lost password on blockchain.info wallet

[findftp]

a friend of mine can't access his wallet anymore.
The passwords are not accepted. He probably forgot his password.
He probably used an easy password as well.
But he hasn't got a backup of the wallet, but he does have the identifier.

Does the identifier represent the encrypted private key?
If so, knowing the public key as well, I can try to brute force the password or am I missing something?
The wallet contains 0.22 BTC

[1714821394]

1714821394

[1714821394]

1714821394

[Josepht]

The website says that when you forget your password, you'll lose all your stored bitcoins.

Edit: I don't think that the identifier represents the encrypted private key.
If that was the case, anyone who knew the identifier could bruteforce it.

Edit 2: I don't think that the public key has anything to do with the blockchain password.

[PolarPoint]

The identifier is the filename of your wallet, your identifier do not change when you change your wallet password. The wallet file is encrypted with your password. You forget your password, you loose your coins. Blockchain.info can't reset it for you.

[findftp]

The identifier is the filename of your wallet, your identifier do not change when you change your wallet password. The wallet file is encrypted with your password. You forget your password, you loose your coins. Blockchain.info can't reset it for you.

He has got an iphone.
Where could the wallet be stored in an iphone?
Where is the wallet stored when accessing the wallet through a browser in windows?

I know blockchain can't reset the password. I'm looking for the wallet file.

[DannyHamilton]

a friend of mine can't access his wallet anymore.
The passwords are not accepted. He probably forgot his password.

This is not good.  The wallet cannot be accessed without discovering the correct password.

He probably used an easy password as well.

This helps. As long as the password is "easy" enough, you may be able to brute-force it.

But he hasn't got a backup of the wallet, but he does have the identifier.

As long as you are certain that you have the correct identifier, you shouldn't need a backup of the wallet.  If you don't have the correct identifier, you'll either need a backup or you'll need to figure out what the correct identifier is.

Does the identifier represent the encrypted private key?

No.  The identifier is a unique identifier created by blockchain.info.  It is a reference into their database indicating where the encrypted wallet is stored on their system.

If so, knowing the public key as well, I can try to brute force the password or am I missing something?
The wallet contains 0.22 BTC

To brute-force the password, you'll need to know as much as possible about what the password is likely to be.  Then you'll need to use the identifier to get a copy of the encrypted wallet.  Then you can attempt to decrypt the wallet with the various possible passwords until you find one that successfully decrypts it.

The website says that when you forget your password, you'll lose all your stored bitcoins.

Correct.  The private keys are all encrypted with the password.  blockchain.info does not store the password.  Therefore, if you don't have the password, you cannot decrypt the private keys.

Edit: I don't think that the identifier represents the encrypted private key.

Correct.  The identifier is just information for blockchain.info telling them where on their system they have stored the encrypted wallet.

Edit 2
: I don't think that the public key has anything to do with the blockchain password.

Correct.

He has got an iphone.
Where could the wallet be stored in an iphone?

I'm not sure if they store a copy of the wallet on the phone.  Regardless, as long as you have the identifier you should be able to get the wallet from blockchain.info

Where is the wallet stored when accessing the wallet through a browser in windows?

blockchain.info stores it in their database.  They send a copy to your browser when you supply the identifier.

[findftp]

If so, knowing the public key as well, I can try to brute force the password or am I missing something?
The wallet contains 0.22 BTC

To brute-force the password, you'll need to know as much as possible about what the password is likely to be.  Then you'll need to use the identifier to get a copy of the encrypted wallet.  Then you can attempt to decrypt the wallet with the various possible passwords until you find one that successfully decrypts it.

Do you happen to know the encryption method used to encrypt the wallet?
edit: it is aes, just found out.

Where is the wallet stored when accessing the wallet through a browser in windows?

blockchain.info stores it in their database.  They send a copy to your browser when you supply the identifier.

