Bitcoin Forum

Back in 2012 I had the Blockchain.info iOS wallet installed from the korean store.

It asked me for a password the first time I used it, and then it stayed PAIRED with the blockchain servers for months.

Since I was able to turn my phone on/off and still have access to my decrypted wallet whenever i used the app, (without entering a password), I know the decrypted wallet/keys had to be kept on the filesystem and NOT in memory.

Do you know what file that would be in?   I have a 1BTC bounty available for anyone who can help me recover the private keys to my wallet.

One day the blockchain.info server was down, the device de-paired itself and asked me for the password, which I forgot because I never used it for months and stupidly left BTC in there not realizing that it had to be decrypted by connecting to the server.

If you can help please let me know.

(I have a jailbroken app and full access to the file system, so If you could tell me where the decryted key was kept perhaps i can find it on the filesystem?)

Thanks!

Install iFile (search it on Google - cydia)

Go to Home first(the house-icon) and you should see a list of directories.
One of them is called Applications if I'm not mistaken(else try /var/mobile/applications), and you should see a list of folders with names like b465621-kr-45986 and so on, open them all until you've found the blockchain one.

That should contain your wallet info somewhere.

*donate to the IMineCoin app - project development forum*

Yes, I've done this already... not sure which file, and not sure how to extract the keys.

Increasing the bounty to 2.1 BTC.

2.1BTC to Anyone who can tell me where the decrypted keys are kept on the blockchain iOS app, and help me recover my coins.

Blockchain.info emails the wallet.json file to you as a backup.

I can look at the source code for you to find out if/where any keys are stored, but it will take me some time. I'll be home in about 4 hours from now.

EDIT: I have sent you a PM

Hello integrity42, I've sent you a PM. Please check it. Thanks. :)

Your conclusion does not necessarily follow your observation. It could've been caching your password.
Does turning off mean shutting down and powering down?

Yes, fully shutting and powering down the iPhone.  Upon turning it on again, the app opens the decrypted wallet without requiring a password at all.  This means that the decrypted wallet must be stored on the filesystem somewhere.

You have to manually log out of the Blockchain app if you want it to ask for a password next time you open it. 
I think this is a bad design from a security standpoint. It should require the password every time you open the app, or at minimum, when you want to spend.

To the people who PM'ed me, thanks for the tips. I already have a backup of the wallet file, but it is encrypted. 

I'm wondering how the decrypted wallet is kept on the actual filesystem, since it stays decrypted unless you logout.

The older versions of the app did store the password in plaintext on the device.
I don't have an iOS device at hand, but here is the path for Android: /data/data/piuk.blockchain.android/shared_prefs/piuk.blockchain.android_preferences.xml

Perhaps the iOS version used a similar scheme. Try looking for a blockchain preferences file on your device.

Sorry I can't help you, but I can confirm you are not alone here and you can expect a lot of these posts coming up.  I have had a couple requests for help on this issue already and I have been unable to resolve them (I don't know much about iCuffs). 

A lot of people installed the blockchain.info app on their iphones (poor souls), loaded it with some coin, and are looking at a positive number in a green button now.  When it comes time to spend it, they will find "Getting Unspent Outputs" frozen on the screen.  Unspendable.  After poking around on the website for a while if they are lucky they might be able to get an "AES encrypted wallet" emailed to them.  I guess you got this far as well.  Useless of course.  Next step is to contact support or piuk directly:

https://bitcointalk.org/index.php?action=pm;sa=send;u=17928

good luck.

OK, it seems that earlier versions of the iOS app save the wallet file there:
/private/var/mobile/Documents  

The file should be named "wallet.aes.json" or similar. Inside the file, look for the "priv" values.
If they are encoded in an exotic format, let me know and I should be able to help with the decoding.

EDIT: if you find nothing in the above path, the following commands are also worth a shot:

find /var/mobile | grep -i wallet

or

find /var/mobile -iname \*wallet\*

Is this still ongoing? OP, please post an update. 
Some users have pointed out the probable location of your keys.

