How to handle a lost KeyStore password in Android?-ThrowExceptions

Exception or error:

I have forgotten my keystore password and I don’t really know what to do anymore (I can’t or won’t give any excuses for it). I want to update my app because I just fixed a bug but its not possible any more. What happens if I use the same keystore but create a new key? Would I still be able to update the app and if it’s not possible, how can I go about giving information to users about the updated version?

If anybody has had a problem like this or has come across troubles, what advice can you give to help remedy the situation? Fortunately, it is a free app.

How to solve:

See this link

It’s unfortunate, but when you lose your keystore, or the password to your keystore, your application is orphaned. The only thing you can do is resubmit your app to the market under a new key.

ALWAYS backup up your keystore and write the passwords down in a safe location.

###

Just encountered this problem myself – luckily I was able to find the password in some Gradle’s temporary file. Just in case anyone lands here:

try looking for this file

..Project\.gradle\2.4\taskArtifacts\taskArtifacts.bin

or

.gradle/3.5/taskHistory/taskHistory.bin
.gradle/5.1.1/executionHistory/executionHistory.bin
.gradle/caches/5.1.1/executionHistory/executionHistory.bin

and search for

storePassword

It was there in cleartext. In general, if you do remember at least a part of your password, try searching for a file containing this substring and hopefully you will fish out something.

Wanted to throw it out here, maybe it will eventually help someone.


Edit: Added new insight from comments, just to be more visible.

Thanks to Vivek Bansal, Amar Ilindra and Uzbekjon for these.

###

In case a wrong password is provided, even just once, it keeps saying on next attempts:

Keystore tampered with or password incorrect.

Even when you provide the correct one. I tried it several times, maybe it’s some kind of protection.
Close the export wizard and start it again with the correct password, now it works 🙂

###

Brute is your best bet!

Here is a script that helped me out:

https://code.google.com/p/android-keystore-password-recover/wiki/HowTo

You can optionally give it a list of words the password might include for a very fast recover (for me it worked in <1 sec)

###

Go to taskHistory

Finally i found the solution after spending two days…

Follow these steps:

  1. Go to project
  2. In .gradle find your gradle version folder in my case it was 4.1 (Refer pic)
  3. expand the 4.1 folder and then in taskHistory folder you will find taskHistory.bin file.
  4. Open taskHistory.bin file in android studio itself.
  5. Search for “.storePassword” .. That’s it you got your keystore password.

This really worked to me.

Try this and happy coding!!!

###

On a MAC launch Console utility and scrolled down to ~/Library/Logs -> AndroidStudio ->idea.log.1 (or any old log number)
Then I searched for “keystore” and it should appear somewhere in the logs.

Original question: link

###

In fact, losing thekeystore password is not a problem.
You can create a new keystore and set a new password for it with the keytool command below. You don’t need original keystore password for it:

keytool -importkeystore -srckeystore path/to/keystore/with/forgotten/pw \
-destkeystore path/to/my/new.keystore

When prompted, create password for your new.keystore and for source keystore password (which you lost) just hit Enter.
You will get warning about integrity not checked, and you will get your new.keystore identical to original with newly set password.

The reason this works is keystore password is only used to provide integrity of the keystore, it does not encrypt data with it, in contrast to private key password, which actually keeps your private key encrypted.

Please note, that you must know your private key password to sign your apps. Well, if it is same as forgotten keystore password then you can resort to bruteforce as in @Artur’s answer.

This approach always worked for me.

###

SOLUTION 2019 (Windows, Android Studio 3.3, gradle 4.10):

This solution only works if “Remember password” checkbox was previously marked.

First of all taskArtifacts.bin don’t exist for this version of gradle and idea.log shows asterisks for passwords. This was old days solutions that doesn’t worked to me.

Where I found the clear text passwords: C:\Users\{username}\AndroidStudioProjects\{project}\app\build\intermediates\signing_config\release\out\signing-config.json

Keys: mStorePassword and mKeyPassword.

I really hope it helps someone else.

