How to handle a lost KeyStore password in Android?

See this link

It's unfortunate, but when you lose your keystore, or the password to your keystore, your application is orphaned. The only thing you can do is resubmit your app to the market under a new key.

ALWAYS backup up your keystore and write the passwords down in a safe location.

Just encountered this problem myself - luckily I was able to find the password in some Gradle's temporary file. Just in case anyone lands here:

try looking for this file

..Project\.gradle\2.4\taskArtifacts\taskArtifacts.bin

or

.gradle/3.5/taskHistory/taskHistory.bin
.gradle/5.1.1/executionHistory/executionHistory.bin
.gradle/caches/5.1.1/executionHistory/executionHistory.bin
.gradle/5.1.1/executionHistory/executionHistory.bin
.gradle/3.5/taskHistory/taskHistory.bin
.gradle/2.10/taskArtifacts/taskArtifacts.bin

and search for

storePassword

It was there in cleartext. In general, if you do remember at least a part of your password, try searching for a file containing this substring and hopefully you will fish out something.

Wanted to throw it out here, maybe it will eventually help someone.

Edit: Added new insight from comments, just to be more visible. Edit 2: Added some more locations reported in comments.

Thanks to Vivek Bansal, Amar Ilindra and Uzbekjon for these.

In case a wrong password is provided, even just once, it keeps saying on next attempts:

Keystore tampered with or password incorrect.

Even when you provide the correct one. I tried it several times, maybe it's some kind of protection.
Close the export wizard and start it again with the correct password, now it works :)

Brute is your best bet!

Here is a script that helped me out:

https://code.google.com/p/android-keystore-password-recover/wiki/HowTo

You can optionally give it a list of words the password might include for a very fast recover (for me it worked in <1 sec)

Finally i found the solution after spending two days...

Follow these steps:

1. Go to project
2. In .gradle find your gradle version folder in my case it was 4.1 (Refer pic)
3. expand the 4.1 folder and then in taskHistory folder you will find taskHistory.bin file.
4. Open taskHistory.bin file in android studio itself.
5. Search for ".storePassword" .. That's it you got your keystore password.

This really worked to me.

Try this and happy coding!!!

SOLUTION 2019 (Windows, Android Studio 3.3, gradle 4.10):

This solution only works if "Remember password" checkbox was previously marked.

First of all taskArtifacts.bin don't exist for this version of gradle and idea.log shows asterisks for passwords. This was old days solutions that doesn't worked to me.

Where I found the clear text passwords: C:\Users\{username}\AndroidStudioProjects\{project}\app\build\intermediates\signing_config\release\out\signing-config.json

Keys: mStorePassword and mKeyPassword.

I really hope it helps someone else.

On a MAC launch Console utility and scrolled down to ~/Library/Logs -> AndroidStudio ->idea.log.1 (or any old log number) Then I searched for "keystore" and it should appear somewhere in the logs.

Original question: link

In fact, losing thekeystore password is not a problem.
You can create a new keystore and set a new password for it with the keytool command below. You don't need original keystore password for it:

keytool -importkeystore -srckeystore path/to/keystore/with/forgotten/pw \
-destkeystore path/to/my/new.keystore

When prompted, create password for your new.keystore and for source keystore password (which you lost) just hit Enter.
You will get warning about integrity not checked, and you will get your new.keystore identical to original with newly set password.

The reason this works is keystore password is only used to provide integrity of the keystore, it does not encrypt data with it, in contrast to private key password, which actually keeps your private key encrypted.

Please note, that you must know your private key password to sign your apps. Well, if it is same as forgotten keystore password then you can resort to bruteforce as in @Artur's answer.

This approach always worked for me.

I feel I need to make it an answer because this could not be just in comments. Like @ElDoRado1239 says in his answer (dont forget to upvote his answer ;)

• Looks for ..Project\.gradle\2.4\taskArtifacts\taskArtifacts.bin in my case was in ..Project\.gradle\2.2.1\taskArtifacts\taskArtifacts.bin because I use gradle 2.2.1
• Then look for storePassword like @Moxet Khan says in comments...in my case was at line signingConfig.storePassword¬í t my.forgoten.password—signingConfig.keyAlias

Hope help somebody else!!!

