[BOUNTY] Where is the decrypted wallet kept on Blockchain.info's iOS app ?

[integrity42]

Back in 2012 I had the Blockchain.info iOS wallet installed from the korean store.

It asked me for a password the first time I used it, and then it stayed PAIRED with the blockchain servers for months.

Since I was able to turn my phone on/off and still have access to my decrypted wallet whenever i used the app, (without entering a password), I know the decrypted wallet/keys had to be kept on the filesystem and NOT in memory.

Do you know what file that would be in?   I have a 1BTC bounty available for anyone who can help me recover the private keys to my wallet.

One day the blockchain.info server was down, the device de-paired itself and asked me for the password, which I forgot because I never used it for months and stupidly left BTC in there not realizing that it had to be decrypted by connecting to the server.

If you can help please let me know.

(I have a jailbroken app and full access to the file system, so If you could tell me where the decryted key was kept perhaps i can find it on the filesystem?)

Thanks!

[1715037077]

1715037077

[1715037077]

1715037077

[1715037077]

1715037077

[MrBr1ghtSide]

Install iFile (search it on Google - cydia)

Go to Home first(the house-icon) and you should see a list of directories.
One of them is called Applications if I'm not mistaken(else try /var/mobile/applications), and you should see a list of folders with names like b465621-kr-45986 and so on, open them all until you've found the blockchain one.

That should contain your wallet info somewhere.

*donate to the IMineCoin app - project development forum*

[integrity42]

Install iFile (search it on Google - cydia)

Go to Home first(the house-icon) and you should see a list of directories.
One of them is called Applications if I'm not mistaken(else try /var/mobile/applications), and you should see a list of folders with names like b465621-kr-45986 and so on, open them all until you've found the blockchain one.

That should contain your wallet info somewhere.

*donate to the IMineCoin app - project development forum*

Yes, I've done this already... not sure which file, and not sure how to extract the keys.

[integrity42]

Increasing the bounty to 2.1 BTC.

2.1BTC to Anyone who can tell me where the decrypted keys are kept on the blockchain iOS app, and help me recover my coins.

[Martijnvdc]

Blockchain.info emails the wallet.json file to you as a backup.

I can look at the source code for you to find out if/where any keys are stored, but it will take me some time. I'll be home in about 4 hours from now.

EDIT: I have sent you a PM

[reCrypto]

Hello integrity42, I've sent you a PM. Please check it. Thanks.

[kaito]

Since I was able to turn my phone on/off and still have access to my decrypted wallet whenever i used the app, (without entering a password), I know the decrypted wallet/keys had to be kept on the filesystem and NOT in memory.

Your conclusion does not necessarily follow your observation. It could've been caching your password.
Does turning off mean shutting down and powering down?

[integrity42]

Since I was able to turn my phone on/off and still have access to my decrypted wallet whenever i used the app, (without entering a password), I know the decrypted wallet/keys had to be kept on the filesystem and NOT in memory.

Your conclusion does not necessarily follow your observation. It could've been caching your password.
Does turning off mean shutting down and powering down?

Yes, fully shutting and powering down the iPhone.  Upon turning it on again, the app opens the decrypted wallet without requiring a password at all.  This means that the decrypted wallet must be stored on the filesystem somewhere.

You have to manually log out of the Blockchain app if you want it to ask for a password next time you open it. 
I think this is a bad design from a security standpoint. It should require the password every time you open the app, or at minimum, when you want to spend.

[integrity42]

To the people who PM'ed me, thanks for the tips. I already have a backup of the wallet file, but it is encrypted. 

I'm wondering how the decrypted wallet is kept on the actual filesystem, since it stays decrypted unless you logout.

[flatfly]

The older versions of the app did store the password in plaintext on the device.
I don't have an iOS device at hand, but here is the path for Android: /data/data/piuk.blockchain.android/shared_prefs/piuk.blockchain.android_preferences.xml

Perhaps the iOS version used a similar scheme. Try looking for a blockchain preferences file on your device.

[hashman]

Sorry I can't help you, but I can confirm you are not alone here and you can expect a lot of these posts coming up.  I have had a couple requests for help on this issue already and I have been unable to resolve them (I don't know much about iCuffs). 

