X

How to Recover Lost Keystore Password for Android Studio Projects?

Many times while creating a release build of an Android application, I have created a keystore and an alias only to realize two months later that I have forgotten the password. Fortunately, there are ways to recover lost keystore passwords for Android Studio projects (and potentially Eclipse projects too). These techniques fall into two categories:

  1. You have access to the machine (and the old logs) on which you created the keystore or used it at least once.
  2. You are trying to recover the keystore password on another machine.

1.a. Recover Keystore Password through Android Studio Logs

You can find the keystore password by accessing the idea.log files generated by Android Studio (yes, this is true – so much for security). On OSX, you can find the idea log files in ~/Library/Logs/AndroidStudio2.0. You can also locate these by opening Android Studio-> Help->Show Log in Finder.

Open the idea.log file. Note: There may be multiple files named idea.log.1, idea.log.2 etc. Look through each of them till you find the password.

Search for “Pandroid.injected.signing.key.password” and you can see the key password.

The area of the logs where you can see your password is below:

2015-5-24 12:31:26,845 [ 982426] INFO - a.gradle.invoker.GradleInvoker - Build command line options: [--configure-on-demand, -Pandroid.injected.invoked.from.ide=true, -Pandroid.injected.signing.st ore.file=/Users/techie/Projects/geezapp/geezappkey.jks, -Pandroid.injected.signing.store.password=mykeystorepassword, -Pandroid.injected.signing.key.alias=myalias, -Pandroid.injected.signing.key.password=mykeypassword , -Pandroid.injected.apk.location=/Users/techie/workspace/geezapp, --init-script, /private/var/folders/vk/z50sd77sd9jjssd88tf933ajebl/T/asLocalRepo0.gradle]

You will be able to locate your password in place of the keyword in red above.

1.b. Recover Keystore Password through Gradle’s ‘taskArtifacts.bin’ File

NOTE: This method is less reliable and may only work with older versions of Gradle.

In your code (project folder), search for this file .gradle\2.4\taskArtifacts\taskArtifacts.bin
Note: replace 2.4 with the version of gradle that you are using.

Then look for storePassword  OR signingConfig.storePassword OR password—signingConfig.keyAlias

2. Recover Keystore Password through a Password Generator Tool

You can also Brute Force your lost Android Keystore Password using this excellent tool – Android-keystore-password-recover. This gives you 3 options – a plain brute-force option, a dictionary-based attack and a smart wordlist attack. If you can even faintly remember the first few letters of the password, the smart wordlist attack is very effective and can get you your password in a couple of seconds. I recommend that you try the smart wordlist attack first then the dictionary based attack finally followed by the brute force attack. The difference between the dictionary attack and the smart wordlist attack is that the tool tries the password strings in the dictionary as they are, while in the smart wordlist the words are combined into combinations.

Steps to Recover Keystore Password using the smart wordlist attack

  1. Download the tool from here.
  2. Create a list of potential password match hints and save it in a file called hints.txt
  3. Run the tool using the following command line
java -jar AndroidKeystoreBrute_v1.06.jar -m 3 -k "C:\\mykeystore.keystore" -d "hints.txt"

Steps to Recover Keystore Password using the dictionary attack

    1. Download the tool from here.
    2. Create a list of exact password matches (i.e. your dictionary) and save it in a file called dictionary.txt
    3. Run the tool using the following command line
java -jar AndroidKeystoreBrute_v1.06.jar -m 2 -k "C:\\mykeystore.keystore" -d "dictionary.txt" 

Steps to Recover Keystore Password using the brute force attack

    1. Download the tool from here.
    2. Run the tool using the following command line
java -jar AndroidKeystoreBrute_v1.06.jar -m 1 -k "C:\\mykeystore.keystore" -start AAAAAA

That summarizes all the possible techniques to recover your lost Android keystore passwords. In case you know of any other ways that we might have missed, please let us know in the comments section below.

In case this article helped you recover your lost keystore password, a quick ‘Thank you’ in the comments section would be appreciated. Also, please help spread the word by sharing it using the buttons below or linking to us.

As an Android developer, you might also want to check out our free GCM Notifications Test Tool ; read Secret Android codes or then even check out good web hosting companies.

Comment Policy: Comments adding value to the article are encouraged. Relevant links will be allowed in such comments.
If you think that you have a link that adds value to this article please contact us at techie[at]techzog[dot]com for evaluation of inclusion into the article.
Comments left solely for spamming links will be deleted. Thank you for understanding.
Varun: Passionate blogger and main author at Techzog.com. Feel free to reach me at techie[at]techzog[dot]com

View Comments (3)

  • Thank you so much! The option -m 3 worked immediately. Turns out one of my (12 year old) passwords was correctly remembered, but I'd used a different capitalization.

  • 0

    There is a way you can reset your password.

    Go to this link, Describe your issue (Forgot KeyStore Password) and generate a token. https://support.google.com/googleplay/android-developer/contact/otherbugs

    If you are lucky then within 1 hour you will get a replay. (Generally, it takes up to 2 days).

    You will need to generate a new key and upload_certificate.pem and send it to google to reset. Yow will be given instruction in the mail.

    To generate upload_certificate.pem go to android studio terminal and type :

    keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks

Related Post