1. 技术文章
  2. How to handle a lost KeyStore password in Android?

How to handle a lost KeyStore password in Android?

∥☆過路亽.° 提交于 2019-12-27 10:20:30

问题


I have forgotten my keystore password and I don't really know what to do anymore (I can't or won't give any excuses for it). I want to update my app because I just fixed a bug but its not possible any more. What happens if I use the same keystore but create a new key? Would I still be able to update the app and if it's not possible, how can I go about giving information to users about the updated version?

If anybody has had a problem like this or has come across troubles, what advice can you give to help remedy the situation? Fortunately, it is a free app.


回答1:


See this link

It's unfortunate, but when you lose your keystore, or the password to your keystore, your application is orphaned. The only thing you can do is resubmit your app to the market under a new key.

ALWAYS backup up your keystore and write the passwords down in a safe location.




回答2:


Just encountered this problem myself - luckily I was able to find the password in some Gradle's temporary file. Just in case anyone lands here:

try looking for this file

..Project\.gradle\2.4\taskArtifacts\taskArtifacts.bin

or

.gradle/3.5/taskHistory/taskHistory.bin
.gradle/5.1.1/executionHistory/executionHistory.bin
.gradle/caches/5.1.1/executionHistory/executionHistory.bin

and search for

storePassword

It was there in cleartext. In general, if you do remember at least a part of your password, try searching for a file containing this substring and hopefully you will fish out something.

Wanted to throw it out here, maybe it will eventually help someone.

Edit: Added new insight from comments, just to be more visible.

Thanks to Vivek Bansal, Amar Ilindra and Uzbekjon for these.




回答3:


In case a wrong password is provided, even just once, it keeps saying on next attempts:

Keystore tampered with or password incorrect.

Even when you provide the correct one. I tried it several times, maybe it's some kind of protection.
Close the export wizard and start it again with the correct password, now it works :)




回答4:


Brute is your best bet!

Here is a script that helped me out:

https://code.google.com/p/android-keystore-password-recover/wiki/HowTo

You can optionally give it a list of words the password might include for a very fast recover (for me it worked in <1 sec)




回答5:


On a MAC launch Console utility and scrolled down to ~/Library/Logs -> AndroidStudio ->idea.log.1 (or any old log number) Then I searched for "keystore" and it should appear somewhere in the logs.

Original question: link




回答6:


Finally i found the solution after spending two days...

Follow these steps:

  1. Go to project
  2. In .gradle find your gradle version folder in my case it was 4.1 (Refer pic)
  3. expand the 4.1 folder and then in taskHistory folder you will find taskHistory.bin file.
  4. Open taskHistory.bin file in android studio itself.
  5. Search for ".storePassword" .. That's it you got your keystore password.

This really worked to me.

Try this and happy coding!!!




回答7:


In fact, losing thekeystore password is not a problem.
You can create a new keystore and set a new password for it with the keytool command below. You don't need original keystore password for it:

keytool -importkeystore -srckeystore path/to/keystore/with/forgotten/pw \
-destkeystore path/to/my/new.keystore

When prompted, create password for your new.keystore and for source keystore password (which you lost) just hit Enter.
You will get warning about integrity not checked, and you will get your new.keystore identical to original with newly set password.

The reason this works is keystore password is only used to provide integrity of the keystore, it does not encrypt data with it, in contrast to private key password, which actually keeps your private key encrypted.

Please note, that you must know your private key password to sign your apps. Well, if it is same as forgotten keystore password then you can resort to bruteforce as in @Artur's answer.

This approach always worked for me.




回答8:


I feel I need to make it an answer because this could not be just in comments. Like @ElDoRado1239 says in his answer (dont forget to upvote his answer ;)

  • Looks for ..Project\.gradle\2.4\taskArtifacts\taskArtifacts.bin in my case was in ..Project\.gradle\2.2.1\taskArtifacts\taskArtifacts.bin because I use gradle 2.2.1
  • Then look for storePassword like @Moxet Khan says in comments...in my case was at line signingConfig.storePassword¬í t my.forgoten.password—signingConfig.keyAlias

Hope help somebody else!!!




回答9:


Fortunately, I found my lost password along with the keystore path and alias name from my Android studio logs.

if you are running linux / Unix based machines.

