How to Recover Lost Keystore Password for Android Studio Projects?

Android Keystore Recover Passpword

Many times while creating a release build of an Android application, I have created a keystore and an alias only to realize two months later that I have forgotten the password. Fortunately, there are ways to recover lost keystore passwords for Android Studio projects (and potentially Eclipse projects too). These techniques fall into two categories:

  1. You have access to the machine (and the old logs) on which you created the keystore or used it at least once.
  2. You are trying to recover the keystore password on another machine.

1.a. Recover Keystore Password through Android Studio Logs

You can find the keystore password by accessing the idea.log files generated by Android Studio (yes, this is true – so much for security). On OSX, you can find the idea log files in ~/Library/Logs/AndroidStudio2.0. You can also locate these by opening Android Studio-> Help->Show Log in Finder.

Open the idea.log file. Note: There may be multiple files named idea.log.1, idea.log.2 etc. Look through each of them till you find the password.

Search for “Pandroid.injected.signing.key.password” and you can see the key password.

The area of the logs where you can see your password is below:

2015-5-24 12:31:26,845 [ 982426] INFO - a.gradle.invoker.GradleInvoker - Build command line options: [--configure-on-demand, -Pandroid.injected.invoked.from.ide=true, ore.file=/Users/techie/Projects/geezapp/geezappkey.jks,, -Pandroid.injected.signing.key.alias=myalias, -Pandroid.injected.signing.key.password=mykeypassword , -Pandroid.injected.apk.location=/Users/techie/workspace/geezapp, --init-script, /private/var/folders/vk/z50sd77sd9jjssd88tf933ajebl/T/asLocalRepo0.gradle]

You will be able to locate your password in place of the keyword in red above.

1.b. Recover Keystore Password through Gradle’s ‘taskArtifacts.bin’ File

NOTE: This method is less reliable and may only work with older versions of Gradle.

In your code (project folder), search for this file .gradle\2.4\taskArtifacts\taskArtifacts.bin
Note: replace 2.4 with the version of gradle that you are using.

Then look for storePassword  OR signingConfig.storePassword OR password—signingConfig.keyAlias

2. Recover Keystore Password through a Password Generator Tool

You can also Brute Force your lost Android Keystore Password using this excellent tool – Android-keystore-password-recover. This gives you 3 options – a plain bruteforce option, a dictionary based attack and a smart wordlist attack. If you can even faintly remember the first few letters of the password, the smart wordlist attack is very effective and can get you your password in a couple of seconds. I recommend that you try the smart wordlist attach first then the dictionary based attack finally followed by the brute force attack. The difference between the dictionary attack and the smart wordlist attack is that the tool tries the password strings in the dictionary as they are, while in the smart wordlist the words are combined into combinations.

Steps to Recover Keystore Password using the smart wordlist attack

  1. Download the tool from here.
  2. Create a list of potential password match hints and save it in a file called hints.txt
  3. Run the tool using the following command line
java -jar AndroidKeystoreBrute_v1.06.jar -m 3 -k "C:\\mykeystore.keystore" -d "hints.txt"

Steps to Recover Keystore Password using the dictionary attack

    1. Download the tool from here.
    2. Create a list of exact password matches (i.e. your dictionary) and save it in a file called dictionary.txt
    3. Run the tool using the following command line
java -jar AndroidKeystoreBrute_v1.06.jar -m 2 -k "C:\\mykeystore.keystore" -d "dictionary.txt" 

Steps to Recover Keystore Password using the brute force attack

    1. Download the tool from here.
    2. Run the tool using the following command line
java -jar AndroidKeystoreBrute_v1.06.jar -m 1 -k "C:\\mykeystore.keystore" -start AAAAAA

That summarizes all the possible techniques to recover your lost Android keystore passwords. In case you know of any other ways that we might have missed, please let us know in the comments section below.

In case this article helped you recover your lost keystore password, please help spread the word by sharing it using the buttons below or linking to us.

As an Android developer, you might also want to check out our free GCM Notifications Test Tool.

Leave a Reply

Your email address will not be published. Required fields are marked *

CommentLuv badge