Forgot Keystore password, thinking of Brute-Force detection. will it corrupt the keystore?
I recently realized that I have lost the password to my keystore (or perhaps the keystore got corrupted somehow)
It keeps giving me the error: Keystore tampered or password incorrect
I created an (quite unoptimized) algorithm to Brute-Force the password by letting it run all the night. However, I am not sure how many unsuccessful password attempts will lock the keystore down.
Does anyone know anything like this?
UPDATE
The algorithm I devised works okay (I am using Java), but I realized that normally, the Keystore tool asks for the password only when I press enter. but to get the brute-force to work, I would want it to have a switch and accept password in the same line. is it possible?
Answer
Sharing my experience after trying everything available.
1- Smart word list attack from android-keystore-password-recover is what eventually worked for me after spending a day trying different lists. Unfortunately, it does not support multithreading and I couldn't get it to run faster than 30,000 trials/second. I might contribute multithreading support to project soon.
2- KeystoreBrute was the best for brute-force attack at 320,000 trials/second. However, if you do the numbers, it will take 3.5 days for 6 characters long password and 177 days for 7 characters long.
3- If you only need to crack the keystore password, but not the certificate password (also referred to as the alias password), this tool will just changes it for you.
Good luck!