Navigate to Library Logs directory

cd ~/Library/Logs/

in there if you remember your android studio version which you used to build the last release APK. Navigate to that Directory

ex : cd AndroidStudio1.5/

In there you will find the log files. in any of the log files (idea.log) you will find your keystore credentials

example 

-Pandroid.injected.signing.store.file=/Users/myuserid/AndroidStudioProjects/keystore/keystore.jks, 
-Pandroid.injected.signing.store.password=mystorepassword, 
-Pandroid.injected.signing.key.alias=myandroidkey, 
-Pandroid.injected.signing.key.password=mykeypassword,

I hope this helps for Android Studio users




回答10:


It may be bit late but it will help someone for sure You can search password if you remember something otherwise try searching like

signingConfig.storePassword

also if you forgot key alias you can find here that also search something like signingConfig.keyAlias

Project.gradle\3.3\taskArtifacts\taskArtifacts.bin

Hope it will help someone




回答11:


SOLUTION 2019 (Windows, Android Studio 3.3, gradle 4.10):

This solution only works if "Remember password" checkbox was previously marked.

First of all taskArtifacts.bin don't exist for this version of gradle and idea.log shows asterisks for passwords. This was old days solutions that doesn't worked to me.

Where I found the clear text passwords: C:\Users\{username}\AndroidStudioProjects\{project}\app\build\intermediates\signing_config\release\out\signing-config.json

Keys: mStorePassword and mKeyPassword.

I really hope it helps someone else.




回答12:


For anyone else who may run across this, I wanted to share an answer that may be the case for you or for others browsing this article (like myself).

I am using Eclipse and created my keystore in it for my 1.0 release. Fast forward 3 months and I wanted to update it to 1.1. When I chose Export... in Eclipse and chose that keystore, none of my passwords that I could remember worked. Every time it said "Keystore tampered with or password incorrect." It got to a point where I was getting ready to run a brute force program on it for as long as I could stand (a week or so) to try to get it to work.

Luckily, I to sign my unsigned .apk file outside of Eclipse. Voila - it worked! My password had been correct the entire time! I'm not sure why, but signing it in Eclipse through the Export menu was reporting an error even when my password was correct.

So, if you're getting this error, here are my steps (taken from Android documentation) to help you get your apk ready for the market.

NOTE: To get unsigned apk from Eclipse: Right-click project > Android Tools > Export Unsigned Application

  1. Sign unsigned apk file with keystore

    a. open administrator cmd prompt and go to "c:\Program Files\Java\jdk1.6.0_25\bin" or whatever version of java you have (where you have copied the unsigned apk file and your keystore)

    b. at cmd prompt with keystore file and unsigned apk in same directory, type this command: jarsigner -keystore mykeystorename.keystore -verbose unsigned.apk myaliasnamefromkeystore

    c. it will say: "Enter Passphrase for keystore:". Enter it and press Return.

    d. ===> Success looks like this: 

    adding: META-INF/MANIFEST.MF
...
signing: classes.dex

    e. the unsigned version is overwritten in place, so your signed apk file is now at the same file name as the unsigned one

  2. Use ZipAlign to compact the signed apk file for distribution in the market

    a. open admin cmd prompt and go to "c:\AndroidSDK\tools" or wherever you installed the Android SDK

    b. enter this command: zipalign -v 4 signed.apk signedaligned.apk

    c. ===> Success looks like this:

    Verifying alignment of signedaligned.apk (4)
50 META-INF/MANIFEST.MF (OK - compressed)
...
1047129 classes.dex (OK - compressed)
Verification succesful

    d. the signed and aligned file is at signedaligned.apk (the filename you specified in the previous command)

========> READY TO SUBMIT TO MARKETPLACE




回答13:


After spending almost a day in researching the possible options for recovering the lost keystore password in Android Studio. I found the following 4 possible ways to do it:

  1. Use AndroidKeystoreBrute to retrieve your password. This method is quite useful when you partially forgot your password means you still have some hints of your password in your mind.

  2. You can also retrieve it through Android Studio log files if you have previously released the app(for which you finding the keystore password) with the same machine. Refer to the following directory:

    Mac OSX

    ~/Library/Logs/AndroidStudio/idea.log.1

    Linux (Possible Location)

    /home/user_name/AndroidStudio/system/log

    Windows (Possible Location)

    C:\Users\user_name\AndroidStudio\system\log

    and search for Pandroid.injected.signing.key.password inside the file. You gonna see the password if you have previously signed the app with the same Android Studio version in which you are looking currently.

