Get password from a Keystore Stash File

NOTE: The Keystash has been enhanced, and is no longer accessible this way. If you’ve lost your keystore password now – all bets are off. Sorry.

On the other hand, if you at least have the stash, you can likely export the keys and move them into a new keystore of your choice, with a new password.

This is an oldie, but a goodie, just encountered a customer who’d lost the password to their WebSEAL keystore. Fortunately, assuming you have the stash file (<keystore name>.sth – in the same directory as the keystore .kdb file). Which you would – if the keystore is still being used actively, then you can easily extract the obfuscated keystore password.

Here is a Perl script that can unstash the password.

—————-unstash.pl begin ————————

use strict;

die "Usage: $0 <stash file>n" if $#ARGV != 0;

my $file=$ARGV[0];
open(F,$file) || die "Can't open $file: $!";

my $stash;
read F,$stash,1024;

my @unstash=map { $_^0xf5 } unpack("C*",$stash);

foreach my $c (@unstash) {
last if $c eq 0;
printf "%c",$c;
}
printf "n";

———————unstash.pl end—————–

Usage:

perl unstash.pl keystore.sth

Perl Source: javagongura.blogspot.sg/2010/11/password-recovery-from-stash-file.html
Have copied locally – since I’ve used this a few times.

The stash file is just an XOR’ed copy of the password – XOR’d with 0xf5.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

WordPress.com.

Up ↑

%d bloggers like this: