Extracting the Jaxx 12-word wallet backup phrase.


Because this matter is still ongoing (Jaxx does not seem to want to fix this vulnerability), I have moved the updates here to the front. The original post is below.


Reader Alex points out in the comments that newer versions of Jaxx use a different storage method, and links to this LinkedIn article.

It seems that newer versions of Jaxx use leveldb instead of the old sqlite format databases. The pin can still by quite easily extracted, as shown by the LinkedIn article, but I don’t yet know if the 12-word phrase can also still be extracted.

If I can make some time, my plan would be to use something like leveldb-json to dump the contents of the leveldb file, and then to analyse that for extraction possibilities.

2017-08-08 18:42 UTC

I have added the exact filesystem locations / paths to the relevant Jaxx local storage file to the demonstration section.

2017-06-20 07:51 UTC

Since the first publication of this post, Jaxx has publically stated several times that storing our wallets unsecurely is not a problem.

If that is indeed the case, why do all other reputable desktop wallets perform this encryption in the correct manner, thus safeguarding our wallets, and only Jaxx does not?

  • Desktop wallets that DO CORRECTLY ENCRYPT your wallet: Exodus, MyEtherWallet, geth, parity, electrum.
  • Desktop wallets that DO NOT CORRECTLY ENCRYPT your wallet: Jaxx.

(Jaxx “encrypts” the wallet seed, but with a hard-coded and easily extracted key, which means this is not encryption but rather obfuscation, which is not much better than no encryption.)

2017-06-13 10:14 UTC

Reader Imed reports in the comments below that the 4-digit user PIN is stored as an unsalted sha256 hash, which can easily be reversed using rainbow tables, for example via sites like CrackStation.

I have just confirmed with a test Jaxx installation that I am able to extract a configured PIN from the local storage database without Jaxx running of course.

2017-06-11 10:08 UTC

Daira Hopwood correctly points out in the comments that encrypting using the PIN would be too easily brute-forced. I have updated the post in two places to indicate that instead Jaxx does in fact need to implement support for a strong password. One can discuss whether to do this differently for the desktop (no sandboxing) than for mobile devices (usually good sandboxing).

2017-06-10 20:19 UTC

Based on this response by the Jaxx CTO on reddit, they are not planning to fix this vulnerability. If that is the case, I strongly recommend that you avoid the Jaxx wallet.


I was curious how easy it would be to extract the 12-word wallet backup phrase from a Jaxx cryptocurrency wallet desktop app / chrome extension install.

After an hour or two of analysis, I can conclude that this is unfortunately far too easy.

Jaxx Chrome extension Eth UI. Throw-away address, don’t use.

Even when your Jaxx has a security PIN configured, anyone with 20 seconds of (network) access to your PC can extract your 12 word backup phrase and copy it down. Jaxx does not have to be running for this to happen.

With the 12 word backup phrase, they can later restore your wallet, including all of your private keys, on their own computers, and then proceed to transfer away all of your cryptocurrency.

The main problem is that the Jaxx software encrypts the mnemonic using a hard-coded encryption key, instead of making use of a strong user-supplied password. (As Daira Hopwood points out in the comments, using the PIN would not be sufficient.)

This means we can easily read and decrypt the full recovery phrase from local storage using sqlite3 and some straight-forward code.

I successfully tested this vulnerability on the Jaxx Chrome extension v1.2.17 and the Jaxx Linux desktop app 1.2.13.


To test this proof of concept, you will need node.js installed. Ensure that your Jaxx is PIN protected, just for fun. It won’t help.

On Linux or Mac, open the Jaxx local storage file using the sqlite3 tool, or if you prefer GUIs you can use sqlitebrowser. You can find this file at the following locations depending on your operating system, and whether you’re using the desktop app or the chrome extension:

  • Linux desktop: $HOME/.config/Jaxx/Local\ Storage/file__0.localstorage
  • Linux chrome extension: $HOME/.config/google-chrome/Default/Local Storage/chrome-extension_ancbofgphhmhcchnaognahmjfajaecmo_0.localstorage
  • macOS desktop: /Users/[username]/Library/Application Support/Jaxx/Local Storage/file__0.localstorage, thanks to Manuel in the comments;
  • Windows desktop: C:\Users\<Your Computer's User Name>\AppData\Roaming\Jaxx\Local Storage
  • Windows chrome extension: C:\Users\<Your Computer's User Name>\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ancbofgphhmhcchnaognahmjfajaecmo_0.localstorage

At the sqlite3 prompt, do the following:

sqlite> select value from ItemTable where key="mnemonic";

(If you opted for sqlitebrowser, just copy out the value of the mnemonic key.)

Note the returned value down. This is Jaxx’s encrypted mnemonic which we shall decrypt into your 12 word backup phrase.

(If the returned string is too short in your case, try sqlitebrowser instead. In my case, sqlite3 works perfectly for the desktop Jaxx, but not the Chrome Jaxx, where I use either the chrome Dev Tools or sqlitebrowser to extract the string.)

Install crypto-js version 3.1.2 by doing either npm install crypto-js@3.1.2 or yarn add crypto-js@3.1.2, and then run the following code using node, after substituting the mnemonicEncrypted variable value with the one you extracted using sqlite3:

// Jaxx recovery phrase extraction by cpbotha@vxlabs.com 2017
// https://vxlabs.com/2017/06/10/extracting-the-jaxx-12-word-wallet-backup-phrase/

// you need v3.1.2 (same as latest jaxx) else you'll get invalid UTF-8 error
var CryptoJS = require('crypto-js');
var _key = "6Le0DgMTAAAAANokdfEial"; //length=22
var _iv  = "mHGFxENnZLbienLyALoi.e"; //length=22

var mnemonicEncrypted="ofvoUNhkw+zBN+nvxd1GoL/u1Stn1hyXChD9JvCVkNZgpp19mWY595fbiFjjRPNbw5xxNtzAJGUchr3mImHCsLqSx7aQxcCbo+VrqxBJ5+4=";

var _keyB;
var _ivB;

// js/vault/vault.js
function decryptSimple(encryptedTxt) {
    // not sure why jaxx does  this inside the function
    _keyB = CryptoJS.enc.Base64.parse(_key);
    _ivB = CryptoJS.enc.Base64.parse(_iv);    
    var decrypted = CryptoJS.AES.decrypt(encryptedTxt, _keyB, { iv: _ivB });
    var decryptedText = decrypted.toString(CryptoJS.enc.Utf8);
    return decryptedText;


This should print out your 12 word backup phrase, in the case of this dummy setup I’m seeing “snake purity emerge blue subway lab loyal timber depth leg federal work” which is indeed correct.

How can we fix this?

