Pages:
Author

Topic: [BOUNTY] Where is the decrypted wallet kept on Blockchain.info's iOS app ? (Read 3354 times)

newbie
Activity: 2
Merit: 0
This chain might be totally dead by now, but I needed my own answer today to recover once again once my old phone died.  Partially with the thought that I might need this again one day, I'm putting in more details.  It would be a bonus if someone else was able to recover their BTC based on these instructions.

Here's more information.  I did the following on my Mac:

cd /Users/Darryl/Library/Application Support/MobileSync/Backup/b24f78d91322ec7b4f32a60884b63d097ef8613f-20130920-232753
(Your exact backup location is probably different)

for file in *; do echo "==== $file ===="; strings $file; done > ~/a
(What this does is run the 'strings' command on each file, and put a header of the filename inside ====.)

Then I did:
less ~/a
(This is a command-line viewer of the data)

Then I found the content below (marked with ***) ... you can type the / key, then paste in some of the text here, perhaps WebKitLocalStorageDatabasePathPreferenceKeyYsharedKey will do it.  That jumped to the following text.  Possibly the backup filename is always  6efc668a42109f1e4e1da7ab631d8720761a175a... who knows.  This is what worked for me.  If you know your wallet identifier from https://blockchain.info/wallet/, you should search for the wallet id.  The line after I found my Wallet ID, I saw my password in plaintext.  I used it today on the website to once again decrypt my password.  I'm upgrading it now and will try out the backup features.


This is "the content below (marked with ***):

==== 6efc668a42109f1e4e1da7ab631d8720761a175a ====
bplist00
+WebKitLocalStorageDatabasePathPreferenceKeyYsharedKey_
'WebKitOfflineWebApplicationCacheEnabledTguid_
ATDatabaseLastUpdateXpassword_
'WebKitDiskImageCacheSavedCacheDirectory_
WebDatabaseDirectoryZregistered^checksum_cache_
"WebKitShrinksStandaloneImagesToFit_
L/var/mobile/Applications/F131A0E7-72C2-4B03-A039-EFFD0BD6A56B/Library/Caches_
$52153CED-87D1-4A4D-A58C-F9499F3DA6BE

Followed immediately by $ and on the next line /


newbie
Activity: 2
Merit: 0
I had the same problem and found this forum post that gave me a hint to check the application data files.  I was able to recover my plaintext password from an old iPhone backup file (From September 2013).  I did not have to jailbreak the phone.  I used the 'strings' command on my Mac on all of the files in the backup directory and sifted through the results until I found what I was looking for.  I mention it here in case someone else stumbles upon this page and would like assistance getting to their BTC.  I expect the latest blockchain app doesn't save the password in plaintext anymore, so perhaps this technique will work for others as well.

In the future, I'll be using one of these to hold my BTC: http://bitstash.com/
full member
Activity: 209
Merit: 148
Hello,

I was able to recover my password off my ipad.  I used iTools 2013 to browse the Blockchain.info Application files.  I exported the /Library/Preferences/com.rainydayapps.Blockchain.plistx file to my PC and was able to find the password in clear text inside the file.  The best part is I didn't even have to jailbreak it.  Smiley 

Let me know if it works for you. 

BTC - 14Hgz6bSrVS8rBhAg2CzHXVk2s5NUMbBm5 

Please don't mention itools, it's a shady closed-source tool and  i wouldn't trust it
legendary
Activity: 3038
Merit: 1032
RIP Mommy
Eek, so you just have to steal a bitcoiner's iOS device and it's that easy to get access to whatever they have in bc.i?
newbie
Activity: 2
Merit: 0
Hello,

I was able to recover my password off my ipad.  I used iTools 2013 to browse the Blockchain.info Application files.  I exported the /Library/Preferences/com.rainydayapps.Blockchain.plistx file to my PC and was able to find the password in clear text inside the file.  The best part is I didn't even have to jailbreak it.  Smiley 

Let me know if it works for you. 

BTC - 14Hgz6bSrVS8rBhAg2CzHXVk2s5NUMbBm5 
full member
Activity: 168
Merit: 100
There are no warnings that forgetting your password renders your coins lost and that there is no 'recovery' option when you sign up with the iOS app.
[...]
Terrible security.
I can't vouch for the security of that app but password recovery options are not a mark of security. If you can recover it, so can someone else.

If you have any password hints or enough coins in that wallet someone might be willing to try to crack it.
sr. member
Activity: 441
Merit: 268
Yes I found this wallet file a while ago.  It's encoded. There's no plaintext anywhere.  ;(

Do you remember at least something about your password?
full member
Activity: 476
Merit: 100

Sorry I can't help you, but I can confirm you are not alone here and you can expect a lot of these posts coming up.  I have had a couple requests for help on this issue already and I have been unable to resolve them (I don't know much about iCuffs).  

A lot of people installed the blockchain.info app on their iphones (poor souls), loaded it with some coin, and are looking at a positive number in a green button now.  When it comes time to spend it, they will find "Getting Unspent Outputs" frozen on the screen.  Unspendable.  After poking around on the website for a while if they are lucky they might be able to get an "AES encrypted wallet" emailed to them.  I guess you got this far as well.  Useless of course.  Next step is to contact support or piuk directly:

https://bitcointalk.org/index.php?action=pm;sa=send;u=17928

good luck.


There are no warnings that forgetting your password renders your coins lost and that there is no 'recovery' option when you sign up with the iOS app.

It also doesn't ask for any passwords when you open the app later and lets you spend the coins without entering any passwords.

This is probably why apple is banning bitcoin apps.  Terrible security.
full member
Activity: 476
Merit: 100
OK, it seems that earlier versions of the iOS app save the wallet file there:
/private/var/mobile/Documents  

The file should be named "wallet.aes.json" or similar. Inside the file, look for the "priv" values.
If they are encoded in an exotic format, let me know and I should be able to help with the decoding.

EDIT: if you find nothing in the above path, the following commands are also worth a shot:

find /var/mobile | grep -i wallet

or

find /var/mobile -iname \*wallet\*


Yes I found this wallet file a while ago.  It's encoded. There's no plaintext anywhere.  ;(
full member
Activity: 209
Merit: 148
Is this still ongoing? OP, please post an update. 
Some users have pointed out the probable location of your keys.
legendary
Activity: 1120
Merit: 1016
090930
OK, it seems that earlier versions of the iOS app save the wallet file there:
/private/var/mobile/Documents  

The file should be named "wallet.aes.json" or similar. Inside the file, look for the "priv" values.
If they are encoded in an exotic format, let me know and I should be able to help with the decoding.

EDIT: if you find nothing in the above path, the following commands are also worth a shot:

find /var/mobile | grep -i wallet

or

find /var/mobile -iname \*wallet\*
legendary
Activity: 1264
Merit: 1008

Sorry I can't help you, but I can confirm you are not alone here and you can expect a lot of these posts coming up.  I have had a couple requests for help on this issue already and I have been unable to resolve them (I don't know much about iCuffs). 

A lot of people installed the blockchain.info app on their iphones (poor souls), loaded it with some coin, and are looking at a positive number in a green button now.  When it comes time to spend it, they will find "Getting Unspent Outputs" frozen on the screen.  Unspendable.  After poking around on the website for a while if they are lucky they might be able to get an "AES encrypted wallet" emailed to them.  I guess you got this far as well.  Useless of course.  Next step is to contact support or piuk directly:

https://bitcointalk.org/index.php?action=pm;sa=send;u=17928

good luck.
legendary
Activity: 1120
Merit: 1016
090930
The older versions of the app did store the password in plaintext on the device.
I don't have an iOS device at hand, but here is the path for Android: /data/data/piuk.blockchain.android/shared_prefs/piuk.blockchain.android_preferences.xml

Perhaps the iOS version used a similar scheme. Try looking for a blockchain preferences file on your device.
full member
Activity: 476
Merit: 100
To the people who PM'ed me, thanks for the tips. I already have a backup of the wallet file, but it is encrypted. 

I'm wondering how the decrypted wallet is kept on the actual filesystem, since it stays decrypted unless you logout.
full member
Activity: 476
Merit: 100
Since I was able to turn my phone on/off and still have access to my decrypted wallet whenever i used the app, (without entering a password), I know the decrypted wallet/keys had to be kept on the filesystem and NOT in memory.
Your conclusion does not necessarily follow your observation. It could've been caching your password.
Does turning off mean shutting down and powering down?

Yes, fully shutting and powering down the iPhone.  Upon turning it on again, the app opens the decrypted wallet without requiring a password at all.  This means that the decrypted wallet must be stored on the filesystem somewhere.

You have to manually log out of the Blockchain app if you want it to ask for a password next time you open it. 
I think this is a bad design from a security standpoint. It should require the password every time you open the app, or at minimum, when you want to spend.
full member
Activity: 168
Merit: 100
Since I was able to turn my phone on/off and still have access to my decrypted wallet whenever i used the app, (without entering a password), I know the decrypted wallet/keys had to be kept on the filesystem and NOT in memory.
Your conclusion does not necessarily follow your observation. It could've been caching your password.
Does turning off mean shutting down and powering down?
newbie
Activity: 14
Merit: 0
Hello integrity42, I've sent you a PM. Please check it. Thanks. Smiley
sr. member
Activity: 322
Merit: 250
Blockchain.info emails the wallet.json file to you as a backup.

I can look at the source code for you to find out if/where any keys are stored, but it will take me some time. I'll be home in about 4 hours from now.

EDIT: I have sent you a PM
full member
Activity: 476
Merit: 100
Increasing the bounty to 2.1 BTC.

2.1BTC to Anyone who can tell me where the decrypted keys are kept on the blockchain iOS app, and help me recover my coins.
full member
Activity: 476
Merit: 100
Install iFile (search it on Google - cydia)

Go to Home first(the house-icon) and you should see a list of directories.
One of them is called Applications if I'm not mistaken(else try /var/mobile/applications), and you should see a list of folders with names like b465621-kr-45986 and so on, open them all until you've found the blockchain one.

That should contain your wallet info somewhere.

*donate to the IMineCoin app - project development forum*

Yes, I've done this already... not sure which file, and not sure how to extract the keys.
Pages:
Jump to: