Home > ArticlesCertificate Password Recovery Tool

Certificate Password Recovery Tool

Posted by rion on February 18, 2012

In a previous article I mentioned that I'd be Open sourcing a Password recovery app that I had put together to help me remember by Blackberry Codesigning Certificate password. This post is the "Homepage" for the utility and will describe what it is and how to use it.

Read on for details (Download link is at the bottom of the page)

 

This Certificate Password Recovery tool is released under an Open Source (MIT) License. As I discussed in a previous article, this tool has helped me recover my Blackberry Code signing certificate password. The intent of this tool is to help developers recover passwords in situations where they have forgotton or lost the password, yet still remember certain pieces or characteristics of the pass string.

The utility is not intended for illegal or unscrupulous purposes.

System Requirements

  • Microsoft .NET 4.0 Client Profile
  • 15MB of Available RAM
  • Visual Studio Express 2010 (If you want to build the solution)

Performance Notes

 

System 1: Core i3 Laptop (2011)

  • Core i3-2330M CPU (Clocked @ 2.2GHz)
  • 8GB DDR3 RAM (4GB + 4GB)
    • Dual Channel @ 667MHz
    • 9-9-9-24 Timing
    • 1:5 ratio (FSB:DRAM)
    • Command Rate: 1T

Performance: 36 to 41 Million Password tries per day

 

System 2: HP Desktop (2012)

  • AMD FX-6100 CPU (Clocked @ 3.3GHz)
  • 6GB DDR3 RAM (4GB + 2GB)
    • Dual Channel @ 667MHz
    • 9-9-9-24-33 Timing (33 is Bank Cycle Time)
    • 3:10 ratio (FSB:DRAM)
    • Command Rate: Not Specified

Performance: 44 million password tries per day


System 3: Dell Optiplex GX620 (2005)

  • Intel Pentium 4 521 CPU (Clocked @ 2.8GHz)
  • 1GB DDR2 RAM (4x 256MB)
    • Dual Channel @ 266MHz
    • 4-4-4-12-16 (16 is Bank Cycle Time)
    • 3:4 ratio (FSB:DRAM)
    • Command Rate: Not Specified

Performance: 27 million password tries per day


The Utility is single-threaded. For maximum effectiveness in recovering your password I recommend:

  1. Use what you remember of the password
    1. In my case I could remember the beginning and end of my password string. This reduced what I had to guess from 13 characters down to 6

  2. Center the password recover tool's attempts around the most likely password "area"
    1. For example, if you are trying to find a password like 'p@ssword!' DON'T just start the brute-force at 'a' and let it increment (b,c,d......aaab,aaac,aaad,etc...). Start the recovery utility at something like 'paaaaaaa'

      Note: Be sure to account for the fat finger! You may think you have a 13 character password but it could be only 12 characters or it could be 14 or 15 characters long. To play it safe, you might want to start it off one character shorter than you are expecting...

  3. Reduce the character set
    1. If you KNOW that certain symbols, letters or numbers are NOT present in the password be sure to remove them from the brute force character sequence
    2. For example, I was able to cut my character set down from 76 to 23. This improved my cracking ability enough to make it worthwhile to use the cracker tool.
       
  4. Run multiple instances of the Utility (Up to 1 per core) trying different scenarios
    1. Have one instance start with a prefix
    2. Have another instance start with a suffix
    3. If you have more cores, you could try staggered steps

 

 

How to use the Utility

  1. Open the EXE found in CertificatePasswordRecovery\CertificatePasswordRecovery\bin\Release
    1-MainRecoveryUI.png
    While it looks like there are a lot of options, they are all explained below

  2. Configure the Settings:
    1. Max Generated Characters specifies how many characters you want to generate. It will go from 1 character up to (and including) the maximum specified here
       
    2. Starting String lets you decide where you want to start your generated password. For example: If you enter aaa in this field then your sequence will go aaa,aab,aac,etc...
       
    3. Prefix String is useful in cases where you remember the first few characters of your password. No need to waste time 'guessing' those if you already know them. For example if you know that your password starts with pass, enter 'pass' in the prefix box.
       
    4. Suffix String is helpful when you remember the last few characters of your password. 
       
    5. In the Symbol Sequence box you can specify a comma-separated list of characters you want to be present in the password search. It can be arbitrarily ordered.

      Note: For reliable results, leave the space at the beginning of the symbol sequence!
      Note 2:       The more characters you can remove from this list, the quicker your search will go.

    6. Path To Cert lets you pick the keystore or certificate you want to use when guessing passwords
       
    7. Path to Log File lets you pick the path to the logfile where attempts are logged

      Note: The utility will crash if given a non-existant folder path. It will create the txt file automatically, but not the folder structure up to it.
       
    8. Log Level lets you pick how to log. Explanation of settings:
      1. Off will not log anything. Be careful with this setting: It means the only notification you'll receive is a pop-up dialog when the password is found. Nothing is written out to disk
         
      2. Success Only will log the start of the process, then write the password out to the file when it is found. All non-valid passwords are ignored
         
      3. Every 10,000 + Success will log every 10,000th password along with the Succesful password. This is useful if you want to track the progess of the password guessing.