Fortunately, I found my lost password along with the keystore path and alias name from my Android studio logs.

if you are running linux / Unix based machines.

Navigate to Library Logs directory

cd ~/Library/Logs/

in there if you remember your android studio version which you used to build the last release APK. Navigate to that Directory

ex : cd AndroidStudio1.5/

In there you will find the log files. in any of the log files (idea.log) you will find your keystore credentials

example

-Pandroid.injected.signing.store.file=/Users/myuserid/AndroidStudioProjects/keystore/keystore.jks, 
-Pandroid.injected.signing.store.password=mystorepassword, 
-Pandroid.injected.signing.key.alias=myandroidkey, 
-Pandroid.injected.signing.key.password=mykeypassword,

I hope this helps for Android Studio users

It may be bit late but it will help someone for sure You can search password if you remember something otherwise try searching like

signingConfig.storePassword

also if you forgot key alias you can find here that also search something like signingConfig.keyAlias

Project.gradle\3.3\taskArtifacts\taskArtifacts.bin

Hope it will help someone

After spending almost a day in researching the possible options for recovering the lost keystore password in Android Studio. I found the following 4 possible ways to do it:

1. Use AndroidKeystoreBrute to retrieve your password. This method is quite useful when you partially forgot your password means you still have some hints of your password in your mind.

2. You can also retrieve it through Android Studio log files if you have previously released the app(for which you finding the keystore password) with the same machine. Refer to the following directory:

   Mac OSX

   ~/Library/Logs/AndroidStudio/idea.log.1

   Linux (Possible Location)

   /home/user_name/AndroidStudio/system/log

   Windows (Possible Location)

   C:\Users\user_name\AndroidStudio\system\log

   and search for Pandroid.injected.signing.key.password inside the file. You gonna see the password if you have previously signed the app with the same Android Studio version in which you are looking currently.

3. You can also retrieve the password through .gradle directory of your project. Look for the following path

   project_directory/.gradle/2.4/taskArtifacts/taskArtifacts.bin.

   Note: This doesn't seem to work for newer versions of Gradle (2.10 and above).

4. If none of the above solutions works then you can try this one but for this one also you must have Android Studio IDE app or It's preferences in which your project keystore password have been saved earlier (Using the Remember password option at the time of signing the app). You can get the IDE preferences from the following path:

   Mac OSX

   ~/Library/Logs/AndroidStudio/idea.log.1

   Linux (Possible Location)

   /home/user_name/AndroidStudio

   Windows (Possible Location)

   c:\user\username\.AndroidStudio

   Just use the older Android Studio IDE if you have or import the preferences of the old IDE into new IDE and also put the keystore file in the same path where it was previously when you had signed it and save the password last time.

   In this way once you open the project and try the Build->Generate Signed APK and select the keystore file from the older location. It will automatically retrieve the password and continue to generate the signed APK for release.

   Once the release APK generates successfully you can follow the option 2 mentioned earlier to check your password from you log file for the recently generated release APK.

For anyone else who may run across this, I wanted to share an answer that may be the case for you or for others browsing this article (like myself).

I am using Eclipse and created my keystore in it for my 1.0 release. Fast forward 3 months and I wanted to update it to 1.1. When I chose Export... in Eclipse and chose that keystore, none of my passwords that I could remember worked. Every time it said "Keystore tampered with or password incorrect." It got to a point where I was getting ready to run a brute force program on it for as long as I could stand (a week or so) to try to get it to work.

Luckily, I to sign my unsigned .apk file outside of Eclipse. Voila - it worked! My password had been correct the entire time! I'm not sure why, but signing it in Eclipse through the Export menu was reporting an error even when my password was correct.

So, if you're getting this error, here are my steps (taken from Android documentation) to help you get your apk ready for the market.