###

I feel I need to make it an answer because this could not be just in comments.
Like @ElDoRado1239 says in his answer (dont forget to upvote his answer 😉

  • Looks for ..Project\.gradle\2.4\taskArtifacts\taskArtifacts.bin in my case was in ..Project\.gradle\2.2.1\taskArtifacts\taskArtifacts.bin because I use gradle 2.2.1
  • Then look for storePassword like @Moxet Khan says in comments…in my case was at line signingConfig.storePassword¬í t my.forgoten.password—signingConfig.keyAlias

Hope help somebody else!!!

###

Fortunately, I found my lost password along with the keystore path and alias name from my Android studio logs.

if you are running linux / Unix based machines.

Navigate to Library Logs directory

cd ~/Library/Logs/

in there if you remember your android studio version which you used to build the last release APK. Navigate to that Directory

ex : cd AndroidStudio1.5/

In there you will find the log files. in any of the log files (idea.log)
you will find your keystore credentials

example

-Pandroid.injected.signing.store.file=/Users/myuserid/AndroidStudioProjects/keystore/keystore.jks, 
-Pandroid.injected.signing.store.password=mystorepassword, 
-Pandroid.injected.signing.key.alias=myandroidkey, 
-Pandroid.injected.signing.key.password=mykeypassword,

I hope this helps for Android Studio users

###

It may be bit late but it will help someone for sure
You can search password if you remember something otherwise try searching like

signingConfig.storePassword

also if you forgot key alias you can find here that also
search something like signingConfig.keyAlias

Project.gradle\3.3\taskArtifacts\taskArtifacts.bin

Hope it will help someone

###

For anyone else who may run across this, I wanted to share an answer that may be the case for you or for others browsing this article (like myself).

I am using Eclipse and created my keystore in it for my 1.0 release. Fast forward 3 months and I wanted to update it to 1.1. When I chose Export… in Eclipse and chose that keystore, none of my passwords that I could remember worked. Every time it said “Keystore tampered with or password incorrect.” It got to a point where I was getting ready to run a brute force program on it for as long as I could stand (a week or so) to try to get it to work.

Luckily, I to sign my unsigned .apk file outside of Eclipse. Voila – it worked! My password had been correct the entire time! I’m not sure why, but signing it in Eclipse through the Export menu was reporting an error even when my password was correct.

So, if you’re getting this error, here are my steps (taken from Android documentation) to help you get your apk ready for the market.

NOTE: To get unsigned apk from Eclipse: Right-click project > Android Tools > Export Unsigned Application

  1. Sign unsigned apk file with keystore

    a. open administrator cmd prompt and go to “c:\Program Files\Java\jdk1.6.0_25\bin” or whatever version of java you have (where you have copied the unsigned apk file and your keystore)

    b. at cmd prompt with keystore file and unsigned apk in same directory, type this command: jarsigner -keystore mykeystorename.keystore -verbose unsigned.apk myaliasnamefromkeystore

    c. it will say: “Enter Passphrase for keystore:”. Enter it and press Return.

    d. ===> Success looks like this:

    adding: META-INF/MANIFEST.MF
    ...
    signing: classes.dex
    

    e. the unsigned version is overwritten in place, so your signed apk file is now at the same file name as the unsigned one

  2. Use ZipAlign to compact the signed apk file for distribution in the market

    a. open admin cmd prompt and go to “c:\AndroidSDK\tools” or wherever you installed the Android SDK

    b. enter this command: zipalign -v 4 signed.apk signedaligned.apk

    c. ===> Success looks like this:

    Verifying alignment of signedaligned.apk (4)
    50 META-INF/MANIFEST.MF (OK - compressed)
    ...
    1047129 classes.dex (OK - compressed)
    Verification succesful
    

    d. the signed and aligned file is at signedaligned.apk (the filename you specified in the previous command)

========> READY TO SUBMIT TO MARKETPLACE

###

After spending almost a day in researching the possible options for recovering the lost keystore password in Android Studio. I found the following 4 possible ways to do it:

  1. Use AndroidKeystoreBrute to retrieve your password. This method is quite useful when you partially forgot your password means you still have some hints of your password in your mind.

  2. You can also retrieve it through Android Studio log files if you have previously released the app(for which you finding the keystore password) with the same machine. Refer to the following directory:

    Mac OSX

    ~/Library/Logs/AndroidStudio/idea.log.1

    Linux (Possible Location)

    /home/user_name/AndroidStudio/system/log

    Windows (Possible Location)

    C:\Users\user_name\AndroidStudio\system\log

    and search for Pandroid.injected.signing.key.password inside the file. You gonna see the password if you have previously signed the app with the same Android Studio version in which you are looking currently.

