public
Created

lost Android keystore password recovery utility

  • Download Gist
bruteforcer.py
Python
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68
import subprocess as sp
import sys
 
# here you define general mutation rules
def upperCaseAllTs(x): return x.replace("t", "T")
def mySecretStrategy(x): return x.replace("34", "#$")
def cap(x): return x.capitalize()
 
# and put the mutator strategies here
strats = [upperCaseAllTs, mySecretStrategy, cap]
 
def subsets(lst):
""" Returns all subsets of the list """
bound = 1 << len(lst)
subs = []
for s in range(0, bound):
sub = []
for j in range(0, len(lst)):
if ((s >> j) & 1) == 0: sub.append(lst[j])
subs.append(sub)
return subs
 
# stores all possible mutator combinations
# it is assumed that mutators can be independently applied in any order
strat_sets = subsets(strats)
 
# this will accumulate possible passwords
collection = set()
 
def variants(accum, parts):
"""
Depth-first produce all password variants.
Note that not all leafs are different, since a mutation strategy may leave a part intact
"""
if len(parts) == 0:
collection.add(accum)
else:
part = parts[0]
for strat_seq in strat_sets:
# apply the sequence
p0 = part
for strat in strat_seq:
p0 = strat(p0)
variants(accum + p0, parts[1:])
 
# ok, now you have to call the variants method with the ordered password parts to be mutated and joined
#
# if you think you had password like FooBarT or fooBar or Bartfoo or the like, then do:
variants("", ["foo", "bar"])
variants("", ["foo", "bart"])
variants("", ["bart", "foo"])
variants("", ["foo"])
for c in collection:
print ">"+c+"<"
# PHASE 1, recover the store password
# comment next line in PHASE 2
p = sp.Popen("keytool -list -keystore my.keystore -storepass " + c, stdout = sp.PIPE)
# PHASE 2, recover the key password
#p = sp.Popen("jarsigner -keystore my.keystore -storepass ThePassIRecoveredInPhase1 -keypass " + c + " -verbose some_unsigned.apk alias_name", stdout = sp.PIPE)
ret = p.stdout.readline()
print ret
rc = p.wait()
if rc == 0:
print "FOUND", c
sys.exit(0)

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.