Yes I found this wallet file a while ago.  It's encoded. There's no plaintext anywhere.  ;(

There are no warnings that forgetting your password renders your coins lost and that there is no 'recovery' option when you sign up with the iOS app.

It also doesn't ask for any passwords when you open the app later and lets you spend the coins without entering any passwords.

This is probably why apple is banning bitcoin apps.  Terrible security.

Do you remember at least something about your password?

I can't vouch for the security of that app but password recovery options are not a mark of security. If you can recover it, so can someone else.

If you have any password hints or enough coins in that wallet someone might be willing to try to crack it.

Hello,

I was able to recover my password off my ipad.  I used iTools 2013 to browse the Blockchain.info Application files.  I exported the /Library/Preferences/com.rainydayapps.Blockchain.plistx file to my PC and was able to find the password in clear text inside the file.  The best part is I didn't even have to jailbreak it.  :) 

Let me know if it works for you. 

BTC - 14Hgz6bSrVS8rBhAg2CzHXVk2s5NUMbBm5 

Eek, so you just have to steal a bitcoiner's iOS device and it's that easy to get access to whatever they have in bc.i?

Please don't mention itools, it's a shady closed-source tool and  i wouldn't trust it

I had the same problem and found this forum post that gave me a hint to check the application data files.  I was able to recover my plaintext password from an old iPhone backup file (From September 2013).  I did not have to jailbreak the phone.  I used the 'strings' command on my Mac on all of the files in the backup directory and sifted through the results until I found what I was looking for.  I mention it here in case someone else stumbles upon this page and would like assistance getting to their BTC.  I expect the latest blockchain app doesn't save the password in plaintext anymore, so perhaps this technique will work for others as well.

In the future, I'll be using one of these to hold my BTC: http://bitstash.com/

This chain might be totally dead by now, but I needed my own answer today to recover once again once my old phone died.  Partially with the thought that I might need this again one day, I'm putting in more details.  It would be a bonus if someone else was able to recover their BTC based on these instructions.

Here's more information.  I did the following on my Mac:

cd /Users/Darryl/Library/Application Support/MobileSync/Backup/b24f78d91322ec7b4f32a60884b63d097ef8613f-20130920-232753
(Your exact backup location is probably different)

for file in *; do echo "==== $file ===="; strings $file; done > ~/a
(What this does is run the 'strings' command on each file, and put a header of the filename inside ====.)

Then I did:
less ~/a
(This is a command-line viewer of the data)

Then I found the content below (marked with ***) ... you can type the / key, then paste in some of the text here, perhaps WebKitLocalStorageDatabasePathPreferenceKeyYsharedKey will do it.  That jumped to the following text.  Possibly the backup filename is always  6efc668a42109f1e4e1da7ab631d8720761a175a... who knows.  This is what worked for me.  If you know your wallet identifier from https://blockchain.info/wallet/<WALLET ID>, you should search for the wallet id.  The line after I found my Wallet ID, I saw my password in plaintext.  I used it today on the website to once again decrypt my password.  I'm upgrading it now and will try out the backup features.


This is "the content below (marked with ***):

==== 6efc668a42109f1e4e1da7ab631d8720761a175a ====
bplist00
+WebKitLocalStorageDatabasePathPreferenceKeyYsharedKey_
'WebKitOfflineWebApplicationCacheEnabledTguid_
ATDatabaseLastUpdateXpassword_
'WebKitDiskImageCacheSavedCacheDirectory_
WebDatabaseDirectoryZregistered^checksum_cache_
"WebKitShrinksStandaloneImagesToFit_
L/var/mobile/Applications/F131A0E7-72C2-4B03-A039-EFFD0BD6A56B/Library/Caches_
$52153CED-87D1-4A4D-A58C-F9499F3DA6BE

Followed immediately by $<WALLET ID> and on the next line /<MY UNENCRYPTED PASSWORD>