  3. You can also retrieve the password through .gradle directory of your project. Look for the following path

    project_directory/.gradle/2.4/taskArtifacts/taskArtifacts.bin.

    Note: This doesn’t seem to work for newer versions of Gradle (2.10 and above).

  4. If none of the above solutions works then you can try this one but for this one also you must have Android Studio IDE app or It’s preferences in which your project keystore password have been saved earlier (Using the Remember password option at the time of signing the app). You can get the IDE preferences from the following path:

    Mac OSX

    ~/Library/Logs/AndroidStudio/idea.log.1

    Linux (Possible Location)

    /home/user_name/AndroidStudio

    Windows (Possible Location)

    c:\user\username\.AndroidStudio

    Just use the older Android Studio IDE if you have or import the preferences of the old IDE into new IDE and also put the keystore file in the same path where it was previously when you had signed it and save the password last time.

    In this way once you open the project and try the Build->Generate Signed APK and select the keystore file from the older location. It will automatically retrieve the password and continue to generate the signed APK for release.

    Once the release APK generates successfully you can follow the option 2 mentioned earlier to check your password from you log file for the recently generated release APK.

###

First download AndroidKeystoreBrute_v1.05.jar and then follow the given image.enter image description here

prepare one wordlistfile like(wordlist.txt), in that file give your hint like

Password Hint:

users

Users

Password

password

pa55word

Password

@

*

#

$

&

1

2

123

789

U will get your password.

###

Adding this as another possibility. The answer may be right under your nose — in your app’s build.gradle file if you happened to have specified a signing configuration at some point in the past:

signingConfigs {
    config {
        keyAlias 'My App'
        keyPassword 'password'
        storeFile file('/storefile/location')
        storePassword 'anotherpassword'
    }
}

Do you feel lucky?!

###

I had the same problem at once.
Even though with App signing by Google Play, loosing keystore or it’s password is not a big deal like earlier, Still as a developer we rather prefer to change it’s password and use a generated keystore file without waiting for few days to google to handle it.
( To handle this issue with google use this link to make a request)
To handle this issue by ourselves,
First download two .java files from this link.
Then compile the ChangePassword.java by javac ChangePassword.java command.
Then after you may run

java ChangePassword <oldKeystoreFileName.keystore> <newKeystoreFileName.keystore>

Change oldKeystoreFileName.keystore with the path/ name of your current keystore file, and newKeystoreFileName.keystore with path/name for the new generated new keystore file.
This will promot you to

Enter keystore password:

. Just enter whatever you prefer 🙂 no need to be the original password that lost. Then Enter the new password with *

new keystore password:

  • Voila, that’s it. This won’t change the checksum of your keystore and won’t make any issues in app signing or uploading to play.google events.

###

Open taskHistory.bin and search for storePassword

###

IF you’re able to build your app from a PC, but you don’t recall the password, here’s what you can do to retrieve the password:

Method 1:

In your build.gradle, add println MYAPP_RELEASE_KEY_PASSWORD as below:

signingConfigs {
    release {
        if (project.hasProperty('MYAPP_RELEASE_STORE_FILE')) {
            storeFile file(MYAPP_RELEASE_STORE_FILE)
            storePassword MYAPP_RELEASE_STORE_PASSWORD
            keyAlias MYAPP_RELEASE_KEY_ALIAS
            keyPassword MYAPP_RELEASE_KEY_PASSWORD
            println MYAPP_RELEASE_KEY_PASSWORD
        }
    }
}

After that, run cd android && ./gradlew assembleRelease

Method 2:

Run keytool -list -v -keystore your <.keystore file path> e.g. keytool -list -v -keystore ./app/my-app-key.keystore.

It will ask for you to Enter keystore password: Just press enter key here. and you will be able to find mapped to Alias name:

Then, run grep -rn "<your alias name>" . in your terminal and you will be able to see your signing.json file as below:

./app/build/intermediates/signing_config/release/out/signing-config.json

The file will have your password in json format with key “mKeyPassword”:” < your password > “

###

Android brute force will not work if your both the passwords are different so the best option might be like that try to find the file named as

log.idea

in your
C:/users/your named account
then you might found that in there in android folder open that file lpg.idea in notepad and then search for

alias

using find option in notepad you will find it that the password and alias and alias passwors has been shown there

###

To summarise there are 3 answers to this question (and the solution is not given by the accepted answer):

  1. If you have your logs intact, then you can find the password in the Android Studio log files as per Georgi Koemdzhiev’s answer above.

  2. You can retrieve the password from the ‘taskArtifacts.bin’ file in your .gradle directory as per ElDoRado1239’s and Gueorgui Obregon’s answers above. This doesn’t seem to work for newer versions of Gradle (2.10 and above).

  3. Use AndroidKeystoreBrute to guess or bruteforce your password as per Srinivas Keerthiprakasam’s answer above.

All these 3 solutions are covered in-depth at this link.

###

I have found the password in

C:\Users\{Username}\.AndroidStudio2.2\system\log\idea.txt

Search for

Pandroid.injected.signing.store.password

###

Go to taskhistory.bin in .gradle folder of your project search password scroll down till you find the password

###

In my case I was getting the alias name wrong, even though I stored the correct password. So I thought it was the wrong password (using ionic package) so i used this command to get the alias name

keytool -list -v -keystore

And I was able to use the keystore again!

###

C:\Users\admin\AndroidStudioProjects\TrumpetTVChannel2.gradle\2.14.1\taskArtifacts\taskArtifacts.bin

1st try to create new keystore….then open taskArtifacts.bin with notepad and look for password that you just given….you will able to figure out words near to password that you just given then search for these words near to your password in same file….you will able to figure out the password…..:)

###

If Nothing work try these line. Move to the path where .jks is stored. Run this command in command prompt. It will ask for password, ignore that and press enter.

keytool -list -keystore sample.jks

###

SOLUTION 2018: Sign app with new keystore file if you missing password or jks file.

1) Create new keystore.jks file with comand line (not android studio build menu)

keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks

Windows example:
"C:\Program Files\Android\Android Studio\jre\bin\keytool.exe" -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore "C:\keystore_new.jks"

2) Generate a .pem file from new keystore

keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks

Windows example:
"C:\Program Files\Android\Android Studio\jre\bin\keytool.exe" -export -rfc -alias upload -file "C:\upload_cert.pem" -keystore "C:\keystore_new.jks"

3) Use this support form, set “keystore problem” and with attachment add .pem file:
https://support.google.com/googleplay/android-developer/contact/otherbugs

4) 12-48h you new keystore is enabled. Update your app on playstore with new apk signed with new keystore 😀

###

In Ionic I was able to find it here: /app/platforms/android/app/build/intermediates/signing_config/release/out/signing-config.json

Maybe this will help someone. cheers.

###

No need to use brute force a simple way is to find your plain text password.

goto:

C:\Users\<your username>\AndroidStudioProjects\WhatsAppDP\.gradle\2.2.1\taskArtifacts

Open:

taskArtifacts.bin 

when you open taskArtifacts.bin might look encrypted, don’t worry about that search for “.keyPassword” a couple times. Then you will find your password in plain text. It may resemble:

signingConfig.keyPassword¬í t <your password>Æù

Hope this was helpful.

###

Well to look up for lost keystore password you can try this, For me the following solution worked pretty well.

find the idea log files in ~/Library/Logs/AndroidStudio2.0. You can also locate these by opening Android Studio-> Help->Show Log in File manager.

Open the idea.log file. Note: There may be multiple files named idea.log.1, idea.log.2 etc. Look through each of them till you find the password.

Search for “Pandroid.injected.signing.key.password” and you can see the key password.

Hope it helps…

###

I have experienced same problem, I have tried below steps to solve the problem :-

  1. Create sign apk with creating new keystore and new password.

  2. Now create again sign apk by using your old keystore (keystore used at the time of previous apk build upload) but now use new keystore password.

  3. Now definitely you will create successfully sign apk using old keystore.

    • Hope this solution will help you..

Leave a Reply

Your email address will not be published. Required fields are marked *