There is no backup of the android keystore used on an app in the play store, but there is a backup of the passwords
is it possible to recreate a valid keystore somehow? perhaps by decrypting an apk
I also don't know the "First name" "Last name" and "Organization" of the keystore
No, you cannot recreate a keystore and there is no way to upload an update that has been signed with a different keystore. I ran into this problem a few years ago and I know other devs who have as well. There is simply no good way to fix it. I learned to keep several copies of my keystore in several different locations incase anything every happened again!
Related
The problem is the following:
I have been developing my game on my laptop until now without a keystore set in Unity editor but I was able to upload my apk file to the Play Store. Now I bought another computer and wanted to upload an update but it gets rejected because it is signed differently.
I tried copying my debug.keystore file from my old computer to my new one, but it also gets rejected because it's for debug.
So my question is: Does Unity or Google Dev Console use a default keystore which the Developer Console accepts? And if so, then where can I find it? Would it be better to publish my application again with a new keystore created by me? (It's only in closed beta, so it's not that big of a deal, but I want to know why this is happening.)
There's no way to recover your key.
I once faced a similar situation, since then,
I've made several copies of my key. Once again,
there is no way to recover this.
You need to create new a keystore and make a backup to prevent any issues in the future
We are using Android Studio and we are developing an app using the default keystore. The application is already being used while in development so all clients already have data in their devices.
We now would like to use an actual keystore. However, creating a new one would mean the clients cannot update the application - they would have to reinstall the application which means that they would lose existing data. Is there a way to go around this? Or can we import the existing keystore for release?
It is stored in ~/.android/debug.keystore.
On Windows, this will be something like C:\Users\Username.android\debug.keystore
However, I would advise not to do this, as the debug keys have an early expiration (at least they did with Eclipse, I haven't been able to find anything about Android Studio). Once this date is reached, there will be no option but to create a new key. It's definitely messy, but it'll be easier to clean up now rather than in a years time when you'll have even more users.
You should use the existing keystore itself. While generating the signed apk, You can provide the path to that keystore, keystore password, key alias and key password. This is the only way with which you can generate an updated version of the existing apk.
I have lost my keystore and did not keep any back up of it. I know this question has been asked before but I do not want to extract the password of the keystore. I know the password. I just want to know the alias name and any other details that I might have put in the keystore. Is that possible?
Also, I had developed the previous apk on Android Studio. Now Im using ADT to generate the signed apk. Will it matter with regards to the apk signature process?
Thanks
I recently realized that I have lost the password to my keystore (or perhaps the keystore got corrupted somehow)
It keeps giving me the error: Keystore tampered or password incorrect
I created an (quite unoptimized) algorithm to Brute-Force the password by letting it run all the night. However, I am not sure how many unsuccessful password attempts will lock the keystore down.
Does anyone know anything like this?
UPDATE
The algorithm I devised works okay (I am using Java), but I realized that normally, the Keystore tool asks for the password only when I press enter. but to get the brute-force to work, I would want it to have a switch and accept password in the same line. is it possible?
Sharing my experience after trying everything available.
1- Smart word list attack from android-keystore-password-recover is what eventually worked for me after spending a day trying different lists. Unfortunately, it does not support multithreading and I couldn't get it to run faster than 30,000 trials/second. I might contribute multithreading support to project soon.
2- KeystoreBrute was the best for brute-force attack at 320,000 trials/second. However, if you do the numbers, it will take 3.5 days for 6 characters long password and 177 days for 7 characters long.
3- If you only need to crack the keystore password, but not the certificate password (also referred to as the alias password), this tool will just changes it for you.
Good luck!
No amount of password attempts will corrupt the key.
I was having this same issue. I solved the problem by creating my own keystore brute force application.
here is a link to the github repository for this code.
https://github.com/volure/keystoreBrute
Anyone on the planet may use this or add to it.
It Works on the basis of Password segments.
My password was like
foo#543Pass
so I added all the possible segments
foo
Foo
FOO
and so on.
Then ran through the items like an odometer.
Its crude code but hard coded to work on up to 5 segments.
My attempt was successful.
Hope yours is too.
No, brute-forcing will not corrupt the keystore. However, one thing to note, if you are trying to manually guess the password using the Android Studio or Eclipse wizards, even if you enter a wrong password is provided, even just once, it keeps saying on next attempts: "Keystore tampered with or password incorrect", even if you provide the correct password. To get around this, just close and re-open the wizard.
P.S. If the intent behind asking this question is that you have forgotten your keystore password, then you can try the steps mentioned in the Android keystore password recovery guide.
No need to use any keystore-password-recover method it take so many days for recover any some time it's not work so you should replace Your keystore with new keystore no need to remove you app from play store, without removing apk you can update your apk using new keystore file it’s Possible now, After May 2017 you can Update your app if you lost your keystore or keystore password. Don’t lose Hope you can update your app using new Keystore file please refer this http://geekcodehub.com/blog/ new Keystore Certificate update on playstore Hub here i wrote how to update apk if you lost your keystore follow the step and create new keystore , I updated my app using this step. you need to enable google play app signing on play store console
Is it possible to release an update of an android app by signing it with a different certificate than the one originally used? I know it gives an error message normally when we try to upload such a build to the market. But is there any way out, like marking it as a major release, specifying somewhere in the market place?
No, you can not do it. The certificate is a tool to ensure you're the one who firstly uploaded the application.
So always backup the keystore!
Not currently, but it should be possible in the future when this issue get's resolved:
https://code.google.com/p/android/issues/detail?id=30870
Be clear though, that it's absolutely no excuse for loosing your keystore. It would just allow old keys to be renewed for security, and allow apps to move domains or change ownership.
Edit: I didn't think this was possible, but I just found this:
How to sign an APK with more than one certificate?
Awesome!