Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
lost Android keystore password recovery utility
import subprocess as sp
import sys
# here you define general mutation rules
def upperCaseAllTs(x): return x.replace("t", "T")
def mySecretStrategy(x): return x.replace("34", "#$")
def cap(x): return x.capitalize()
# and put the mutator strategies here
strats = [upperCaseAllTs, mySecretStrategy, cap]
def subsets(lst):
""" Returns all subsets of the list """
bound = 1 << len(lst)
subs = []
for s in range(0, bound):
sub = []
for j in range(0, len(lst)):
if ((s >> j) & 1) == 0: sub.append(lst[j])
return subs
# stores all possible mutator combinations
# it is assumed that mutators can be independently applied in any order
strat_sets = subsets(strats)
# this will accumulate possible passwords
collection = set()
def variants(accum, parts):
Depth-first produce all password variants.
Note that not all leafs are different, since a mutation strategy may leave a part intact
if len(parts) == 0:
part = parts[0]
for strat_seq in strat_sets:
# apply the sequence
p0 = part
for strat in strat_seq:
p0 = strat(p0)
variants(accum + p0, parts[1:])
# ok, now you have to call the variants method with the ordered password parts to be mutated and joined
# if you think you had password like FooBarT or fooBar or Bartfoo or the like, then do:
variants("", ["foo", "bar"])
variants("", ["foo", "bart"])
variants("", ["bart", "foo"])
variants("", ["foo"])
for c in collection:
print ">"+c+"<"
# PHASE 1, recover the store password
# comment next line in PHASE 2
p = sp.Popen("keytool -list -keystore my.keystore -storepass " + c, stdout = sp.PIPE)
# PHASE 2, recover the key password
#p = sp.Popen("jarsigner -keystore my.keystore -storepass ThePassIRecoveredInPhase1 -keypass " + c + " -verbose some_unsigned.apk alias_name", stdout = sp.PIPE)
ret = p.stdout.readline()
print ret
rc = p.wait()
if rc == 0:
print "FOUND", c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment