keystore2john and the Keystore format should not be limited to files with exactly 1 key

[Borim7]

I currently experiment a little with john. When testing Java keystore files I recognized, that the output from the script keystore2john.py is not recognized by john. The error message is No password hashes loaded, although there is an password hash extracted by the 2john script.

To minimize test setup I created an empty keystore with the password test, which is parsed as:

test.jks:$keystore$0$12$feedfeed0000000200000000$75db9b45d1619599614130770c02d5917b5f10e0$0$0$:::::test.jks

According to the 2john script the 75db9b45d1619599614130770c02d5917b5f10e0 is the password hash.

The output is generated, after fixing the script to support keyfiles without additional keys by init some variables:

def process_file(filename):
    keysize = 0
    protectedPrivKey = b""

I have search the web, what output format is expected by john, but I only find a lot of tutorials.
So I am currently unsure, where the problem lies... within the script or john itself.

[solardiz]

Maybe this helps:

./john --format=keystore --list=format-tests

[solardiz]

In keystore_common_plug.c, we check:

        if ((p = strtokm(NULL, "$")) == NULL) /* number of keys */
                goto bail;
        if (!isdec(p))
                goto bail;
        /* currently we support only 1 key */
        if (atoi(p) != 1)
                goto bail;

This is field right after the hash, where you have a 0 and we require a 1.

[solardiz]

This gets loaded, but is obviously not getting cracked:

$keystore$0$12$feedfeed0000000200000000$75db9b45d1619599614130770c02d5917b5f10e0$1$1$00

What are "keyfiles without additional keys"? Does this make sense? Sorry I'm not familiar with these keystore files.

[Borim7]

The keystore files have multiple passwords, one password for the keystore file itself and for each stored key there are also passwords.
The key passwords can be the same, as for the keystore, but they dont need to.

I was trying to test the password strength of the keystore password. So I thought no additional keys are needed. If I understand you right, currently john can only be used for files with one key?

[solardiz]

currently john can only be used for files with one key?

Apparently, yes.

This hack:

+++ b/src/keystore_common_plug.c
@@ -57,7 +57,7 @@ MAYBE_INLINE static int keystore_common_valid(char *ciphertext, struct fmt_main
        if (!isdec(p))
                goto bail;
        /* currently we support only 1 key */
-       if (atoi(p) != 1)
+       if (atoi(p) > 1)
                goto bail;
        if ((p = strtokm(NULL, "$")) == NULL) /* key length */
                goto bail;
@@ -68,7 +68,7 @@ MAYBE_INLINE static int keystore_common_valid(char *ciphertext, struct fmt_main
                goto bail;
        if ((p = strtokm(NULL, "$")) == NULL) /* key data */
                goto bail;
-       if (hexlenl(p, &extra) != v*2 || extra)
+       if (v && (hexlenl(p, &extra) != v*2 || extra))
                goto bail;
        MEM_FREE(keeptr);
        return 1;

allows me to get this hash loaded:

$keystore$0$12$feedfeed0000000200000000$75db9b45d1619599614130770c02d5917b5f10e0$0$0$$

which is almost same as your original, just added one trailing $. But it still does not get cracked.

Per your explanation, it may be that we're only trying to crack password on the first key, not on the keystore itself.

There's probably room for enhancement here.

[solardiz]

@kholia Hi! Maybe you could help confirm or correct our understanding here. Thank you! :-)

[Borim7]

For creating keystore file with one entry I used following command:

keytool -genkey -keyalg RSA -keystore KeyStore.jks -keysize 1028 -storetype JKS

But also in this case the keystore file is not processed by john.

Below I posted the extracted hash, the password for keystore and the key is testtest:

KeyStore.jks:$keystore$0$1349$feedfeed00000002000000010000000100056d796b65790000019cc4ce682d000002bb308202b7300c060a2b060104012a02110101048202a5b19cac6fcc992e59b6d6dc91f59f9450c486b3f1d64cd31be9a5efb67575f5e0d0330f7c312466c94da634c01dfb01574474ab459dc2ba288c6245445d579be9b9beeb58fb681d771ab1fbcc4e3888b448bd7eeba33eb1624eeb8c7703eab0ed9087f2f29d52ba3650354ef7af15757eef386fbd823a62890a0b44f6c73164ee3c254e3eb7fed873bfd0ced1a6a4bf44c6e944609cd60afe3c957c8dd308fd18a9b0d85ad89ec48654dac0096b5157addb8f655aa312fe22a589685585025cc8b744bfc6706317d0231b5fb9b574cca7dc6bb7c050b23fdf71633569ecc571d16f294537e32fb0d1ed4edc14385fca6565e45bf12c6c59f771cf29d79a9388112b4e3f1c19b80d71251a8c1913d405721f12032270ef74b70c3e8d00ec73d632a553d8504e2e38ba3b1fc4a0bd8601d1abda6c693a5cd78050cee126763c8d6457a590ad8c0caae47187cca8d57ca51a558d3960ea0fbe1b825c9805c4d2b60b302678545637dd1eb3b9b2ca03638e665f6bb18afbbb62e12f48f9e83857f39ee3d6ed4a47fb0cb117634eeb9df25902b48af3b1a4146aab04f7f48d5969604b91181f86ef19ac5c71166c5caedb127daadafa96b900a0cdd066ee0b8705d290a41ba8bcb8b2c0fd0fdef0b0c8d686c6eac056c3e0569a907f4fb7d27e5425a8ee2ddb6b4f4611bac3b09d015fa96c3113622e8f4f57b50e8f80f9ffd4ab90187ad440c467c9b1cd09d4b5e46d01bb137bc8e714fa8ac12c51dade4743112cf48e404a5bd5287461bbfc32469cfbcd24d2500f159514ab864c751db451e2bbc1ca03ac6fdb736d491c23ae21080dd82fad790d130dd056f102f48b2dc9e11764ec54219e3988935e9f59f68b8d749a067db2bffa71441e9c69f1a4a81fd6e281cd794366cd131fa0a72d7af48ab2f59b28482b75d12e2d32ac91fbab147b437488eb8cd27c000000010005582e3530390000025830820254308201bca003020102020900ba3b62bcb4faace1300d06092a864886f70d01010c0500305a310d300b0603550406130474657374310d300b0603550408130474657374310d300b0603550407130474657374310d300b060355040a130474657374310d300b060355040b130474657374310d300b0603550403130474657374301e170d3236303330363230313934335a170d3236303630343230313934335a305a310d300b0603550406130474657374310d300b0603550408130474657374310d300b0603550407130474657374310d300b060355040a130474657374310d300b060355040b130474657374310d300b060355040313047465737430819f300d06092a864886f70d010101050003818d003081890281810bc3836919d2216b84135cee105553ef63ca5690c5282ad287ce374630b0691d164783751f189db0ac639b7720d33373ddaecf2f77e754fe91757151a86e7de4976fff7f967ef76445c7529701fd3a29a06af421ca2dd3e624083f946c44cdec61e87ac179287955b0fb54828d4e3e8d469dd43434c00bd341f9c303f28004f93b0203010001a321301f301d0603551d0e04160414691179c5231f29c2a3e3a59b5c5460d5b8373c42300d06092a864886f70d01010c05000381820009c5453ae5002906751b7bca98caa98ab9bcd324a8ead7d9e84599a7ecb8a54c74c48aba3f7b09542e133ed462fac87ade6acbf6b120c6db3c17100255e29b765b2c939990b5436c8a522e4349fac024b7f02c2ccf74516a21f81a541d65289743b4dad7e4f982236b420cdb9a0e655b1c752b0a7fb155d77f17d221b5321e4f2b$bc38ec2979d51e049d372a8f0e815980a5d58d1f$1$699$308202b7300c060a2b060104012a02110101048202a5b19cac6fcc992e59b6d6dc91f59f9450c486b3f1d64cd31be9a5efb67575f5e0d0330f7c312466c94da634c01dfb01574474ab459dc2ba288c6245445d579be9b9beeb58fb681d771ab1fbcc4e3888b448bd7eeba33eb1624eeb8c7703eab0ed9087f2f29d52ba3650354ef7af15757eef386fbd823a62890a0b44f6c73164ee3c254e3eb7fed873bfd0ced1a6a4bf44c6e944609cd60afe3c957c8dd308fd18a9b0d85ad89ec48654dac0096b5157addb8f655aa312fe22a589685585025cc8b744bfc6706317d0231b5fb9b574cca7dc6bb7c050b23fdf71633569ecc571d16f294537e32fb0d1ed4edc14385fca6565e45bf12c6c59f771cf29d79a9388112b4e3f1c19b80d71251a8c1913d405721f12032270ef74b70c3e8d00ec73d632a553d8504e2e38ba3b1fc4a0bd8601d1abda6c693a5cd78050cee126763c8d6457a590ad8c0caae47187cca8d57ca51a558d3960ea0fbe1b825c9805c4d2b60b302678545637dd1eb3b9b2ca03638e665f6bb18afbbb62e12f48f9e83857f39ee3d6ed4a47fb0cb117634eeb9df25902b48af3b1a4146aab04f7f48d5969604b91181f86ef19ac5c71166c5caedb127daadafa96b900a0cdd066ee0b8705d290a41ba8bcb8b2c0fd0fdef0b0c8d686c6eac056c3e0569a907f4fb7d27e5425a8ee2ddb6b4f4611bac3b09d015fa96c3113622e8f4f57b50e8f80f9ffd4ab90187ad440c467c9b1cd09d4b5e46d01bb137bc8e714fa8ac12c51dade4743112cf48e404a5bd5287461bbfc32469cfbcd24d2500f159514ab864c751db451e2bbc1ca03ac6fdb736d491c23ae21080dd82fad790d130dd056f102f48b2dc9e11764ec54219e3988935e9f59f68b8d749a067db2bffa71441e9c69f1a4a81fd6e281cd794366cd131fa0a72d7af48ab2f59b28482b75d12e2d32ac91fbab147b437488eb8cd27c:::::KeyStore.jks