A lot of people installed the blockchain.info app on their iphones (poor souls), loaded it with some coin, and are looking at a positive number in a green button now.  When it comes time to spend it, they will find "Getting Unspent Outputs" frozen on the screen.  Unspendable.  After poking around on the website for a while if they are lucky they might be able to get an "AES encrypted wallet" emailed to them.  I guess you got this far as well.  Useless of course.  Next step is to contact support or piuk directly:

https://bitcointalk.org/index.php?action=pm;sa=send;u=17928

good luck.

[flatfly]

OK, it seems that earlier versions of the iOS app save the wallet file there:
/private/var/mobile/Documents  

The file should be named "wallet.aes.json" or similar. Inside the file, look for the "priv" values.
If they are encoded in an exotic format, let me know and I should be able to help with the decoding.

EDIT: if you find nothing in the above path, the following commands are also worth a shot:

find /var/mobile | grep -i wallet

or

find /var/mobile -iname \*wallet\*

[RoxxR]

Is this still ongoing? OP, please post an update. 
Some users have pointed out the probable location of your keys.

[integrity42]

OK, it seems that earlier versions of the iOS app save the wallet file there:
/private/var/mobile/Documents  

The file should be named "wallet.aes.json" or similar. Inside the file, look for the "priv" values.
If they are encoded in an exotic format, let me know and I should be able to help with the decoding.

EDIT: if you find nothing in the above path, the following commands are also worth a shot:

find /var/mobile | grep -i wallet

or

find /var/mobile -iname \*wallet\*

Yes I found this wallet file a while ago.  It's encoded. There's no plaintext anywhere.  ;(

[integrity42]

Sorry I can't help you, but I can confirm you are not alone here and you can expect a lot of these posts coming up.  I have had a couple requests for help on this issue already and I have been unable to resolve them (I don't know much about iCuffs).  

A lot of people installed the blockchain.info app on their iphones (poor souls), loaded it with some coin, and are looking at a positive number in a green button now.  When it comes time to spend it, they will find "Getting Unspent Outputs" frozen on the screen.  Unspendable.  After poking around on the website for a while if they are lucky they might be able to get an "AES encrypted wallet" emailed to them.  I guess you got this far as well.  Useless of course.  Next step is to contact support or piuk directly:

https://bitcointalk.org/index.php?action=pm;sa=send;u=17928

good luck.

There are no warnings that forgetting your password renders your coins lost and that there is no 'recovery' option when you sign up with the iOS app.

It also doesn't ask for any passwords when you open the app later and lets you spend the coins without entering any passwords.

This is probably why apple is banning bitcoin apps.  Terrible security.

[stick]

Yes I found this wallet file a while ago.  It's encoded. There's no plaintext anywhere.  ;(

Do you remember at least something about your password?

[kaito]

There are no warnings that forgetting your password renders your coins lost and that there is no 'recovery' option when you sign up with the iOS app.
[...]
Terrible security.

I can't vouch for the security of that app but password recovery options are not a mark of security. If you can recover it, so can someone else.

If you have any password hints or enough coins in that wallet someone might be willing to try to crack it.

[LIY2012]

Hello,

I was able to recover my password off my ipad.  I used iTools 2013 to browse the Blockchain.info Application files.  I exported the /Library/Preferences/com.rainydayapps.Blockchain.plistx file to my PC and was able to find the password in clear text inside the file.  The best part is I didn't even have to jailbreak it.   

Let me know if it works for you. 

BTC - 14Hgz6bSrVS8rBhAg2CzHXVk2s5NUMbBm5 

[TheButterZone]

Eek, so you just have to steal a bitcoiner's iOS device and it's that easy to get access to whatever they have in bc.i?

[RoxxR]

Hello,

I was able to recover my password off my ipad.  I used iTools 2013 to browse the Blockchain.info Application files.  I exported the /Library/Preferences/com.rainydayapps.Blockchain.plistx file to my PC and was able to find the password in clear text inside the file.  The best part is I didn't even have to jailbreak it.   

Let me know if it works for you. 

BTC - 14Hgz6bSrVS8rBhAg2CzHXVk2s5NUMbBm5 

Please don't mention itools, it's a shady closed-source tool and  i wouldn't trust it