Blockchain.info strange situation

[ArnyS]

Our situation:

Account was created in September 2016 in mobile app on iPhone Use 2FA We have:

1. BCI account (wallet) ID
2. Working e-mail and connected phone number
3. Password, we sure (only digits)…
4. Remember of the wallet addresses Have NOT:
5. We haven’t save any Seed revery phrase and private keys

We make all operations with mobile app, but after on of the iOS (or application) update in April of 2017 BCI application was reset or something else.. We trying to login and get «error wallet decryption»

While I was trying to log in with desktop, confirm by e-mail and phone, I’v got some part of response with such a payload

{\"pbkdf2_iterations\":5000,\"version\":3,\"payload\":\"AAAAAAAAAAAAAAAAAAAAA(here is numbers and digits)\»}» }

It’s very strange payload starting with AAAAAAAAAAAAAAAAAAAAA…

Trying btcrecovery util, but no result (use this response part as wallet.json and some password tokens). (python btcrecover.py --wallet pl.json --tokenlist pass.txt)

May be our password was reconverted some way during the BCI updates, iOS app updates? May be need change iterations count? May be old version was initially? Probably, we can try to brute force seed someway as we have one of the wallet addresses?

Experts, please, help us

[pedrohrcunha]

Did you already extracted your wallet.aes.json from the blockchain-wallet-downloader.py? I think it's better if it comes from there. This is also a btcrecover.py functionality.

After having the correct wallet.aes.json all you can do is try to figure out your password by making good rules in the tokens.txt.

As far as I read, it is highly unlikely that blockchain messed up your password (reseted to a default, corrupted it) since it is simply the .json that is encrypted. This doesn't go through blockchain in any way.

Good luck! I'm here to help.

[ArnyS]

@pedrohrcunha thnx, Pedro But we sure, out password is correct, it was written on paper and was used also after new iphone setup but before april 2016... We think it's something like incorrect wallet hashing during BCInfo software updates. What do u think about AAAAAAAAAAAAA... ? I'm dummy in crypto, but it looks like double hashing or wrong offset.... {"payload":"{\"pbkdf2_iterations\":5000,\"version\":3,\"payload\":\"AAAAAAAAAAAAAAAAAAAAAMaq8wnxbEGnVWeYEKJzLZ3wsDky7OmWIqsvdv9rK8XJwVpcUmI0zX2atugh1F3skzIfhJ/2QE+Ql98ZMpZBUEX30mcVE+v+CshDfnGBQEqff+PZ1hEPxd7uOyNtpKYb/rzE74ZapCTwueP88Ne768aT8gnrNk//+1ecbbLgTo7KAqwkYlIaqsB8oSWf4bP7cUAf4XGfXizGJYQXbRb8ydwgKZPQv2p/dbix+Y5juG3yBc7RuDi71vmBQVy2ia7aZ1vsqQ5TOOAOz0xDhu/wvP2sZvhM3VefUnrVztE2cIrvM6nSI82eElg9xY6KsiMEtOEGnwK+Jbrz++AaG268KZ288o8ZM8ACe8/Hva/fN0nFzb+c8wTyKrucgWKQhnP2CGyuGoYZycPm9GGs55/T0/Br0M7cgz9b2ZY9pm5lXmX0rJHjtkKLlQDpVKSWX+3k8Aons+8ZB2UsJRY3ojh7D---------------------------------------some symbols-------------------------------------------------------------w6sslTyGrQm1cQylmBI7OuTrGlQdgEGQXJeToAeTKQ+hTOmRVE2WY2gKIW7N4he0ssktbAPEIzT5hHC5MIf0toLQtUi17ggz43/n6NJsUkbEgXiOCCzvziCt7FRtq4n4+3aGWpkX1/j4MKKh5AI6ZYLGRAVsG99Ary3S0jOuD60hULyfL/us/5PveD/+w1dCy5VIChoiiQijitmqVVwSIGC1vvvcJ+j5rgcEh/RSbih+4qwMkQgKxsZgsbcclUPPARqrzd+TKRyvT7zHLBvcG9Hkzv8aMsEW0i9wbF/8Ceg7CdFXIhL8Rz9uenkw+2JN/aroVkJNw7KN\"}"}

[pedrohrcunha]

@ArnyS I don't know about this AAAA... I'm no expert.

Forwarding this to @gurnec.

[gurnec]

It’s very strange payload starting with AAAAAAAAAAAAAAAAAAAAA…

Agreed.

In fact, there's no feasible way the payload should start with this pattern. It's an indication something definitely went wrong when the file was last modified & encrypted (what went wrong I couldn't say).

Assuming you have no earlier backups of the wallet.aes.json yourself, I'd try contacting Blockchain.info support to see if they have any earlier backups. You can mention the odd pattern - it indicates that the "salt and IV are all 0's" which should never happen, and it might be a bug on Blockchain's side (or it might be something else, like I said it's hard to say). Without an earlier backup, I suspect there may be no way to decrypt your wallet :worried:

[ArnyS]

@gurnec Thx Christopher! What do you think is the best way to communicate with the support team? I heard they are very reluctant to answer. Write a letter from the linked e-mail?

Do you think that the old phone could have stored a wallet somewhere (a local copy like some cache)? We have an iOS back-up on PC ...

[ArnyS]

@gurnec From a technical point of view, is it possible to somehow arrange the search for salt and modes, if I know the password exactly?