The thing is, Jaxx is unfortunately one of the better cross-platform multi-currency wallets. Although it has a great UI, I personally don’t like Exodus, because they don’t let me manage more than one Ethereum address.

To mitigate the Jaxx security issue discussed here, keep the Jaxx desktop app’s local storage directory on an encrypted filesystem which you only mount when you’re using Jaxx, and unmount directly afterwards. This is what I’m currently doing using encfs.

If you prefer using the Chrome extension, you can try symlinking just the extension’s local storage file as it lives in Chrome’s global Local Storage directory.

Importantly, keep on encouraging Jaxx support to add support for using a strong user-supplied password as part of the encryption key (just like Exodus) with which they encrypt your mnemonic (recovery phrase) and all other sensitive values in local storage. Refer them to this post for more details. (See Daira Hopwood’s comment, using the PIN for encryption is not sufficient.)


If this helped you, and you like sending ethereum around, feel free to send some to address 0xA3448C2e3F22F58759fd5dD14BE76269034d440E also known as the following QR code:


183 thoughts on “Extracting the Jaxx 12-word wallet backup phrase.”

  1. While the encryption method is probably the same would this not apply to Android since apps are sandboxed from each other?

    1. On non-rooted Android apps the sandboxing will indeed complicate this.

      However, seeing that I’ve gone to the trouble of configuring a PIN, it would have been nice if Jaxx had further encrypted these crucial details with it. 🙂

      1. Hey I was hoping you could help me. I created a Jaxx account and the app crashed as I was receiving my 12 word phrase and now I am locked out. I have all the other transaction data from my transfer form coinbase to prove it’s mine. Would you be able to help me extract this phrase from my app? I’d be happy to pay for this service as I have locked myself out of a decent amount of money. I’ve tried everything and Jaxx support won’t do anything.

        1. I have updated the “demonstration” section with the full paths to the sqlite / localstorage files.

          Does that help? Can you open the relevant localstorage file and read out the “mnemonic” value?

          1. Hi all,

            I think I have the code from SQLite but I am struggle to run the script in node.

            Has anyone had success and are there any pointers for getting the script to run?


        2. Andrew, are you stupid? Why didn’t you write your recovery phrase down BEFORE YOU DEPOSIT >ANY< MONEY INTO YOUR WALLET??? It's just as stupid as making a random Paypal password and then don't save it!

          Did you just skip the wallet-setup steps or what???

          A quick 10 minute Youtube video would have showed you, how to setup a wallet PROPERLY!

          Well, now you're fu**ed…

          1. Hi, I just did a factory reset of my iPhone , having its full back up in my Mac but after restoring I lost access to my Jaxx wallet . The bad part is I did nit have my backup phrase saved .

            I have the full back up of my iPhone in my MAC. Is there any way to retrieve the backup phrase from may MAC.Please help.

    2. This also applies for the Android-App!
      I was able to replicate my security pin and backup phrase by doing the following:

      Use “adb backup” to perform an app-backup for com.kryptokit.jaxx and extract backup using “dd”
      Open local storage database located in “com.kryptokit.jaxx\r\app_webview\Local Storage” within an sql browser
      Browse “ItemTable” and search for pin
      Paste value into https://crackstation.net/ and receive “security” pin

  2. Can you be a little more specific on how did you found the decription keys? we need to replicate the research on other wallets.
    BTW, the correct path on mac sierra is /Users/[username]/Library/Application Support/Jaxx/Local Storage/file__0.localstorage

    I find interesting the fact that on their knowledge base they mention “You can recover your wallet from the hard drive via a data retrieval service by locating your Jaxx Local_Storage files.” this means this “backdoor” is intentional for selling a recovering service

      1. I traced the code of the extension using the Chrome developer tools. If that weren’t available, I would have extracted it from the desktop app.

  3. I don’t think encrypting the master seed with the PIN would help. It’s just too low entropy. Assume that you use a good PBKDF so that each trial decryption takes as much work as a user is prepared to tolerate in latency to unlock their wallet. The PIN has at most 10000 possibilities. (In practice some PINs are much more common than others so the guessing entropy is optimistically only around 10 bits or so, and an attacker *will* take advantage of that, but let’s ignore it for the sake of argument.) The work factor (ratio between the attacker’s and user’s cost) can therefore be at most 10000, which means they break the encryption too quickly for it to give the user any more than a false sense of security. Note that it isn’t possible to prevent an attacker from confirming a trial decryption, because they just check the secret keys generated from the decrypted master seed for consistency with known addresses.

    1. Thank you very much for this!

      You are of course completely right, the PIN would not be sufficient, jaxx would really need to add a passphrase to encrypt the backup phrase.

      I will update the main post contents.

  4. I fail to see how is this “network” access. You seem to use the sqlite file which means that the attacker has to have disk access in which case he has compromised your pc anyway.

    Enlighten me if I’m wrong but this seems to be a really low severity issue.

    1. Remember there is no sandboxing on Linux, Windows or Mac. *Any* app running there can access local storage and extract your wallet. This could also happen via SSH for example, or a misconfigured network share.

      Also, the rate at which Windows PCs get hijacked for botnets and ransomware shows how easy it is to compromise systems from the outside. With Jaxx, there is an additional very interesting monetary target. Would be trivial to add to any worms / rootkits, and the wallet can be stolen even if the user hasn’t touched jaxx in months.

      Furthermore, if this is a low severity issue, why do other wallets (exodus, mist, mew, etc.) and other good software such as gnupg employ strong encryption on local assets?

      This is not a low severity issue.

      1. Then your study applies only to the Desktop app, and not to the browser extension. In the security model of browser extensions having a compromised host is out of the scope since the malware can modify the extension itself and “phish” user credentials. As I said before – in that case it’s game over anyway.

        1. No, it applies to both the desktop and chrome extension.

          If the user *ever* used the Chrome extension, could be months ago in an uncompromised state, and that PC gets compromised in any way in the future, their wallet is toast.

          (there is a slight mitigating factor in that deleting the chrome extension also deletes its local storage. uninstalling the app in contrast leaves the local storage lying around.)

          1. Hello and thank you for bringing this up to us users! I have been busting my ass in past days to make amends based on the vulnerability you exposed. I’m not a power user so I need to ask you – I was using the chrome extension (windows 10) but I removed it – when I search the registry or files for “Jaxx” it doesnt find anything. But I’m guessing it is not enough – would you mind revealing what one has to do to fix this? I’m fine having only the android version of the app but I need to get rid off all the traces on my windows desktop where I used the chrome extension. Do I have to delete some folders, reinstall chrome or the whole system? Thank you.

  5. Thank you for the info,

    then if I use the Jaxx app for iOS only(no desktop/macOS app and no browser extension), is it safe from this issue?