NOTE: To get unsigned apk from Eclipse: Right-click project > Android Tools > Export Unsigned Application

1. Sign unsigned apk file with keystore

   a. open administrator cmd prompt and go to "c:\Program Files\Java\jdk1.6.0_25\bin" or whatever version of java you have (where you have copied the unsigned apk file and your keystore)

   b. at cmd prompt with keystore file and unsigned apk in same directory, type this command: jarsigner -keystore mykeystorename.keystore -verbose unsigned.apk myaliasnamefromkeystore

   c. it will say: "Enter Passphrase for keystore:". Enter it and press Return.

   d. ===> Success looks like this:

   adding: META-INF/MANIFEST.MF
   ...
   signing: classes.dex
   

   e. the unsigned version is overwritten in place, so your signed apk file is now at the same file name as the unsigned one

2. Use ZipAlign to compact the signed apk file for distribution in the market

   a. open admin cmd prompt and go to "c:\AndroidSDK\tools" or wherever you installed the Android SDK

   b. enter this command: zipalign -v 4 signed.apk signedaligned.apk

   c. ===> Success looks like this:

   Verifying alignment of signedaligned.apk (4)
   50 META-INF/MANIFEST.MF (OK - compressed)
   ...
   1047129 classes.dex (OK - compressed)
   Verification succesful
   

   d. the signed and aligned file is at signedaligned.apk (the filename you specified in the previous command)

========> READY TO SUBMIT TO MARKETPLACE

First download AndroidKeystoreBrute_v1.05.jar and then follow the given image.

prepare one wordlistfile like(wordlist.txt), in that file give your hint like

Password Hint:

users

Users

Password

password

pa55word

Password

@

*

#

$

&

1

2

123

789

U will get your password.

Simplest way to get keystore password

project_folder\app\build\intermediates\signing_config\release\out\signing-config.json

Check out this file search for StorePassword in signing-config.json

{"mName":"externalOverride","mStoreFile":"C:\\Users\\dAvInDeR\\Desktop\\KEYSTORE\\keystore.jks","mStorePassword":"1234@#abcd","mKeyAlias":"uploadkey","mKeyPassword":"1234@#abcd","mStoreType":"jks","mV1SigningEnabled":false,"mV2SigningEnabled":false}

Hope fully it will help you.

I'm surprised no one has mentioned this, but you can go to Google Play developer support, and they will work with you to create a new upload key:

https://support.google.com/googleplay/android-developer/contact/otherbugs

I filled an issue, and they contacted me within 1 day.

Update: After following their email instructions I was able to create a new upload key, and it was enabled a few days later! Problem solved.

Adding this as another possibility. The answer may be right under your nose -- in your app's build.gradle file if you happened to have specified a signing configuration at some point in the past:

signingConfigs {
    config {
        keyAlias 'My App'
        keyPassword 'password'
        storeFile file('/storefile/location')
        storePassword 'anotherpassword'
    }
}

Do you feel lucky?!

I had the same problem at once. Even though with App signing by Google Play, loosing keystore or it's password is not a big deal like earlier, Still as a developer we rather prefer to change it's password and use a generated keystore file without waiting for few days to google to handle it. ( To handle this issue with google use this link to make a request) To handle this issue by ourselves, First download two .java files from this link. Then compile the ChangePassword.java by javac ChangePassword.java command. Then after you may run

java ChangePassword <oldKeystoreFileName.keystore> <newKeystoreFileName.keystore>

Change oldKeystoreFileName.keystore with the path/ name of your current keystore file, and newKeystoreFileName.keystore with path/name for the new generated new keystore file. This will promot you to

Enter keystore password:

. Just enter whatever you prefer :) no need to be the original password that lost. Then Enter the new password with *

new keystore password:

• Voila, that's it. This won't change the checksum of your keystore and won't make any issues in app signing or uploading to play.google events.

SOLUTION 2018: Sign app with new keystore file if you missing password or jks file.