So I fill in the identifier and look in my browser cache?
edit: if I save the page, I see a lot of stuff, but not a file called "wallet.aes.json"

Thanks for the detailed answer btw.

[findftp]

The wallet is probably somewhere hidden in these lines of code

Code:

    <script type="text/javascript" src="/Resources/wallet/bitcoinjs.min.js?sdffsdfdsfssd"></script>
    <script type="text/javascript" src="/Resources/wallet/blockchainapi.min.js?dsgsdgsdgfsd"></script>
    <script type="text/javascript" src="/Resources/wallet/wallet.min.js?4b4sdgsgdsgfs"></script>

[btchris]

I thought I might be able to help out a little bit here...

To download the (encrypted) wallet from blockchain.info, run this from the command line (Linux or Windows, but for Windows you need to install Python 2.x first).

Code:

python -c "import urllib2,json;f=urllib2.urlopen('https://blockchain.info/wallet/9bb4c672-563e-4806-9012-a3e8f86a0eca?format=json');print json.loads(f.read())['payload']" > wallet.json.aes

(Obviously you'll need to change the UUID to match yours first.)

For brute-forcing the password, I'd recommend one of two options.

If the downloaded file doesn't start with these two characters: {" , and if you've created or modified (e.g. added new receiving addresses) to it at sometime after March, 2012 (when the wallet format changed again), and if you're on (or have easy access to) Linux and are comfortable compiling software, then I'd recommend John the Ripper ("bleeding-jumbo" version). It's faster than the alternative (and much faster with a GPU).

Otherwise, I'd recommend btcrecover (course I'm biased since I'm the dev of that one...). It supports some blockchain.info wallet formats that JtR doesn't, and it's easier to set up (no compilation necessary), especially on Windows. The Quick Start is available here: https://github.com/gurnec/btcrecover/blob/master/TUTORIAL.md#btcrecover-tutorial. Let me know if you have any questions about it...

[findftp]

I thought I might be able to help out a little bit here...

To download the (encrypted) wallet from blockchain.info, run this from the command line (Linux or Windows, but for Windows you need to install Python 2.x first).

Code:

python -c "import urllib2,json;f=urllib2.urlopen('https://blockchain.info/wallet/9bb4c672-563e-4806-9012-a3e8f86a0eca?format=json');print json.loads(f.read())['payload']" > wallet.json.aes

(Obviously you'll need to change the UUID to match yours first.)

Thank you very much! This is very helpful

For brute-forcing the password, I'd recommend one of two options.

If the downloaded file doesn't start with these two characters: {" , and if you've created or modified (e.g. added new receiving addresses) to it at sometime after March, 2012 (when the wallet format changed again), and if you're on (or have easy access to) Linux and are comfortable compiling software, then I'd recommend John the Ripper ("bleeding-jumbo" version). It's faster than the alternative (and much faster with a GPU).

Otherwise, I'd recommend btcrecover (course I'm biased since I'm the dev of that one...). It supports some blockchain.info wallet formats that JtR doesn't, and it's easier to set up (no compilation necessary), especially on Windows. The Quick Start is available here: https://github.com/gurnec/btcrecover/blob/master/TUTORIAL.md#btcrecover-tutorial. Let me know if you have any questions about it...

I will go for John the Ripper first. I'm on linux as well as windows.
I don't have much compilation experience but I did it a few times in the past. Last time I had to do it with vanitygen which worked out well.
Otherwise I will try the btcrecover method.

Thank you very much for your help, I hope I'm able to recover the wallet.
I asked my friend if there is a bounty, if so, you'll get 50% of my bounty if I'm successful

[snarlpill]

I happened to come across this thread about an hour ago randomly and I think it might be perfect timing for you and your friend to get some help in a safe & secure way by a trusted member. Good luck to you guys I hope you are able to regain access to your wallet.

[findftp]

I happened to come across this thread about an hour ago randomly and I think it might be perfect timing for you and your friend to get some help in a safe & secure way by a trusted member. Good luck to you guys I hope you are able to regain access to your wallet.

Great find!
I might consider using this service when I'm not able to bruteforce it myself.

Thanks.

[findftp]

If the downloaded file doesn't start with these two characters: {" , and if you've created or modified (e.g. added new receiving addresses) to it at sometime after March, 2012 (when the wallet format changed again), and if you're on (or have easy access to) Linux and are comfortable compiling software, then I'd recommend John the Ripper ("bleeding-jumbo" version). It's faster than the alternative (and much faster with a GPU).

So I got this up and running and was able to crack a zip file which I encrypted with a simple password.
I was amazed to see how quick the password was cracked.
First I had to extract the password hash from the encrypted zip file and then I had to do "./john zip.hash"

But how do I extract the password hash from the "wallet.aes.json"?
edit: now downloading bleeding version, I saw something about blockchain2john, might be it.
edit2: definitely it! I'm now trying to bruteforce his wallet I might try it first with my own test wallet and some tokens to see if it is really succesful

Otherwise, I'd recommend btcrecover (course I'm biased since I'm the dev of that one...). It supports some blockchain.info wallet formats that JtR doesn't, and it's easier to set up (no compilation necessary), especially on Windows. The Quick Start is available here: https://github.com/gurnec/btcrecover/blob/master/TUTORIAL.md#btcrecover-tutorial. Let me know if you have any questions about it...

I also managed to have this tool up and running. I made myself a new blockchain wallet with a password like "house23tree1"
It took 30 seconds to crack the wallet. I made a token file with about 7 words and numbers.
Very nice tool if you know all contents of a password, but not exactly what came first and last.
As far as I can see I was not able to bruteforce any unknown characters. You really should put everything into the token file

[btchris]

So I got this up and running and was able to crack a zip file which I encrypted with a simple password.
I was amazed to see how quick the password was cracked.
First I had to extract the password hash from the encrypted zip file and then I had to do "./john zip.hash"

But how do I extract the password hash from the "wallet.aes.json"?
edit: now downloading bleeding version, I saw something about blockchain2john, might be it.

Yup, that's the one. I don't know if you've finished compiling the bleeding version yet, but it might be worth getting an OpenCL or Cuda version compiled and working, it runs around 8ish times faster than the CPU-only version (and FYI CPU-only JtR runs about 6 times faster than btcrecover with Python 2.7.8+).

I also managed to have this tool up and running. I made myself a new blockchain wallet with a password like "house23tree1"
It took 30 seconds to crack the wallet. I made a token file with about 7 words and numbers.
Very nice tool if you know all contents of a password, but not exactly what came first and last.
As far as I can see I was not able to bruteforce any unknown characters. You really should put everything into the token file

What do you mean by "bruteforce any unknown characters"?

[findftp]

So I got this up and running and was able to crack a zip file which I encrypted with a simple password.
I was amazed to see how quick the password was cracked.
First I had to extract the password hash from the encrypted zip file and then I had to do "./john zip.hash"

But how do I extract the password hash from the "wallet.aes.json"?
edit: now downloading bleeding version, I saw something about blockchain2john, might be it.

Yup, that's the one. I don't know if you've finished compiling the bleeding version yet,

Yes, it's already bruteforcing a "wallet.aes.json" file without wordlist. It seems to work, no success with the password yet (just testing on a slow laptop)

but it might be worth getting an OpenCL or Cuda version compiled and working, it runs around 8ish times faster than the CPU-only version (and FYI CPU-only JtR runs about 6 times faster than btcrecover with Python 2.7.8+).

It seems that no special effort should be done to compile for OpenCL or Cuda. Am I right?
The install file says:

Code:

./configure should find and enable any extra stuff you have, including OMP,
OpenCL, CUDA and extra libraries mentioned above.