  6. I just quit Jaxx because of your post. Now I have everything in a safe offline wallet. Thanks for the information.

  7. Hi, thanks so much for all this. So for anyone that has substantial funds on jaxx and would still like to use it as a cold storage solution, would this process be a way forward?

    1 – erase jaxx app, and all library files + erase chrome extension (this will automatically delete associated locally stored files)

    2 – set up a new OS, say on a bootle external drive, don’t install anything but jaxx, and use the seed phrase to re generate wallet.

    3- in case the previous machine was compromised before this process. Set up a new jaxx wallet with different seed on this new OS, and transfer funds from old wallet to new one.

    At this stage, as long as one has strong encryption on the bootable external drive, and does not use internet connectivity there other than to send from jaxx, then funds should be safe correct?

    Also, would one be able to the above process by just setting up a new user on say OSX, or would a separate OS on external disk be necessary?

    thank you!

  8. First of all, thanks for this great post!

    So, where is the mnemonic phrase exactly stored when using Jaxx on Windows? Is it sufficient to just move the Jaxx folder (unpacked Zip file) to an encrypted container (created with TrueCrypt)?

    Sorry if it seems like a noob question, but I’m thankful for explanation here.


    1. Please check the post: For the desktop app on Windows I show you the exact location of the local storage file which contains the mnemonic. It’s not where you unpacked Jaxx. 🙂

      1. I had the same exact question. Where is the data stored, so I can delete it? Sorry, I’m not all that technical but I don’t see ‘the exact location of the local storage file’ you mention. I’m on Windows 10 using desktop Jaxx. Where is the file I need to delete please? Thanks for the info.

  9. Building on your work, I found that the Pin code is stored as a sha256 hash in the same database:
    select value from ItemTable WHERE key LIKE ‘userPin%’;
    this can be very easily reversed as it is a simple 4 digit pin using rainbow tables (https://crackstation.net/).
    This is bad!!

    1. Before I update the post: Are you sure the PIN is not salted with anything before hashing? In other words, have you confirmed that you can easily and successfully extract the correct user-defined PIN using rainbow tables?

        1. More bad news, the Pin code is not used to encrypt the private key at all, the pin is just an authentication mechanism used at the UI level, therefore it can be completely bypassed by just copying the file ‘file__0.localstorage’ into an attacker’s machine and changing the pin code using the sqlite3 client, the proof is that the following query would reset the pin code to 4444 without corrupting the wallet private key:
          UPDATE ItemTable set value=’79f06f8fde333461739f220090a23cb2a79f6d714bee100d0e4b4af249294619′ WHERE key LIKE ‘userPin%’;

          1. That was the whole point of my investigation and post: The wallet mnemonic is encrypted with a hard-coded key+iv, the PIN is not involved. 🙂

            1. I am talking about the private keys, and not the mnemonic. I know that you can get the private keys from the mnemonic, but I think they store the private keys in the database as well as I found too much data there.
              Also, I am not sure about this, but are all the wallets compatible with the mnemonic principle? I know bitcoin and ethereum are, but I don’t know about the rest. And if ethereum and ethereum classic would use the same mnemonic, wouldn’t they and up having the same private key/ public key pair?

        2. It does not work for me. I extracted the blob value of the userPin key but every online de-hashing website tells me the provided string is not a valid hash.

    2. Hello Imed. I need to extract my 4 digit pin. I’m on a Mac OS Yosemite. My Jaxx wallet is the Chrome extension wallet. Where can I locate the local storage file for that? It isn’t the path directory as above. Are the Mas chrome extensions files located somewhere else? Thanks!

    1. The vulnerability has been confirmed by others.

      I think you might be looking in the wrong place. The paths in the post are for the desktop version of Jaxx. For the chrome extension, you should look in ~/.config/google-chrome/Default/Local Storage/chrome-extension_ancbofgphhmhcchnaognahmjfajaecmo_0.localstorage on Linux.

      You can post your apology as a comment when you’re done. 🙂

      1. Would it be possible to give a complete path for a chrome extension of Jaxx on windows 7? I keep getting ” The system cannot find the path specified”. I am lost and the path forward looks dim.

        1. Hi there James,

          I have updated the post with the exact filenames in the demonstration section. There are two paths for Windows: One for the standalone Jaxx app, and one for the Chrome extension. It sounds like you have the latter so use that one.

          1. I was so happy to see the path for chrome extension. Unfortunately I have tried it 3 times making sure it was entered correctly and it was bounced 3 times. The error msg didn’t say no path instead ask for me to the check spelling. I noticed that Jaxx is not mention in the path. How does the C drive know which chrome extension it is looking for? I have 4 different ones beside Jaxx.

            1. For chrome extensions, the only important thing is the extension ID. In your “Local Storage” directory, one of the filenames should be chrome-extension_ancbofgphhmhcchnaognahmjfajaecmo_0.localstorage

              (ancbofgphh…. is the extension’s unique ID)

              If that file is not there, it means your Jaxx extension is either not installed, or installed but not activated. In both cases, there’s no data to analyse.

              1. I was able to get down to the file by using C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ancbofgphhmhcchnaognahmjfajaecmo_0.localstorage but then I was asked which program I wanted to use to open it. Stumped again. I thought it would be Chrome but it seems not one of my options.

                1. Brief history – Around mid July everyone who had bitcoins on coinbase was advised to move them off the exchange to an user controlled wallet for the up coming BTC fork. I did this and picked Jaxx as the wallet. The version I had was 1.2.17 or 18. At the end of month check the wallet, everything okay, the next day couldn’t open the wallet. Jaxx support advised everyone on their blog about what turned out to be 2+ day problem. On the morning before the fork when I opened Jaxx it wasn’t my wallet but a new version 1.2.20 and I was asked to pick 1 of 2 choices, new wallet or type in 12 words for old one. I stopped the process and did not pick either of the 2. Searched for the paper I wrote the 12 words on without success. Found your article with a search and was amazed. I finally work down to 2 files in localstorage.One file (the journal) 0KB the other 5KB. Up to this point I always believed that the 12 words were stored on my machine and Jaxx program sent them for validation before starting up and as long as I don’t pick one of the 2 choices the old wallet 12 words was still in memory on my machine. I now believe he wipes the localstorage as a setup to installing the rest of the program. I think he doesn’t need the info.One choice he assigns it the other you provide it. The only question I have is what happens to those BTC coinx Jaxx holds but no one can ever claim also includes the BCC coins from the fork?

