Forgot Keystore password, thinking of Brute-Force detection. will it corrupt the keystore?

Question

I recently realized that I have lost the password to my keystore (or perhaps the keystore got corrupted somehow)

It keeps giving me the error: Keystore tampered or p

Answer 1

No need to use any keystore-password-recover method it take so many days for recover any some time it's not work so you should replace Your keystore with new keystore no need to remove you app from play store, without removing apk you can update your apk using new keystore file it’s Possible now, After May 2017 you can Update your app if you lost your keystore or keystore password. Don’t lose Hope you can update your app using new Keystore file please refer this http://geekcodehub.com/blog/ new Keystore Certificate update on playstore Hub here i wrote how to update apk if you lost your keystore follow the step and create new keystore , I updated my app using this step. you need to enable google play app signing on play store console

Answer 2

Sharing my experience after trying everything available.

1- Smart word list attack from android-keystore-password-recover is what eventually worked for me after spending a day trying different lists. Unfortunately, it does not support multithreading and I couldn't get it to run faster than 30,000 trials/second. I might contribute multithreading support to project soon.

2- KeystoreBrute was the best for brute-force attack at 320,000 trials/second. However, if you do the numbers, it will take 3.5 days for 6 characters long password and 177 days for 7 characters long.

3- If you only need to crack the keystore password, but not the certificate password (also referred to as the alias password), this tool will just changes it for you.

Good luck!

Answer 3

No amount of password attempts will corrupt the key.

I was having this same issue. I solved the problem by creating my own keystore brute force application.

here is a link to the github repository for this code.

https://github.com/volure/keystoreBrute

Anyone on the planet may use this or add to it.

It Works on the basis of Password segments.

My password was like

foo@543Pass

so I added all the possible segments

foo Foo FOO

and so on. Then ran through the items like an odometer.

Its crude code but hard coded to work on up to 5 segments.

My attempt was successful. Hope yours is too.

Answer 4

No, brute-forcing will not corrupt the keystore. However, one thing to note, if you are trying to manually guess the password using the Android Studio or Eclipse wizards, even if you enter a wrong password is provided, even just once, it keeps saying on next attempts: "Keystore tampered with or password incorrect", even if you provide the correct password. To get around this, just close and re-open the wizard.

P.S. If the intent behind asking this question is that you have forgotten your keystore password, then you can try the steps mentioned in the Android keystore password recovery guide.