Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 11 Aug 2013 20:00:15 +0200
From: magnum <>
Subject: Re: Are BKS/Berkely -Keystores for Java supported yet?

On 11 Aug, 2013, at 19:05 , Sam <> wrote:
> Am 11.08.2013 14:29, schrieb magnum:
>> On 11 Aug, 2013, at 11:31 , Sam <> wrote:
>>> i am currently trying to estimate the security of an android application.
>>> The certificate which is used quite heavily in the application only is
>>> available as bks file which can''t be opened without password.
>>> I am currently tracing this obfuscated application in hope to reveal the
>>> password used in the code somewhere but as a secondary fallback, i want
>>> to try bruteforce.
>>> Therefore my question, is it possible to use JtR for this process yet?
>> In latest bleeding-jumbo (not released yet) we have a format called "keystore" which is "Java Keystore" but I'm not sure this is what you need. If it is, you'd use it like this:
>> $ ./keystore2john file.bks >file.john
>> $ ./john file.john (...)
>> You can try a snapshot from
>> If this is not it, I'm sure Dhiru will whip a new format up for you but his away for a week or so.
>> magnum
> I tried with a few diffrent make targets but so far none resulted in a
> keystore2john file under the /run folder .
> Make didn't return with any obvious error (except that mozilla format is
> not available)

That's very odd if you were really using bleeding-jumbo. It's been there since February and latest change was April 15.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.