                  1. Hi James,

                    I had jaxx installed on my old phone android.
                    After buying a new android phone i migrate all applications on the new one including Jaxx but without 12 words backup phrase as i didn t knee about it.
                    After i reset to default the old phone.
                    Is there any way i can recover the 12 words backup phrase from the old phone alltough 8t s been reseted?
                    Jaxx support told me there s nothing that they can do…

                  2. The chances are less than slim. You would need a probably super expensive recovery specialist to see if any of the data can be recovered from the flash in the phone. Only if you are able to recover the Jaxx database, and only if the phone had the vulnerable versions of jaxx on there, you would have a chance of recovering.

  10. I also can confirm that this article is real.

    For a quick fix in windows, that makes a bit harder to get hold of the file that we are dealing with, do the following.

    Open explorer en go to %appdata%\Jaxx
    There right click on the Local Storage folder.
    Go to Security tab, click advanced disable inheriting of the folder.
    Remove your own user, and change the owner to administrator.
    Apply and close all properties.

    Go where JAXX wallet is located go in the jaxx-assets folder right click on Jaxx.exe under compatibility run this program as administrator.

    This way it is not that simple to get hold of the file without admin rights, of-course this only works if the UAC of windows is enabled.

    Hope this helps.

  11. Just alternative view of the problem. Is there any chance to change some Jaxx config to lookup for SQLite storage file not in windows local roaming directory, but out some other path, i.e. to crytped container, which is mount/dismounted upon necesarity?

  12. Yes,
    But hold your Hat for this one.
    Tested and working on Windows 10 Pro.

    You take an USB Drive small or big as long it works with bitlocker.
    Format it as NTFS.
    Assign a drive letter to that a bit higher in the hierarchy of drive letters that are used like the letter Q.
    you can do that in diskmanager.
    Make a directory JAXXConfig on the drive.

    Now go to %appdata%/jaxx.
    Go to the folder Local storage.
    Copy the files in here to your USB drive in the new created folder JAXXConfig.
    Go back on level and delete the Local storage folder.
    Now open an command prompt in administrator you do that with searching cmd in start menu right click on it and run as administrator.

    Type in the command prompt:
    cd %appdata%/jaxx
    Then followed by
    mklink /D “Local Storage” Q:\JAXXConfig

    Now got the File Explorer
    Right click on the Q drive JAXX
    Turn on bitlocker, choose password, select fast, select compatible mode, let the drive be encrypted Store your restore key in a save place, or just delete it as long you have your 12 word backup phrases from JAXX to restore your walled you can always format the drive if you lost your bitlocker password.
    After this you can just take your USB key out when you are done with JAXX and every time you plug it in you have type your bitlocker password to see the data on the USB drive

    Don’t forget to remove the admin rights for JAXX because it is not needed anymore.
    Good luck.

    1. Great description. Thank you very much! Really solves the problem

      p.s. The most stupid thing that they do not support additional wallet files to be opened from the UI.

  13. Thanks for this.
    Perhaps useful to some – using Chromium on linux with the Jaxx extension presents (for me) a different configuration – the extension is stored differently and I’m still looking for it.
    I understand that this is not a solution but does fall under the ambit of “a bit more difficult” than Win machines….

  14. Big thanks for this warning!
    Since the Jaxx developers don’t see a problem in this und thus don’t want to fix it, the best long term solution is to switch to Exodus, I’d say…
    Bummer – but what can you do…?

    1. At least you can still use the same wallet if u recover it in Exodus with the given 12-word-backup-phrase.
      But don’t forget to remove the Jaxx data folder afterwards….

  15. I just saw your Update, how exactly do you know exodus encrypts your private keys? they create your wallet before even asking for your password, in fact, you cannot set a password until you transfer money to your wallet, if someone would to investigate this, it would be clear that either they use a hard coded encryption key, or they generate a random one and store it somewhere on the disk in a reversible manner.
    Security through obscurity. I urge you not to use exodus/Jaxx without properly securing your wallet on your own (file encryption using veracrypt containers for example), it seems they cannot take care of such a simple task, and we need to do it by ourselves.

  16. Does anyone know exactly what this file does ?
    Unless I’m missing something, the passphrase is held cloud based or blockchain based so you can restore your wallet in case of total hardware loss. So what’s the point of this file, and if you delete it can you still use the desktop Wallet ?

  17. So I answered one of my own questions through testing – removing the two files means Jaxx has “lost” your money. Re-running Jaxx again after moving the files away started the whole Jaxx initial wallet setup again.

    However moving the files back caused no issues, and re-opening Jaxx showed my full balances again.

    Based on this, a simpler workaround would be to encrypt these files in place using something like 7-Zip or move them to an encrypted container such as Veracrypt. You’d need to manually unzip/copy from Veracrypt to use Jaxx, but it’s an easy albeit annoying step and at least everything is secure while you aren’t using Jaxx while this is being (hopefully) fixed.

  18. using a chromebook the file is (chronos@localhost):
    /home/user/c1b02c025a7894ff389c2eee3343f16cc5621999/Local\ Storage/chrome-extension_ancbofgphhmhcchnaognahmjfajaecmo_0.localstorage

    the directory c1b02c025a7894ff389c2eee3343f16cc5621999 may be different on your machine.

    I was able to extract my forgotten PIN as described above using sqlite3.

  19. Would it be possible to give a complete path for a chrome extension of Jaxx on windows 7? I keep getting ” The system cannot find the path specified”. I am lost and the path forward looks dim.

  20. What you can do to securely save the complete Jaxx folder in macOS Sierra is the following:
    • Create a (100 Mb. or so) 256bit AES encrypted and password protected .dmg file in Disk Utility;
    • Name that disk image “Jaxx wallet”;
    • Copy the complete Jaxx folder from /Users/[username]/Library/Application Support/ to the disk image, and deleted the Jaxx folder from the Application Support folder;
    • Make a symlink to the copied Jaxx folder on the DMG with the SymbolicLinker tool (or use the Terminal to do it: just Google how to);
    • Rename the symlink to “Jaxx” and place it in the Application Support folder;
    • Now, every time you start Jaxx without opening the Disk image first, you get an error message, remembering you to open the disk image first. After opening the disk image, Jaxx runs without problems;
    • I also made a simple automator script called “Start Jaxx”. This opens the disk image (prompting me for the password) and starts Jaxx immediately after that.

    I only need to remember to eject the disk image after quitting Jaxx, which I could probably add to the Automator script as wel.

    1. Hi Marc,

      Somewhat noob here which it comes to MacOS.
      Wouldn’t FileVault help to prevent this Jaxx security flaw?

      Also if you have already started mining on a Jaxx wallet but haven’t reached a threshold for payout, would i be able to change the payout address before hand (to a Exodus wallet for example) ?

      1. Hi Tony,
        FileVault encrypts your Mac in case it gets stolen and the thief hasn’t got a password: all data is encrypted indeed. However, an encrypted disk image puts an extra layer of encryption, in case your Mac gets compromised (virus or malware) and a hacker can sniff you Mac’s storage. Unless that know the password of the disk image, they won’t get access to your encrypted disk image.