I also managed to have this tool up and running. I made myself a new blockchain wallet with a password like "house23tree1"
It took 30 seconds to crack the wallet. I made a token file with about 7 words and numbers.
Very nice tool if you know all contents of a password, but not exactly what came first and last.
As far as I can see I was not able to bruteforce any unknown characters. You really should put everything into the token file

What do you mean by "bruteforce any unknown characters"?

Well, I mean if you know that the password contains "house" and "tree" and 2 or 5 other characters/numbers. Is it still possible to bruteforce through all these options?
Like
housetree11111
housetree11112
housetree11113

[btchris]

, I mean if you know that the password contains "house" and "tree" and 2 or 5 other characters/numbers. Is it still possible to bruteforce through all these options?
Like
housetree11111
housetree11112
housetree11113

Sure, here's a token file:

Code:

house
tree
%2,5d

That third token becomes all combinations of numeric digits, between 2 and 5 digits long, and can appear in the beginning, end, or between the other two tokens. It's described here in the tutorial: https://github.com/gurnec/btcrecover/blob/master/TUTORIAL.md#expanding-wildcards

If you'd like to restrict that wildcard token to the end, you'd use this:

Code:

house
tree
%2,5d$

That "$" forces it to be at the end (if present at all, it doesn't make the token required in every try). That feature is described here: https://github.com/gurnec/btcrecover/blob/master/TUTORIAL.md#anchors

[findftp]

, I mean if you know that the password contains "house" and "tree" and 2 or 5 other characters/numbers. Is it still possible to bruteforce through all these options?
Like
housetree11111
housetree11112
housetree11113

Sure, here's a token file:

Code:

house
tree
%2,5d

That third token becomes all combinations of numeric digits, between 2 and 5 digits long, and can appear in the beginning, end, or between the other two tokens. It's described here in the tutorial: https://github.com/gurnec/btcrecover/blob/master/TUTORIAL.md#expanding-wildcards

If you'd like to restrict that wildcard token to the end, you'd use this:

Code:

house
tree
%2,5d$

That "$" forces it to be at the end (if present at all, it doesn't make the token required in every try). That feature is described here: https://github.com/gurnec/btcrecover/blob/master/TUTORIAL.md#anchors

Well, I should have read better! Since english is not my native language and there was a lot of text I did not read everything (yet)
Also due to the fact I could not wait to begin testing

I'm trying to use a wordlist with JtR but I can't really get it to work.
My hash file looks good, I extracted the hash from a blockchain.info wallet with the tool called blockchain2john.
The password is something like house1tree2
I made a wordlist.txt

Code:

house
1
tree
2
car
3

But when I run john with:

Code:

./john --wordlist=../../wordlist.txt --rules ../../wallet.hash

I get:

Code:

Loaded 1 password hash (Blockchain, My Wallet [PBKDF2-SHA1 AES 4x SSE2])
Will run 2 OpenMP threads
Note: This format may emit false positives, so it will keep trying even after
finding a possible candidate.
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:00 DONE (2014-10-09 23:13) 0g/s 536.6p/s 536.6c/s 536.6C/s Caring
Session completed

Then I do:

Code:

./john --show ../../wallet.hash

and get:

Code:

0 password hashes cracked, 1 left

What's wrong? All the words are in the wordslist.

By the way, there is a small error in the code you gave earlier.

Code:

python -c "import urllib2,json;f=urllib2.urlopen('https://blockchain.info/wallet/9bb4c672-563e-4806-9012-a3e8f86a0eca?format=json');print json.loads(f.read())['payload']" > wallet.json.aes

should be:

Code:

python -c "import urllib2,json;f=urllib2.urlopen('https://blockchain.info/wallet/9bb4c672-563e-4806-9012-a3e8f86a0eca?format=json');print json.loads(f.read())['payload']" > wallet.aes.json

(wallet extension changed from json.aes to aes.json)

[btchris]

Well, I should have read better! Since english is not my native language and there was a lot of text I did not read everything (yet)
Also due to the fact I could not wait to begin testing

Wait, you're not a native English speaker?? Your English is much better than many (most?) native speakers I've seen on this board...

