remember the new password for the new jks file.
         Open .jks file using the new password. Bingo!
 
P.S
  
 Keep your credentials and Java jks file safe and distribute it only to a few very trusted people.