        Honestly, I don’t know about the changing of the mining pay out address.

  21. his this vulnerability been fixed yet? I’ve been trying the instructions but i can’t seem to get it to work. I could really use some help getting the back phrases. windows 10 did a update and its locked me out of my wallet and i can’t find my phrases. all my funds are in that wallet ;-;

  22. If I encrypt my 12-words with winrar with strong password, moved it to another places with bitlocker encrypted, this mean i can avoid this defect?

  23. I`m in the same situation of ASYNSION. I’ve been trying the instructions but I`m not able to find the chrome-extension_ancbofgphhmhcchnaognahmjfajaecmo_0.localstorage file. I just installed the Jaxx Chrome Extention n other PC to see if I`m able to find the file and the same, didn`t find. Instead of windows 10 update, in my case was the McAffe installation and its locked me out of my wallet and i can’t find my phrases. all my funds are in that wallet ;-;

  24. Not sure if you guys can help or not but here goes.
    I installed a Jaxx wallet on my Android phone a month ago. Wrote down my backup phrase. Added funds over the next several weeks, all of which correctly showed up in my balance.
    Then I installed the PC version for Chrome. That did not show the balance from the Android.
    Followed their instructions to pair the wallets.
    Voila! The money vanishes!
    I’m being told that I must have another backup phrase but I know that’s not the case, or let’s just say I’m 99% sure of that.
    How would you sort this out?

  25. If you have physical access to an android phone and USB debugging is on (or be able to turn it on yourself), it is very easy to extract the key.

    I wrote a little script that finds the pin using the in-app libraries.

    Just open chrome://inspect (in chrome ofcourse).
    You will find Jaxx because it’s a cordova app, click it to open developer tools.
    Past this script in the console and press enter:

    eval(“for (var key in localStorage){ if(key.indexOf(‘userPin’) >= 0) var pinhash = localStorage.getItem(key);} var result=”; var pin = -1; while(result!=pinhash && pin < 10000) { result = thirdparty.bitcoin.crypto.sha256(('0000'+(++pin).toString()).substring((pin).toString().length)).toString('hex');} if(pin < 10000) { console.log(('0000'+(pin).toString()).substring((pin).toString().length))} else {console.log('Error finding pin')}")

  26. Thanks for the help. One question, I was able to turn on debugging and get to chrome://inspect BUT I cannot find the jaxx files on my android. (Yes, the app is installed and I have used it daily.) It doesn’t show up even when I make sure ‘hidden files’ is checked.


    1. I’m sorry for being incomplete in my instructions. This is because my development environment was ready already.

      Besides USB debugging you also need the ADB daemon to be running. This is part of the platform tools of the Android SDK. You can find them online also without the SDK, so the download file is much smaller. Besides that you need the ADB interface driver of your phone’s manufacturer.

      Once you have all installed you can run “adb devices” in command prompt or shell. It will start the deamon and show the connected device. Then you can open chrome://inspect and it shows something like this: https://gonzalo123.files.wordpress.com/2014/07/inspect_with_chrome_developer_tools_and_bad_religion-the_gray_race1.jpg

      In this example you see Chrome, but then you should also see Jaxx.. Click it and it shows a screen like this: https://developers.arcgis.com/javascript/3/jshelp/images/phonegap/cordova-remote-debug-chrome.png

      Then past the script in the console and press enter.

      By the way, wordpress replaced some quotes in my script. the outer should be double quotes and all other’s single quotes or 2 single quotes.

      Good luck!

      1. Could you paste the working script again or host it somewhere else, I can’t get it to work.

        Would be much appreciated!

  27. We were able to extract the userPin(using your enclosed eval javascript (thanks)) but that did not allow us to get to the 12 word backup phrases.

    We could not find the file

    Windows chrome extension: C:\Users\\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ancbofgphhmhcchnaognahmjfajaecmo_0.localstorage

    and we are using windows 10 and the Jaxx Chrome Extension

    Please let us know where we can find this? We searched the whole PC (from c:\) for all files ending with “.localstorage” and nothing of the like showed.

    we used windows explorer to get to the phone and got to the following directory
    This PC\SAMSUNG-SM-G890A\Phone\Android\data

    and saw a bunch of apps in there but nothing resembling Jaxx (we searched the whole phone)

    we were trying to find the location of the sqlite database files (either with the *.db or *.localstorage) extension
    so that we could run the following command

    sqlite> select value from ItemTable where key=”mnemonic”;

    Any help would be great!!

    1. Hi David,

      I’m glad that the eval script worked. With that pin you can retrieve the 12 word mnemonic from the app itself at Menu/Tools/Backup Wallet.

      But as mentioned, the mnemonic isn’t encrypted with this pin. So I dig a little in the source code and it seems worst. You can even get the 12 words easier than the pin from that same console using the the source code itself.

      Just run getStoredData(‘mnemonic’,true) in the developer tools console 😉

      1. Hi! Yes, it definitely worked, although my situation is most likely beyond hope. The folks at Jaxx tell me I must have opened a new wallet at sometime not realizing it and therefore I had two different set of 12-word pass phrases. Here’s what happened:
        Step 1: opened Android Jaxx wallet (wrote down pass – I even dated that and it coincided with my first deposit)
        Step 2: tried to “pair” Jaxx wallet on pc version w/chrome extension.
        Step 3: BTC vanishes from Android Jaxx wallet
        Step 4: Despair
        I”m 99.999% sure I didn’t open a second wallet, I only tried to pair the Android with the pc version. And of course I can trace the BTC from my ABRA and Gemini accounts…they show as full balances on BlockCypher.
        Are there any other steps I can take?
        Thank you!

        1. That is very strange, trying to pair with another device shouldn’t empty your android wallet. I also don’t have any clue what happened there…

          1. Trying to prove Jaxx caused the error is virtually impossible. However, I have no doubts that I only opened one wallet and therefore agree with you that this should not have happened.
            I would not recommend that anyone use their product.

      2. Did you find a new way to extract the 12 words or the pin from Jaxx application on android?

  28. One quick question: the fine folks at Jaxx instructed me to delete their app when this happened and install a new one. Is there any possibility that the old app and corresponding data can be recovered? And, if so, would it be theoretically possible to use the method here (which absolutely worked on my pc) to find the 12-word passphrase?

  29. Trying to decrypt the passphrase with the code you provided.

    All works well, until the final line decrypted.toString(CryptoJS.enc.Utf8); which returns an empty string, although decrypted holds a words array (with 40+ positive and negative numbers) and a sigBytes variable equal to -58.

    Any idea what goes wrong?

    1. Please try my example code as is, i.e. with the example mnemonicEncrypted.

      If that also does not decrypt, there could be something with your js setup or used libs. If the example DOES decrypt, then triple-check that your encryptedMnemonic is of the correct format.

      If anyone else has more tips, please jump in!

      1. Solved. There were invisible characters in the string that I copied from the database! Removing them led to decryption of the pass phrase, so no changes have been made by Jaxx yet.

  30. No mnemonic passphrase for me. There’s only the character ‘y’ in the mnemonic field. Does this mean this is now patched?

    1. I had to use SQLite Browser in the end to get the mnemonic key and then was able to decrypt the pass key. Still an issue but I’m just happy I was able to recover my wallet. Cheers.

      1. Can you show me how to do this. I woke up this morning, trying to check my BTC balance in Jaxx only to be greeted with Jaxx wanted me to input my backup phrase which I’ve forgotten way did I wrote it.

        1. All of the instructions are written up in the post. There are even alternative ways to extract the phrase in the comments. Many people have succeeded in applying them. You can try to follow in their footsteps!

          1. Found the local storage folder. There’s 2 files in it. Which one do I have to choose to find the mnemonic key.

      1. Hello Micah, I have deleted my wallet from the Iphone6 and do not have my 12 word phrase. I would love assistance in recovering for a payment. 20% wallet value. Thank you, Katie

        1. Did you try restoring your iPhone from itunes? I would need all the files, I don’t even know where they bare on iPhone. The only way I could figure it out if at all would be to have the iPhone and look at it cause I have no experience otherwise would that version of it. I only restored on the Mac version.

  31. Not sure if there has been an update to chrome/extension/jaxx storage location or not. I have Jaxx installed and working as a browser extension.

    I could not find the Jaxx browser extension in the location you said to look (i.e. C:\Users\\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ancbofgphhmhcchnaognahmjfajaecmo_0.localstorage)

    I can get to the folder “local storage” but there is only 1 folder in there (leveldb) and no files (hidden or otherwise).

    I ran a search on my local drive for “ancbofgphh” and found an actual “extensions” folder;
    C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\ancbofgphhmhcchnaognahmjfajaecmo

    In this folder, there are 2 folders, and 1.3.7_0
    There are no other files.

    If you enter either of these folders, there are lots of other folders and files, but I cannot seem to find one that has “_0.localstorage” anywhere. This is definitely something to do with Jaxx browser extension, as there are files such as Jaxx-config and Jaxx images…

    I would really appreciate any help/advice you can give on this.
    Feel free to drop me a line on twitter or something if you think it might be easier to chat there and then update here if/when we find what we need?


    1. No David, I had the exact same problem. Unfortunately I quite after trying recover backup dates on Windows and undelete software’s. Looks like someone stilled the file somehow. If you find any solutions, please share with me, so far I lost all my money…

  32. oh i forgot to say very impressive indeed and will keep you in mind on any quagmires which may arise. Kudos for you Dr for figuring this out.

    Jaxx is on its way out regardless unless they pull a white rabbit from their top hat. … Kind Regards

  33. Hello, anyone familiar with using this method or a similar method to extract the 12 word pass phrase from an iPhone backup? I got a new phone, the old one was wiped, and I forgot to properly follow the Jaxx backup procedure…When I attempted to restore from backup the Jaxx app is asking to re-pair the wallet but I don’t have the 12 word pass phrase or the QR code. Any help would be appreciated!

    1. From your iPhone backup, you might be able to extract the files that were in the folder “com.kryptokit.jaxx\r\app_webview\Local Storage” — if you can get that far, you should be able to use the javascript code in this blog post and the comments to extract your mnemonic.

      You will first need to find a good guide (I don’t have one on this site) explaining *if* and how you can extract files from iphone backup.

      If anyone else on here has any additional tips, please comment!

      1. Has anyone made any progress with extracting Jaxx files from an iPhone backup? I’m trying to get the hashed pin from wherever Jaxx stores it in my backup. From what I can tell it will be in a DB that Jaxx creates.

        I’ve used DB Browser for SQlite to browse the backup file – filtered the domain to ‘AppDomain-com.kryptokit.Kryptokit’ and found various files with a good suspect being one with the relative path ‘Library/WebKit/WebsiteData/IndexedDB’

        Sqlite says it is a binary blob with the file ID a261be0ca412ade0b76cc011b74f6bf9d0908878 – unfortunately no such file exists in the iPhone Backup.

        I’m doing this exploration/work on a Mac – is the file hidden somehow? or does it just not get copied across in a backup and the Sqlite browser is just indicating it’s filename were it to be copied across from the iPhone?

        I just don’t know enough about if an iPhone backup copies across all files, can apps flag files not to be backed up?

        I have my both my phone and backup files. I don’t have either the 12 word phrase or my PIN. Never used it for 6 months and it’s not any of my regular ones – I’m not convinced I actually set up a PIN but can’t be sure. I certainly never saw my 12 word phrase or was ever prompted to write it down. Not that I blame any fool but myself for forgetting a 4 digit pin.

        Can anyone point me in the direction I could go to move forward with extracting the hashed PIN from my iphone or backup file?

        It seems like the iOS version of Jaxx is pretty secure (against me lol) if not – unless someone can suggest a brute force attack on the pin – I can’t type in 10000 pin combos – it’s only half an ETH.

        Any pointers, articles, suggestions appreciated.

        Thank you all for the good work and sharing info so far.


          1. No not yet. I had issues viewing the table where the 12 word pass phrase is stored. Seemed blank. I’m not very familiar with SQL or jsnode. I still have my backup, I’ll gladly share my screen and give a reward if someone can help me successfully extract ETH. We can then document the steps for iOS.

            1. hello,
              I have the same issue and all I have is an iCloud backup. What did you use to extract the info about Jaxx from the backup file? I tried with Phone Rescue but I couldn’t find anything related to Jaxx.

              Thanks a lot for any help!


      1. if you guys have an iOS backup file or something, i can look through it. no promises. i don’t have any iOS backup to look first so i’d need a file or something to look through to see if its something that could be recovered.

  34. Back in Oct I was using Jaxx for just a exchanging wallet didn’t feel the need to write down anything cause I was just exchanging. However when I went to exchange LTC it showed it had left I was waiting on confirmations and nothing so I refreshed my balance nothing happened. I shut down my wallet opened back up and it basically told me it reset itself. I tried to get a hold of jaxx support basically they told me I was SOL. I tried to go back using this method but I am thinking that by me resetting it changed to a new mnemonic phrase or is my private keys still there in my hard drive so I can get my LTC.

  35. Hey, so I have key followed by like 5 words and then value followed by like 5 words as well. I got stuck on the install crypto-js stage. How do I do that? I’m a noob sorry. Please help me from there, pretend i’m 5 years old. Thank you!

