Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Keystore password decryption.
#1
I am trying to figure out what the password is to use a certificate that is contained in a apk. I managed to rewrite part of their code to open the key store file successfully but cannot manage to find the password needed to load the PKCS certificate. I've dumped every string found in the hprof file and while I was able to find the key store password there, when this list was loaded into my custom brute force software there was no matching password in the list of strings to load the certificate. I also tried to look at char arrays without success. As for looking over the obfuscated code what type of methods should I search for? I already tried "getKey", "Load", "init". Any ideas of other objects to look into?
Reply
#2
Are you able to post the APK?
Reply
#3
(03-12-2015, 06:43 AM)lawson222 Wrote:  I am trying to figure out what the password is to use a certificate that is contained in a apk.

Hi, I'm new in RE. I have general question on that - are you trying to generate private key from public (I sssume certificate in apk contains public key only - or not?) to be able to sign new apk to be same signed as old one? is it practically possible to crack certificate that way? Or I misunserstand akp signing procedure? Thanx!
Reply
#4
It's not possible.
[Image: 7rL6Nl0.png]
Reply
 


Forum Jump:


Users browsing this thread: 1 Guest(s)

About The Bytecode Club

We're a community focused on Reverse Engineering, we try to target Java/Android but we also include other langauges/platforms. We pride ourselves in supporting and free and open sourced applications.

Website