1) Create new keystore.jks file with comand line (not android studio build menu)

keytool -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore keystore.jks

Windows example: "C:\Program Files\Android\Android Studio\jre\bin\keytool.exe" -genkeypair -alias upload -keyalg RSA -keysize 2048 -validity 9125 -keystore "C:\keystore_new.jks"

2) Generate a .pem file from new keystore

keytool -export -rfc -alias upload -file upload_certificate.pem -keystore keystore.jks

Windows example: "C:\Program Files\Android\Android Studio\jre\bin\keytool.exe" -export -rfc -alias upload -file "C:\upload_cert.pem" -keystore "C:\keystore_new.jks"

3) Use this support form, set "keystore problem" and with attachment add .pem file: https://support.google.com/googleplay/android-developer/contact/otherbugs

4) 12-48h you new keystore is enabled. Update your app on playstore with new apk signed with new keystore :D

Open taskHistory.bin and search for storePassword

IF you're able to build your app from a PC, but you don't recall the password, here's what you can do to retrieve the password:

Method 1:

In your build.gradle, add println MYAPP_RELEASE_KEY_PASSWORD as below:

signingConfigs {
    release {
        if (project.hasProperty('MYAPP_RELEASE_STORE_FILE')) {
            storeFile file(MYAPP_RELEASE_STORE_FILE)
            storePassword MYAPP_RELEASE_STORE_PASSWORD
            keyAlias MYAPP_RELEASE_KEY_ALIAS
            keyPassword MYAPP_RELEASE_KEY_PASSWORD
            println MYAPP_RELEASE_KEY_PASSWORD
        }
    }
}

After that, run cd android && ./gradlew assembleRelease

Method 2:

Run keytool -list -v -keystore your <.keystore file path> e.g. keytool -list -v -keystore ./app/my-app-key.keystore.

It will ask for you to Enter keystore password: Just press enter key here. and you will be able to find mapped to Alias name:

Then, run grep -rn "<your alias name>" . in your terminal and you will be able to see your signing.json file as below:

./app/build/intermediates/signing_config/release/out/signing-config.json

The file will have your password in json format with key "mKeyPassword":" < your password > "

In Ionic I was able to find it here: /app/platforms/android/app/build/intermediates/signing_config/release/out/signing-config.json

Maybe this will help someone. cheers.

Just to simplify things here, this solution works in 2020 for gradle ver: 5.4.1

Open the file: project\.gradle\5.4.1\executionHistory.bin

Key Store password:

Search for "storePassword" text

For Key Password:

Search for "keyAlias" text

After search check for the password in the same line or the next line.

Android brute force will not work if your both the passwords are different so the best option might be like that try to find the file named as

log.idea

in your C:/users/your named account then you might found that in there in android folder open that file lpg.idea in notepad and then search for

alias

using find option in notepad you will find it that the password and alias and alias passwors has been shown there

I have found the password in

C:\Users\{Username}\.AndroidStudio2.2\system\log\idea.txt

Search for

Pandroid.injected.signing.store.password

Go to taskhistory.bin in .gradle folder of your project search password scroll down till you find the password

To summarise there are 3 answers to this question (and the solution is not given by the accepted answer):

1. If you have your logs intact, then you can find the password in the Android Studio log files as per Georgi Koemdzhiev's answer above.

2. You can retrieve the password from the 'taskArtifacts.bin' file in your .gradle directory as per ElDoRado1239's and Gueorgui Obregon's answers above. This doesn't seem to work for newer versions of Gradle (2.10 and above).

3. Use AndroidKeystoreBrute to guess or bruteforce your password as per Srinivas Keerthiprakasam's answer above.

All these 3 solutions are covered in-depth at this link.

C:\Users\admin\AndroidStudioProjects\TrumpetTVChannel2.gradle\2.14.1\taskArtifacts\taskArtifacts.bin

1st try to create new keystore....then open taskArtifacts.bin with notepad and look for password that you just given....you will able to figure out words near to password that you just given then search for these words near to your password in same file....you will able to figure out the password.....:)

If Nothing work try these line. Move to the path where .jks is stored. Run this command in command prompt. It will ask for password, ignore that and press enter.

keytool -list -keystore sample.jks

I know that this question is AGES old but I saw many answers who were basically saying brute-force is the way to go, which is simply not true because devs usually have a strong and long password, which can't be brute-forced that easily, also it takes days and you have to have your computer running 24/7, so my solution is simple - Contact the support, they will even generate a new key for you, it's the fastest solution you will get.