To benefit from multi-core computers, this software uses the awesome Akka actor library.
This software runs on the Java Virtual Machine (JVM), so you need to have a Java Runtime Environnement (JRE) installed on your computer. You can use the -f (-from) and -t (-to) options to run AKR on different computers, to parallelize computation and try to shorten the discovery of the password. Time needed for 7 character passwords: 5.5 * 62 = 339 days!Īs you can see, brute force with a single computer can take a very long time. Time needed to try all these combinations: 56 800 235 584 / v = 5.5 days! Number of combinations for a 6 characters password: 56 800 235 584 Number of combinations for a password of length n: 62^n AKR velocity: v = 120 000 passwords/seconds This is 62 possibilites for one character of the password.ĭepending on your hardware, AKR will try more or less passwords per second, this is a sample calculation with my own computer: In our case, we try all the characters like so: A, B.
-ec | -extra-characters add specified characters in combinationsīruteforce algorithms are not optimized at all, AKR is faster than other bruteforce tools but it will still try all password possibilities. -lc | -lower-case discards upper-case letters. 
-uc | -upper-case discards lower-case letters. Indeed, as actor computation is asynchronous, there is no guarantee that every password before the last one were really tried by the software. Note: If you want to resume a stopped brute force, I suggest that you take the second last tried password that was stored in $HOME/AndroidKeystoreRecovery.log. You can use -from and -to to parallelize the brute force on several computers. -w | -wordlist path to wordlist file (example: /././wordlist.txt). -pps | -passwords-per-second Will try the given number of passwords per second (Since 1.1). -t | -to stop at given password (in dictionary attack this is a end line number). -f | -from start at given password (in dictionary attack this is a start line number). -l | -min-length start at given length. These are the available options for AKR: Generic options Launch the bruteforce: java -jar android-keystore-recovery-1.4.0-bundle.jar. It will try all password combinations matching + by default, from the shortest password, up to the solution. This bruteforce tool is very simple, yet efficient. This project aims to solve the "password forgotten" problem for (Android) developers who happen to manage java keystore(s). If you want to use the last release, please visit this page Android Keystore Recovery Note that this README is updated for the latest snapshot version.
0 kommentar(er)