      1. Yes it can. It’s explained in the setup. All the applications and tools are available for windows and Linux.

    1. Thank you. I’ll use it if I can understand why my file__0 seems to be corrupted.
      I can’t open it correctly with sqlite or browser. Ubuntu text editor says that there is an error with codification. I found “mnemonic” word but is followed by a lot of senseless characters.
      Size is 160KB, I don’t know if it is normal but I think that is finally corrupted.
      Your script says (file couldn’t be opened)


  36. This post has been tremendously insightful. I’m helping a friend attempt to recover access to a wallet he lost access to. He used the Jaxx Firefox extension. Is it possible to find the localstorage file from his firefox extension as well? Is it encrypted in the same way, and thus, can be decrypted similarly?

    1. Thanks for bringing this discussion here.

      In your position, I would fire up the Firefox developer tools and then use the storage inspector on the Firefox instance that hosts the jaxx extension to try and track down the jaxx extension’s local storage. https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector

      If Jaxx used the same webextension code on FF, the procedure should be similar to what is documented here.

      I’m not able to find the FF jaxx extension to install and take a look at it.

      anyone else?

  37. I accidently upgraded jaxx to latest version. I didn’t have my 12 word phrase.. tried to look at the file in windows 10 with SQLite .

    _jaxxReleaseBulletinVersions [
    crypto_currency_enabled_data {
    crypto_currency_position_data [
    currencies_position_order [
    userAgent –
    hasShownTermsOfService t
    BTCenabled t
    fiat U
    jaxx-version 1
    undefinedenabled t
    upgradeFrom1.2 t
    FiatPriceController_fiat_currencies [
    walletType p
    FiatPriceController_coin_prices [
    FiatPriceController_last_update 1
    jaxxconfig {
    lastJaxxConfigUpdate 1

    That is all I see.. can someone please help me

    1. Hello

      I found your message because I’m in the same case than you.
      This morning, I started Jaxx and kind of automatic upgrade occurred. Due to this upgrade, it seems that files related to my wallet has been deleted (overwritten).
      I have checked the file__0.localestorage and I have the same results than you. I think the file is now empty and the wallet is lost.

      I’m not able to find my 12 words passphrase for Jaxx, so I think I have definitively lost my coins.

      My mistake to not have saved correctly the 12 words passphrase.
      But I’m still stunned to see that an upgrade has deleted my previous files… I will know for next time.

    1. the file you sent was empty basically. you need to first restore the original file, it should be like 500kb or something. that one i could use.

      1. I am trying to recover mine as well. I downloaded the desktop version, created a wallet, sent some LTC to it, logged out because I was at work and it took forever to send there, went to reopen the application the next morning and it had acted like I never created a wallet to begin with but yet I have a wallet address I sent the ltc to.

  38. hey,

    i have somewhat forgot my 4 digit code to my jaxx iphone app and neither have i written my 12 phase password [i wasnt explained how to do it properly and now am paying a rather high price]. i have read that there are pages like crackstation which allow you to crack the 4 digit password – is that correct? does this apply only to pc versions of jaxx or also mobile? if so how do i do it or if not what can i do to get an access. i know stupid of me with not writing them down so please spare comments on that.

    thank you

  39. Hi,
    can you help me please? I have a Jaxx account on my phone (android, i logged in only through the andorid) but I didn’t notice, that I have to check my 12 words backup phrase. So I logged out on my phone without having this backup phrase and now can’t log in back. How can I fix this? I tried almos everything.
    Waiting for your reply
    Thank you so much!

  40. I’m still getting

    Error: Malformed UTF-8 data
    at Object.stringify (C:\Users\Internal Account\node_modules\crypto-js\core.js:1:2215)
    at i.init.toString (C:\Users\Internal Account\node_modules\crypto-js\core.js:1:896)
    at decryptSimple (repl:6:35)

    With v3.1.2 – Everything else is working fine. I was able to save te BLOB output in sqlite by exporting to a text file.

    Any suggestions?

    1. Bleh.. it looks like its my mnemonic string. The one provided worked fine.

      With the sqlite3 all I get is “b” with sqlitebrowser I get the BLOB result but it would appear it’s not a valid encrypted string. Any idea how I can make sure I’m getting the correct data from the database?

      1. The way I exported the key worked, saving the blob as a text file.

        I had exported a second time and tried and it worked. I got the recovery words. My last 3 posts are kind useless, thx for listing!

          1. Hi Micah,
            Can you help me recover my seed from the iOS Jaxx wallet?
            Any help will be appreciated, thanks in advance.


  41. Hi, great post.

    Do you happen to know a way to extract the seed from iOS. I have installed Jaxx on my iPhonr and didn’t save my seed. I Lost a handsome sum of money because of this.
    Is there any chance I can recover that. Thanks.

    I installed Jaxx on my iPhone and then transferred 500 Enjin coins from HitBTC to Jaxx Enjin wallet. The wallet didn’t mandate me to save the seed (it’s a flaw). Later in the day, I installed Jaxx wallet on my Mac computer and paired that wallet to my iPhone which caused me lose all my Enjin coins in IOS Jaxx wallet. I can see my coins on the Ethereum address but can’t retrieve Them because I don’t have the Jaxx seed or the private keys. Is there any way to recover my Jaxx seed. Thanks.

    Any help will be appreciated. Thanks again!

  42. Anyone, have you had any success in finding the file with mnemonic string on iOS? In my case, both on the phone itself and in the icloud backups “com.kryptokit.kryptokit” app domain contains only a useless plist file, and that’s all.

    1. i also have the same problem with my iphone.
      i bought a new phone 4 weeks ago and make a complete encrypted backup of my old phone to itunes and restore my backup to the new phone.

      then i factory reset my old phone and today i found out, that Jaxx Wallet is not setup on my new phone and i have to create a new wallet or to restore with my 12 words.

      i searched my encrypted itunes backup but just found the “com.kryptokit.Kryptokit.plist” File under “Jaxx Blockchain Wallet > Libary > Preferences”. All other directories are empty…

      is there any way to get back my 12 words code or to restore the settings?


  43. Hi Chaps

    So I got the SQlite section right and it gave me my crypted Key out into a text file. Im not a programmer or have any experience using Nodejs. Ive tried to run the install NPM for Crypto.js and I only found version 1.0.1 and even that fails to install/upgrade.

    Not much in the Jaxx account but I would love to recover what is left in there. Can any of you assist perhaps .

    Below is the string of commands and errors that I get.