I'm trying to use a wordlist with JtR but I can't really get it to work.
My hash file looks good, I extracted the hash from a blockchain.info wallet with the tool called blockchain2john.
The password is something like house1tree2
I made a wordlist.txt

Code:

house
1
tree
2
car
3

...

Sorry, I actually don't know that much about JtR... but I think that the --wordlist option just takes the input file and uses each line as a single password, so nothing at all like btcrecover's token file. JtR can make all sorts of alterations to each line, but I don't know much about making JtR construct whole passwords the way btcrecover does.

You can however use both programs together: you can run btcrecover with the --listpass option (and with no --wallet), and it will generate and output whole passwords to test, one per line, and then you can use JtR (with it's better cracking speed) to actually try the passwords. I imagine there's a way for JtR to accept passwords directly from it's stdin, so you could pipe the output of btcrecover directly to JtR, e.g.

Code:

btcrecover.py --token tokens.txt --listpass | john --options...

By the way, there is a small error in the code you gave earlier.
...

Oops, my mistake, thanks.

[EsaEzekiel]

that's easy, because blockchain is a online wallet and owned by blockchain, you only need to prove that the wallet is really belong to yours , and then they will help you deal with it.

[DannyHamilton]

that's easy, because blockchain is a online wallet and owned by blockchain, you only need to prove that the wallet is really belong to yours , and then they will help you deal with it.

Please don't just make things up if you don't know what you're talking about.

Newbies might actually believe you and waste a bunch of time on something that is impossible.

[LakeBTC]

a friend of mine can't access his wallet anymore.
The passwords are not accepted. He probably forgot his password.
He probably used an easy password as well.
But he hasn't got a backup of the wallet, but he does have the identifier.

Does the identifier represent the encrypted private key?
If so, knowing the public key as well, I can try to brute force the password or am I missing something?
The wallet contains 0.22 BTC

nobody can reset the password for you.  If you cannot find the password, you will lost those coins.

there's a constant debate between online vs offline wallets ..

[findftp]

nobody can reset the password for you.

I was not asking for it, please read.

If you cannot find the password, you will lost those coins.

Wrong. I was asking for brute forcing, there is a very good chance to get them back.

there's a constant debate between online vs offline wallets ..

Not here.

[findftp]

Wait, you're not a native English speaker?? Your English is much better than many (most?) native speakers I've seen on this board...

thnx

Sorry, I actually don't know that much about JtR... but I think that the --wordlist option just takes the input file and uses each line as a single password, so nothing at all like btcrecover's token file. JtR can make all sorts of alterations to each line, but I don't know much about making JtR construct whole passwords the way btcrecover does.

They indeed work different. I'm now experimenting with both applications.

You can however use both programs together: you can run btcrecover with the --listpass option (and with no --wallet), and it will generate and output whole passwords to test, one per line, and then you can use JtR (with it's better cracking speed) to actually try the passwords. I imagine there's a way for JtR to accept passwords directly from it's stdin, so you could pipe the output of btcrecover directly to JtR, e.g.

Code:

btcrecover.py --token tokens.txt --listpass | john --options...

Sounds like a great idea! Best of both worlds!
I'm not in a hurry and I will experiment a bit with both.
I keep you updated about the result.

[aliveonearth]

Otherwise, I'd recommend btcrecover (course I'm biased since I'm the dev of that one...).

I was able to get this going with some tinkering

firstly I just got the wallet.json.aes  data by plugging this into Firefox after changing the wallet ID 

https://blockchain.info/wallet/9bb4c672-563e-4806-9012-a3e8f86a0eca?format=json

The python orignal command just created an empty file.

What came back didn't work right away with btcrecover.
It was looking for a version tag in the json. not sure if blockchaing has changed the format again ?

I commented out the btcrecover code to read in only the json data in payload into the data.

The script then ran for about an hour but no luck.
Not sure if this is a workable approach. ?