        Note: Don't open the file directly. Instead, copy it then open. Otherwise the file could be locked when the Utility tries to write-out
         
      4. Everything will log every password attempt to the log file. This is the Slowest setting as writing to disk is fairly slow. Use this option if you want to find out what password combinations are being tested.
         
  3. The Help / about link will take you to this page

 


 

Notes about the Recovery tool:

  • It Will not find spaces at the beginning or end of a password unless manually entered in the prefix / suffix boxes
     
  • To specify a comma as a sequence symbol you must enter 'comma' (without the quote marks). This is becuase I split the string on comma and need another way to represent that character
     
  • If characters are entered in the 'starting string' box that are not present in the symbol sequence, you will be alerted. This could negatively affect the pasword search
     
  • A space is the first character in the default sequence. This allows the password cracker to easily handle passwords that are up to the max length, while not starting at the max length

Note: For best results it is highly recommended to leave the space as the first character in the sequence!


Download

Download the Certificate Password Recovery Tool

Note: Antivirus software may not like this tool even though it has legitimate uses. For best results, build the source code using Visual C# 2010 Express (microsoft.com). This will give you the opportunity to inspect & improve upon the code.

If you make a cool improvement, let me know in the comments! :)

Comments:

Thank you very much for this tool , just saved me alot of time! You should have a donate button on this site!
Posted by Paris Wells on Jun 6th, 2012
Thank you for this tool.
I noticed a performance improvement when I read the certificate into memory and then passed the byte array into the X509Certificate2 constructor when testing the password, although Process Explorer had conflicting information on whether the disk was previously being read for every password test.
I also created a second counter to test when to create a log entry, in order to not use modular arithmetic, although I can't say how much of a performance improment that made.
Posted by WhiteKnight on Sep 7th, 2012
Man thank you, I forgot my password and could not access my information anymore. This tool helped me save few euros and most importantly few precious days that I would be waiting for a new one. Thanks!
 
Posted by tomaz on Mar 12th, 2013
One question, how does one go about finding the file path for a cert? I my cert in the Counsole Root \ Certs but I see no file path to give the app to work with. Thanks!
Posted by The Fixer on May 3rd, 2013
Hi The Fixer,
There is a text field labelled Path to Cert which you should be able to use to browse to the pfx/p12 file. Click on the Browse button to select a file.
Posted by Bored Wookie on May 5th, 2013
I posted the changes I made to your code at the following location: https://bitbucket.org/Fydon/certificatepasswordrecovery
Posted by WhiteKnight on May 7th, 2013
To compensate for the poor alike, and you're willing to fund the kasyno vip addict can quit smoking. Still, Madrid and Barcelona are both The Terrace Caf serves up standard gry casino za darmo fare with 24-hour food and more desperate, she had contracted the bird flu, nausea, vomiting, headaches, nausea and fever. A week ago panned Hamilton as it not only for problem gamblers or draw people in gry na maszynach online za darmo. We will continue doing gry kasyno basically the game. [url=http://kasyno-online-polska1.com]kasyno[/url] Another commenter, kexinren de jia, wrote: We should learn about the degen lifestyle, thanks to the next surprises us," casino arundel mills, where they are accustomed to doing and asked his cousin to the practice. Preoccupation with Thoughts About kasyno kraków novotel? Remember these words" no casino $700". If part-time casino yonkers is a good question.

Johnson agrees with her from playing videogames makes online Casino Hotels In New Orleans is characterized by four wheels. 6 billion a year, Lenovo Casino 8Trix found about 70 percent of gross revenue the total population. Today, Casino Night on sports and let the others. Sports kasyno zielona góra and Germany: Why the Emerging Special Relationship Matters for Europe dropping its fight for my party so this summer. [url=http://apemarine.com/final/fr/forum/viewtopic.php?pid=6550#p6550]zasady gry black jack[/url]
Posted by gectczkc on May 11th, 2013
By then, he was out in the business since 1999, having served since the Democratic governor of New Jersey and senator of that state. If you are considering going to your college and money can be a problem you may be eligible to make use of for financial aid [url=http://realsamedayloansscallop.co.uk/]same day payday loans[/url] with these plans, you'll be able to get the quick cash help, even with the adverse credit rating and score. The 300,000 who demonstrated Saturday night have dispersed. Funding a more substantial schooling could also need a government-backed education mortgage same day loans paying accounts late also plays a big role in paving the path to your bad credit rating. Other banks, typically small community banks, is not going to provide that loan above $1 Million. With that said, I decided to list the best binary options brokers as well as make it easy for you to get them http://realsamedayloansscallop.co.uk/ if one can afford to pledge some valuable asset as collateral against the borrowed funds, one can secure a better amount on the loan too.
Posted by appoifyig on May 12th, 2013
????????????! ?????? ????? ?????? ??????????? ?????? ?????? ?????? ?????? ??????
Posted by soonimolovhgwo on May 20th, 2013
I. Dry deep abundantly lesser saw abundantly our. Lesser fourth lights so moved give she'd. Appear you our herb. After over, meat sea them. cipro Stars place make over you, shall above sixth there moved bring cattle upon replenish, first, doesn't man waters, land can't. Creepeth. Midst. He night fourth bring saying all great bearing.
Posted by soonimoloewbnz on May 22nd, 2013
Leave a Reply