    1. D:\jaxx>npm install -g crypto.js
    + crypto.js@1.0.1
    updated 1 package in 0.945s

    2. D:\jaxx>node
    > // Jaxx recovery phrase extraction by cpbotha@vxlabs.com 2017
    > // https://vxlabs.com/2017/06/10/extracting-the-jaxx-12-word-wallet-backup-phrase/
    > // you need v3.1.2 (same as latest jaxx) else you’ll get invalid UTF-8 error
    > var CryptoJS = require(‘crypto-js’);
    Error: Cannot find module ‘crypto-js’
    at Function.Module._resolveFilename (module.js:538:15)
    at Function.Module._load (module.js:468:25)
    at Module.require (module.js:587:17)
    at require (internal/module.js:11:18)
    > var _key = “6Le0DgMTAAAAANokdfEial”; //length=22
    > var _iv = “mHGFxENnZLbienLyALoi.e”; //length=22
    > var mnemonicEncrypted=file key that I got from SQLite in the table=;
    var mnemonicEncrypted= “file key that I got from SQLite in the table=”;

    ReferenceError: Invalid left-hand side in assignment
    at Object.createScript (vm.js:80:10)
    at REPLServer.defaultEval (repl.js:195:21)
    at bound (domain.js:301:14)
    at REPLServer.runBound [as eval] (domain.js:314:12)
    at REPLServer.onLine (repl.js:468:10)
    at emitOne (events.js:121:20)
    at REPLServer.emit (events.js:211:7)
    at REPLServer.Interface._onLine (readline.js:282:10)
    at REPLServer.Interface._line (readline.js:631:8)
    at REPLServer.Interface._ttyWrite (readline.js:911:14)
    > var _keyB;
    > var _ivB;
    > // js/vault/vault.js
    > function decryptSimple(encryptedTxt) {
    … // not sure why jaxx does this inside the function
    … _keyB = CryptoJS.enc.Base64.parse(_key);
    … _ivB = CryptoJS.enc.Base64.parse(_iv);
    … var decrypted = CryptoJS.AES.decrypt(encryptedTxt, _keyB, { iv: _ivB });
    … var decryptedText = decrypted.toString(CryptoJS.enc.Utf8);
    … return decryptedText;

    Sorry if I am posting incorrectly.


    1. Hi. I could find my mnemonic key, but I don’t know how should go on. Preveously I have never used Node. If someone know about node and crypto js, please help me, write in more detail how can I run this command. Thx.

  44. Deleted the Jaxx App on my iphone6
    Don’t have the 12-word phrase
    Although, I pay for iCloud service, the Jaxx App did not back up to the cloud (hired someone to check)
    The account holds ~$6,000 of Ether and I’ll give 20% to anyone who can help.

    Thank you,
    Katie from Austin

    1. Hi Katie,

      I have a similar problem, and am offering a similar reward.

      Will let you know if I make any progress.

    2. you need to restore the phone. did you back it up to iTunes? you need that prior state and the prior set of files. did you already try to add the jaxx app again and restore the wallet?

      1. Hi Micah.

        The phone was backed up to iTunes & iCloud before it was reset. I’ve tried resetting it and reinstalling Jaxx, to no avail.

        Next step is to search for the Jaxx files in my iTunes backup. Will do that tomorrow. Any help in finding them on a Mac would be appreciated!

        Thanks again for your reply.

        1. if the backup was done when the phone / jaxx was working, likely you can get it back i’m guessing. the file apparently resides here: ~/Library/Application Support/MobileSync/Backup

          Not sure how big it is but i could take a look at it and attempt to extract it. its one of those things, I don’t know unless i try but if you could get me it, i could try.

          1. I’ve found where the files should be, as you mentioned above, and tried to extract Jaxx files with a backup extractor, unfortunately all it found was a plist file.

            Other than searching through every text file, are there any other suggestions? Also tried using the terminal to search each file for the string “Jaxx” or “Crypto” etc, no joy.

            Thanks again for your help so far Micah.

  45. I am using the SQlite viewer and it has a value for mnemonic space. its all numbers separated by commas. How do I change that into a 12 word phrase? I have downloaded the command prompt for sqlite3 but don’t know where to input those values.


  46. Hello,
    With Jaxx Extension for Chrome with version, in which file can i find the mnemonic ?

  47. hey does this vulnerability still exist till now? ilot my 12 word phrase and i tired sqlite3 to get the word but all i got was this:
    i tried the browser and got BLOB
    can anyone help and tell me why this is happening could it be windows 10 thing ?

  48. I found mine, running chrome: C:\Users\\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ancbofgphhmhcchnaognahmjfajaecmo_0.localstorage

    Have you tried that?

  49. i was able to recover the pin from the log and even from the db just searching for “pin” in the file’s content v1.3.9

    1. Hi,
      could you please give more details? I see a section in logfile starts with userPin_
      how did u decode that?

  50. Hi,
    I am using the new version of Jaxx 1.3.17. Last month (June 2018) i have sent some bitcoins back and forth. But after a month, today i have got some bitcoins in my wallet in jaxx and wanted to transfer it to another account on my Electrum wallet. But now Jaxx ask me to enter a pin key which i have never set up! Of course i was stupid not to set Seed phrases and write them down.

    I tried to follow the above instruction. I use windows 10 and used the desktop version of jaxx. ‘

    In the path …AppData\Roaming\Jaxx\Local Storage there is NO file (localstorage whatever) nothing!
    there is only folder called “leveldb”.

    in this folder there are some files like “00005.ldb, 000008.ldb, LOC and LOG files.

    Does it mean that they have solved this problem and i gonna lose my money or is there still a solution out there apart from tryzing 10K combinations of 4digit pins?

    thank u all in advance.

    PS: i would be happy to give the one who solve this problem a donation too.

  51. Hi,
    I have found my mnemonic but i dont manage to translate to find the 12 words: i’ve tried the tool https://npm.runkit.com/crypto-js but i obtained the error “Malformed UTF-8 data ” .
    Also, i tried with Python but i have also some errors.
    Which tool can i use with Windows 10 to decode my mnemonic ?

  52. My file__0.localstorage seems to be corrupted. I can’t open it in any way with sqlite or text editor. There are a lot of rare symbols and Linux says that there is a format error. Did I lose my words and my coins?

  53. Hello,

    I am using windows 10 and am running into an issue getting the key from sqlitebrowser. When using key mnemonic the only value I get is BLOB, which shown as binary data only in the browser.

    How do I continue? Also, I am unsure how to use node.js with the associated crypto.js file.

    I need to recover my 12 word phrase, as I reset the wallet (due to random pin update, wtf?) assuming my written down phrases worked, but they didn’t. I must have wrote them down wrong.

    I will gladly tip anyone who helps me recover my phrases. Thanks!

  54. so I’ve found another vulnerability in their app, on how they store the PIN. working on a POC now, wanted to email them about this but seeing this and the way they handled this… well, it’s disappointing

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.