 

[Jackson86]

if you still  have email  maybe can reset the passworld?

edit ; don't forget backup wallet forever

[robmob]

Good luck if you do find a way please let me know as I have 2 accounts with lost funds as I forgot or misplaced the password and pass phrase.

[findftp]

Otherwise, I'd recommend btcrecover (course I'm biased since I'm the dev of that one...).

I was able to get this going with some tinkering

firstly I just got the wallet.json.aes  data by plugging this into Firefox after changing the wallet ID 

https://blockchain.info/wallet/9bb4c672-563e-4806-9012-a3e8f86a0eca?format=json

The python orignal command just created an empty file.

What came back didn't work right away with btcrecover.
It was looking for a version tag in the json. not sure if blockchaing has changed the format again ?

I commented out the btcrecover code to read in only the json data in payload into the data.

The script then ran for about an hour but no luck.
Not sure if this is a workable approach. ?

 

Create a new blockchain account with a new password.
Repeat the steps you did again
See if you can crack the wallet with this new known password.
If it takes too long, make your wordlist easier.
(or just put the known new password there right away)

Just to check if your setup works.

For some reason the python script doesn't work for me anymore (on my current laptop)
urllib2 is not recognized and urllib3 gives a problem as well.

[DannyHamilton]

if you still  have email  maybe can reset the passworld?

Please don't give advice if you have no idea what you are talking about and are just making up imaginary solutions in your own mind with no understanding of how any of this works.

You'll only waste your own time and confuse the newbies.

[findftp]

I had this thread referenced for future use because I liked the console method of extracting the aes.json file from blockhain.info.
However, when I now try it, it doesn't work anymore.
I'm almost sure it worked on the same machine I'm using right now (linux mint 17)
But somehow, the command gives an error which I cannot solve.
I spend the last 1,5 hour searching for a solution but I'm probably too stupid to solve it myself.
Let's say I have other skills.

However, I would like to have this problem fixed for future use.
When I now use the command

Code:

python -c "import urllib2,json;f=urllib2.urlopen('https://blockchain.info/wallet/9bb4c672-563e-4806-9012-a3e8f86a0eca?format=json');print json.loads(f.read())['payload']" > wallet.aes.json

I get a whole bunch of errors which I did not have when this thread started.
The errors are:

Code:

Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/usr/lib/python2.7/urllib2.py", line 127, in urlopen
    return _opener.open(url, data, timeout)
  File "/usr/lib/python2.7/urllib2.py", line 410, in open
    response = meth(req, response)
  File "/usr/lib/python2.7/urllib2.py", line 523, in http_response
    'http', request, response, code, msg, hdrs)
  File "/usr/lib/python2.7/urllib2.py", line 448, in error
    return self._call_chain(*args)
  File "/usr/lib/python2.7/urllib2.py", line 382, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.7/urllib2.py", line 531, in http_error_default
    raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)
urllib2.HTTPError: HTTP Error 500: Internal Server Error

Is there someone who can help? I already tried to remove the single quote (') because I read somewhere that that might be the problem.
But then I get:

Code:

satoshi@NakaMoto ~ $ python -c "import urllib2,json;f=urllib2.urlopen(https://blockchain.info/wallet/9bb4c672-563e-4806-9012-a3e8f86a0eca?format=json);print json.loads(f.read())['payload']" > wallet.json.aes
  File "<string>", line 1
    import urllib2,json;f=urllib2.urlopen(https://blockchain.info/wallet/9bb4c672-563e-4806-9012-a3e8f86a0eca?format=json);print json.loads(f.read())['payload']
                                               ^
SyntaxError: invalid syntax

I also tried to reformat the command into python3 code which uses urllib.request instead of urllib2 but ran into a whole lot of other problems.

I just don't get it why it used to work, but now not anymore.
Probably some updated python library?

[btchris]

To both aliveonearth and findftp:

Blockchain.info has been somewhat improving their (formerly very lax) security as of late (make no mistake: this is a very welcome change!), so it's not surprising that the Python one-liner isn't working. The wallet format hasn't changed (not enough to affect btcrecover, but the defaults have changed enough to affect JtR). On the other hand they are being more strict about who(/what) can and can't download the encrypted wallet files.

If you already have a wallet.aes.json file, btcrecover will still work.

If you don't, getting the wallet.aes.json file might be more difficult (and may be impossible if you don't have access to the email address associated with the BC.i account).

I'll post back here once I have more info (probably not for a day or two though).

[masterspirit]

wow this is a bit overwhelming.. since blockchain is pretty simple to setup.. but now im reconsidering my options.

like incase if I did lose my password I would be in the same mess as this.. and im not computer savvy enough to follow this python language etc.

[findftp]

To both aliveonearth and findftp:

Blockchain.info has been somewhat improving their (formerly very lax) security as of late (make no mistake: this is a very welcome change!), so it's not surprising that the Python one-liner isn't working. The wallet format hasn't changed (not enough to affect btcrecover, but the defaults have changed enough to affect JtR). On the other hand they are being more strict about who(/what) can and can't download the encrypted wallet files.

If you already have a wallet.aes.json file, btcrecover will still work.

If you don't, getting the wallet.aes.json file might be more difficult (and may be impossible if you don't have access to the email address associated with the BC.i account).

I'll post back here once I have more info (probably not for a day or two though).

Thank you for your very helpful reply!
Now I don't have to put time into it anymore knowing that it's useless

[Ignacia]

Just the same problem,  is  there any  way to resolve my problem here...
Forgot  my blockchain password, but already import private keys to multibit.qt also I still  have Identifier, Google Authy, Recovery BTC  wallet/Passphrase.
I  only need  Password. how can I access to my account again?

[btchris]

findftp and aliveonearth:

This is certainly the ugliest python one-liner I've ever written... but here it is anyways

Code:

python -c "import os.path as p,urllib2 as u,json;n='wallet.aes.json';assert not p.exists(n),n+' exists';i=raw_input('ID: ');r='https://blockchain.info/wallet';o=u.build_opener(u.HTTPCookieProcessor());d=0;exec '''while d==0:\n try:d=json.load(o.open(r+'/%s?format=json'%i)).get('payload')\n except u.HTTPError as e:raw_input(e.read()+'\x5cn\x5cnRetry...')''';m=d or raw_input('2FA: ');d=d or o.open(r,'method=get-wallet&guid=%s&payload=%s&length=%d'%(i,m,len(m))).read();open(n,'wb').write(d)"

1. Copy and paste the one-liner into a terminal (command prompt). In Windows, you'll probably need to add "C:\Python27\" to the beginning.
2. After pressing Enter, it will ask you for your wallet ID.
3. If you have an email address associated with your account, it will display a (very long) error message which starts with this:

Code:

{"initial_error":"Authorization Required. Please check your email."

    You'll need to follow the directions in the email you receive from BC.i and click on the "Approve" button. Only after doing so, press the Enter key (at the "Retry..." prompt in the terminal window).
4. If you have two-factor authorization enabled on your account, you'll receive a prompt asking for your 2FA code. (If it's an email or an SMS 2FA, you should receive it from BC.i shortly).
5. Once the above is complete, a wallet.aes.json file will be created in the current directory (the script will fail with an error message at step 2 if such a file already exists).

Let me know if this works (or doesn't)!

[findftp]

findftp and aliveonearth:

This is certainly the ugliest python one-liner I've ever written... but here it is anyways

It's not ugly, it's genious!

Code:

python -c "import os.path as p,urllib2 as u,json;n='wallet.aes.json';assert not p.exists(n),n+' exists';i=raw_input('ID: ');r='https://blockchain.info/wallet';o=u.build_opener(u.HTTPCookieProcessor());d=0;exec '''while d==0:\n try:d=json.load(o.open(r+'/%s?format=json'%i)).get('payload')\n except u.HTTPError as e:raw_input(e.read()+'\x5cn\x5cnRetry...')''';m=d or raw_input('2FA: ');d=d or o.open(r,'method=get-wallet&guid=%s&payload=%s&length=%d'%(i,m,len(m))).read();open(n,'wb').write(d)"

1. Copy and paste the one-liner into a terminal (command prompt). In Windows, you'll probably need to add "C:\Python27\" to the beginning.
2. After pressing Enter, it will ask you for your wallet ID.
3. If you have an email address associated with your account, it will display a (very long) error message which starts with this:

Code:

{"initial_error":"Authorization Required. Please check your email."

    You'll need to follow the directions in the email you receive from BC.i and click on the "Approve" button. Only after doing so, press the Enter key (at the "Retry..." prompt in the terminal window).
4. If you have two-factor authorization enabled on your account, you'll receive a prompt asking for your 2FA code. (If it's an email or an SMS 2FA, you should receive it from BC.i shortly).
5. Once the above is complete, a wallet.aes.json file will be created in the current directory (the script will fail with an error message at step 2 if such a file already exists).

Let me know if this works (or doesn't)!

I don't have an active blockchain.info address anymore, but I tested it untill the emal part with a wallet ID posted earlier in this thread.
Since I already have the wallet of my friend I don't need it urgently but I will archive this for future purpose.
I'm still in the process of bruteforcing the wallet, but my friend not really seems to care about his 0,2 BTC because I did not hear from him anymore regarding that point.
I'll bet he'll come back when price is in 4 digits again

Thanks for the help, you'll probably help someone else with the onliner

[shadowmoon]

Better writting them in any Dairy for future Safety

[jolskeboll]

If so, knowing the public key as well, I can try to brute force the password or am I missing something?
The wallet contains 0.22 BTC

To brute-force the password, you'll need to know as much as possible about what the password is likely to be.  Then you'll need to use the identifier to get a copy of the encrypted wallet.  Then you can attempt to decrypt the wallet with the various possible passwords until you find one that successfully decrypts it.

Do you happen to know the encryption method used to encrypt the wallet?
edit: it is aes, just found out.

Where is the wallet stored when accessing the wallet through a browser in windows?

blockchain.info stores it in their database.  They send a copy to your browser when you supply the identifier.

So I fill in the identifier and look in my browser cache?
edit: if I save the page, I see a lot of stuff, but not a file called "wallet.aes.json"

Thanks for the detailed answer btw.

Just curious, but didn't you mention it was your friend that forgot the password?

[findftp]

If so, knowing the public key as well, I can try to brute force the password or am I missing something?
The wallet contains 0.22 BTC

To brute-force the password, you'll need to know as much as possible about what the password is likely to be.  Then you'll need to use the identifier to get a copy of the encrypted wallet.  Then you can attempt to decrypt the wallet with the various possible passwords until you find one that successfully decrypts it.

Do you happen to know the encryption method used to encrypt the wallet?
edit: it is aes, just found out.

Where is the wallet stored when accessing the wallet through a browser in windows?

blockchain.info stores it in their database.  They send a copy to your browser when you supply the identifier.

So I fill in the identifier and look in my browser cache?
edit: if I save the page, I see a lot of stuff, but not a file called "wallet.aes.json"

Thanks for the detailed answer btw.

Just curious, but didn't you mention it was your friend that forgot the password?

True, but he gave the identifier to me so that I could try and restore his wallet.
Now we have the wallet file but did not crack the wallet yet.
I did some testing with bruteforce software in which I was able to crack test wallets.
We did not continue with cracking his wallet because otherwise he had to compose a list with all the passwords he had every used because he was pretty sure the password should be something which is for a great part something he used before.

He'll probably think twice when the amount in his wallet is able to himself a house or something.

[jonnytracker]

the back up passphrase can recover password I think