  3. You can also retrieve the password through .gradle directory of your project. Look for the following path

    project_directory/.gradle/2.4/taskArtifacts/taskArtifacts.bin.

    Note: This doesn't seem to work for newer versions of Gradle (2.10 and above).

  4. If none of the above solutions works then you can try this one but for this one also you must have Android Studio IDE app or It's preferences in which your project keystore password have been saved earlier (Using the Remember password option at the time of signing the app). You can get the IDE preferences from the following path:

    Mac OSX

    ~/Library/Logs/AndroidStudio/idea.log.1

    Linux (Possible Location)

    /home/user_name/AndroidStudio

    Windows (Possible Location)

    c:\user\username\.AndroidStudio

    Just use the older Android Studio IDE if you have or import the preferences of the old IDE into new IDE and also put the keystore file in the same path where it was previously when you had signed it and save the password last time.

    In this way once you open the project and try the Build->Generate Signed APK and select the keystore file from the older location. It will automatically retrieve the password and continue to generate the signed APK for release.

    Once the release APK generates successfully you can follow the option 2 mentioned earlier to check your password from you log file for the recently generated release APK.




回答14:


First download AndroidKeystoreBrute_v1.05.jar and then follow the given image.

prepare one wordlistfile like(wordlist.txt), in that file give your hint like

Password Hint:

users

Users

Password

password

pa55word

Password

@

*

#

$

&

1

2

123

789

U will get your password.




回答15:


Adding this as another possibility. The answer may be right under your nose -- in your app's build.gradle file if you happened to have specified a signing configuration at some point in the past:

signingConfigs {
    config {
        keyAlias 'My App'
        keyPassword 'password'
        storeFile file('/storefile/location')
        storePassword 'anotherpassword'
    }
}

Do you feel lucky?!




回答16:


I had the same problem at once. Even though with App signing by Google Play, loosing keystore or it's password is not a big deal like earlier, Still as a developer we rather prefer to change it's password and use a generated keystore file without waiting for few days to google to handle it. ( To handle this issue with google use this link to make a request) To handle this issue by ourselves, First download two .java files from this link. Then compile the ChangePassword.java by javac ChangePassword.java command. Then after you may run 

java ChangePassword <oldKeystoreFileName.keystore> <newKeystoreFileName.keystore>

Change oldKeystoreFileName.keystore with the path/ name of your current keystore file, and newKeystoreFileName.keystore with path/name for the new generated new keystore file. This will promot you to

Enter keystore password:

. Just enter whatever you prefer :) no need to be the original password that lost. Then Enter the new password with *

new keystore password:

  • Voila, that's it. This won't change the checksum of your keystore and won't make any issues in app signing or uploading to play.google events.



回答17:


Open taskHistory.bin and search for storePassword




回答18:


IF you're able to build your app from a PC, but you don't recall the password, here's what you can do to retrieve the password:

Method 1:

In your build.gradle, add println MYAPP_RELEASE_KEY_PASSWORD as below:

signingConfigs {
    release {
        if (project.hasProperty('MYAPP_RELEASE_STORE_FILE')) {
            storeFile file(MYAPP_RELEASE_STORE_FILE)
            storePassword MYAPP_RELEASE_STORE_PASSWORD
            keyAlias MYAPP_RELEASE_KEY_ALIAS
            keyPassword MYAPP_RELEASE_KEY_PASSWORD
            println MYAPP_RELEASE_KEY_PASSWORD
        }
    }
}

After that, run cd android && ./gradlew assembleRelease

Method 2:

Run keytool -list -v -keystore your <.keystore file path> e.g. keytool -list -v -keystore ./app/my-app-key.keystore.

It will ask for you to Enter keystore password: Just press enter key here. and you will be able to find mapped to Alias name:

Then, run grep -rn "<your alias name>" . in your terminal and you will be able to see your signing.json file as below:

./app/build/intermediates/signing_config/release/out/signing-config.json

The file will have your password in json format with key "mKeyPassword":" < your password > "




回答19:


Android brute force will not work if your both the passwords are different so the best option might be like that try to find the file named as

log.idea

in your C:/users/your named account then you might found that in there in android folder open that file lpg.idea in notepad and then search for

alias

using find option in notepad you will find it that the password and alias and alias passwors has been shown there




回答20:


To summarise there are 3 answers to this question (and the solution is not given by the accepted answer):

  1. If you have your logs intact, then you can find the password in the Android Studio log files as per Georgi Koemdzhiev's answer above.