With keytool -list -keystore KeyStore.jks it can be check how many entries exists:

KeyStore.jks 
Keystore-Kennwort eingeben:  
Keystore-Typ: JKS
Keystore-Provider: SUN

Keystore enthält 1 Eintrag

mykey, 06.03.2026, PrivateKeyEntry, 
Zertifikat-Fingerprint (SHA-256): 2B:DC:96:B2:00:38:3A:89:4F:F4:B7:46:D3:D9:32:01:6E:4B:CD:31:0F:2E:DF:51:7C:FA:3C:57:47:CE:78:FC

[solardiz]

Below I posted the extracted hash, the password for keystore and the key is testtest:

This one got truncated at 4096 characters, probably a copy-paste / terminal / pipe buffer size issue. Please use output redirection instead of copy-pasting the output of keystore2john.py into a file.

[solardiz]

Oh, sorry, looks like this happened for me copying it from GitHub, not on your end. Let me try something else...

[solardiz]

Below I posted the extracted hash, the password for keystore and the key is testtest:

... and it gets cracked:

$ ./john pw-keystore
Warning: detected hash type "keystore", but the string is also recognized as "keystore-opencl"
Use the "--format=keystore-opencl" option to force loading these as that type instead
Using default input encoding: UTF-8
Loaded 1 password hash (keystore, Java KeyStore [SHA1 512/512 AVX-512 16x])
Will run 8 OpenMP threads
Proceeding with single, rules:Single
Press 'q' or Ctrl-C to abort, 'h' for help, almost any other key for status
Almost done: Processing the remaining buffered candidate passwords, if any.
0g 0:00:00:00 DONE 1/3 (2026-03-06 22:44) 0g/s 97850p/s 97850c/s 97850C/s Jkskeystore.jks1909..Jkeystore1900
Proceeding with wordlist:./password.lst
Enabling duplicate candidate password suppressor using 256 MiB
testtest         (KeyStore.jks)     
1g 0:00:00:00 DONE 2/3 (2026-03-06 22:44) 1.786g/s 1907Kp/s 1907Kc/s 1907KC/s 123456..Savannah7
Use the "--show" option to display all of the cracked passwords reliably
Session completed

[kholia]

Possibly related: #2725 and #3219

It has been a long while since I worked on this stuff - I am quite rusty :D

Yes, from what I remember, there can be multiple things to crack in a Keystore file. Cracking the outer container password may NOT be entirely useful sometimes (if different passwords are in play).

I am taking a look now.

[kholia]

Workflow involved:

$ keytool -genkey -keyalg RSA -keystore KeyStore.jks -keysize 1028 -storetype JKS
Enter keystore password:  
Re-enter new password: 
Enter the distinguished name. Provide a single dot (.) to leave a sub-component empty or press ENTER to use the default value in braces.
What is your first and last name?
  [Unknown]:  
What is the name of your organizational unit?
  [Unknown]:  
What is the name of your organization?
  [Unknown]:  
What is the name of your City or Locality?
  [Unknown]:  
What is the name of your State or Province?
  [Unknown]:  
What is the two-letter country code for this unit?
  [Unknown]:  
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
  [no]:  yes

Generating 1028-bit RSA key pair and self-signed certificate (SHA384withRSA) with a validity of 90 days
	for: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
Enter key password for <mykey>
	(RETURN if same as keystore password):

As you can see, there can be multiple (different) passwords involved.