Bitcoin Forum

On January 28 2015 I sent about 51 btc to my Trezor wallet. I Set up the Trezor wallet copied the seed made a couple of addresses and sent the 51 btc to one of the addresses which I still have a long with the recovery seed. The problem is that I set up a passphrase which I can't fully remember. Have been using btc recover which is a genius program thanks to Chris for making this available. First token list was about 34 words and available password guesses are at about 700,000,000,000 its on the 6th day of brute forcing doing about 6.30 kp/s.

Now I'm starting to doubt the seed I wrote down from Trezor is the correct one, the firmware is still on 1.4.2 and haven't updated so there might be some exploits available. Will I still be able to obtain the seed with the latest exploit around even though I can't remember the password? It can be that the brute force procedure is just wasting time and resources if the seed I'm giving it is not the correct one even if the token file has the correct words for the recovery process.

In other words... With this "hack" will I be able to obtain the recovery seed from the Trezor if I set up the passphrase on it with the latest exploit floating around? I just need to make sure I'm working with the correct seed so it can eliminate one of the variables. If so.... who can help? I know Saleem is the hardware hacker that discovered the Trezor vulnerability but how can we put it to use? Thanks in advance

What are you attempting to do? Brute force your trezor seed? Isn't the password a pin or have I got that wrong?

Do you have the encrypted string? What does it contain, is it words, does it start with a letter like 1, U, K, 5, L...

The full story on the guy who forgot the PIN of his Trezor is on wired.com (https://www.wired.com/story/i-forgot-my-pin-an-epic-tale-of-losing-dollar30000-in-bitcoin/). Thanks to Saleem he got it back! He had 7.4BTC in there. I read the full story a while ago. I'd say start your search from there, contact Saleem, and ask (and pay!) for his help. Be very careful, as you'll only get one shot at flashing a hacked firmware. Good luck, and please update your results here!

Has anyone tried using a hypnotist? It seems like a logical solution to the forgotten password situations.

So if there's already a way to brute trezor does it mean trezor is not safe anymore? Please correct me if I'm wrong because I'm really into confusion.

Only on the old firmware, before the back door was closed.

Oh thanks for the response. It really helps.

Since you did not upgrade than you can actually use the vulnerability published recently regarding copying the private key, passphrase, pin and seed phrase from SRAM using the chip JTAG.

Keep in mind though if you screw this attempt up and loose your private keys you're currently out of $900,000 dollars... lol

Whatever you do, don't update your hardware wallet! Next couple years a exploit will be found and you will be able to break in before its fixed on old version.

Theoretically yes, you would still be able to hack the seed out... but it won't show you the passphrase. You would still need to bruteforce the passphrase, but at least you'd know that the seed you're working on is the correct one.

A bit of google searching should find you plenty of info on the hack and how to do it... like this: https://medium.com/@Zero404Cool/trezor-security-glitches-reveal-your-private-keys-761eeab03ff8

However... If you want some peace of mind... I will say that if you type the seed into something like the BIP39 mnemonic code converter (https://iancoleman.io/bip39/ - create an offline copy etc) and it doesn't flag it as invalid, the chances that you wrote it down wrong are actually pretty minimal... the odds of changing one word to another valid one is actually relatively small... as not ALL combinations of 24 words are actually valid seeds.

Also, the most common mistake is either missing a word (which you haven't done) or writing a similar word (ie. then/them etc)... however, the chances of a similar word actually still generating a valid seed is also very small... so if the BIP39 tool detects it as a valid seed, I'd say you have a very good chance of already having the correct seed.