  2. You can retrieve the password from the 'taskArtifacts.bin' file in your .gradle directory as per ElDoRado1239's and Gueorgui Obregon's answers above. This doesn't seem to work for newer versions of Gradle (2.10 and above).

  3. Use AndroidKeystoreBrute to guess or bruteforce your password as per Srinivas Keerthiprakasam's answer above.

All these 3 solutions are covered in-depth at this link.




回答21:


I have found the password in 

C:\Users\{Username}\.AndroidStudio2.2\system\log\idea.txt

Search for

Pandroid.injected.signing.store.password



回答22:


Go to taskhistory.bin in .gradle folder of your project search password scroll down till you find the password




回答23:


In my case I was getting the alias name wrong, even though I stored the correct password. So I thought it was the wrong password (using ionic package) so i used this command to get the alias name

keytool -list -v -keystore

And I was able to use the keystore again!




回答24:


C:\Users\admin\AndroidStudioProjects\TrumpetTVChannel2.gradle\2.14.1\taskArtifacts\taskArtifacts.bin

1st try to create new keystore....then open taskArtifacts.bin with notepad and look for password that you just given....you will able to figure out words near to password that you just given then search for these words near to your password in same file....you will able to figure out the password.....:)




回答25:


SOLUTION 2018: Sign app with new keystore file if you missing password or jks file.

1) Create new keystore.jks file with comand line (not android studio build menu)

keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks

Windows example: "C:\Program Files\Android\Android Studio\jre\bin\keytool.exe" -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore "C:\keystore_new.jks"

2) Generate a .pem file from new keystore

keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks

Windows example: "C:\Program Files\Android\Android Studio\jre\bin\keytool.exe" -export -rfc -alias upload -file "C:\upload_cert.pem" -keystore "C:\keystore_new.jks"

3) Use this support form, set "keystore problem" and with attachment add .pem file: https://support.google.com/googleplay/android-developer/contact/otherbugs

4) 12-48h you new keystore is enabled. Update your app on playstore with new apk signed with new keystore :D




回答26:


No need to use brute force a simple way is to find your plain text password.

goto:

C:\Users\<your username>\AndroidStudioProjects\WhatsAppDP\.gradle\2.2.1\taskArtifacts

Open:

taskArtifacts.bin

when you open taskArtifacts.bin might look encrypted, don't worry about that search for ".keyPassword" a couple times. Then you will find your password in plain text. It may resemble:

signingConfig.keyPassword¬í t <your password>Æù

Hope this was helpful.




回答27:


Well to look up for lost keystore password you can try this, For me the following solution worked pretty well.

find the idea log files in ~/Library/Logs/AndroidStudio2.0. You can also locate these by opening Android Studio-> Help->Show Log in File manager.

Open the idea.log file. Note: There may be multiple files named idea.log.1, idea.log.2 etc. Look through each of them till you find the password.

Search for “Pandroid.injected.signing.key.password” and you can see the key password.

Hope it helps...




回答28:


I have experienced same problem, I have tried below steps to solve the problem :-

  1. Create sign apk with creating new keystore and new password.

  2. Now create again sign apk by using your old keystore (keystore used at the time of previous apk build upload) but now use new keystore password.

  3. Now definitely you will create successfully sign apk using old keystore.

    • Hope this solution will help you..



回答29:


In my case I had upgraded my Android Studio from 2.3 to 3.0.1, When i trying to generate a signed apk for a new update i got "Keystore was tampered with, or password was incorrect" error. I had my previous keystore and i was absolutely sure of the password, using them I had updated the app before a couple of times. After searching a lot none of the solutions worked for me. Here is what i did.

  • Opened another project.
  • Imported my project using File/New/Import Project
  • Once gradle was built i tried to generate a signed apk. Build/Generate signed APK
  • Clicked on "Choose Existing" and provided the path to my keystore.
  • typed in my key store password
  • selected the key alias
  • typed in my key password (In my case both key store password and key password are the same)
  • Clicked next and provided path for the new Apk and checked both checkboxes.
  • New APK got generated successfully.

Hope this helps anyone.




回答30:


If Nothing work try these line. Move to the path where .jks is stored. Run this command in command prompt. It will ask for password, ignore that and press enter.

keytool -list -keystore sample.jks



来源:https://stackoverflow.com/questions/6089813/how-to-handle-a-lost-keystore-password-in-android

标签
android
keystore
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!