Bitcoin Forum
November 01, 2024, 03:46:19 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 [199] 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 ... 265 »
  Print  
Author Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet  (Read 966156 times)
JorgeStolfi
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1003



View Profile
April 09, 2015, 07:23:10 PM
 #3961

Extracting the Private Key from a TREZOR... with a 70 $ Oscilloscope
http://johoe.mooo.com/trezor-power-analysis/

Ahem.  Anyone remembers a guy who used to post warnings here about hypothetical physical attacks, and got called retard, paranoid, fudster, shill, and some nastier things?...

Quote
Nice to see people working on breaking the Trezor and making it stronger!

Until 1.3.2, a physically compromised PC could extract the private key from a Trezor, if the owner happened to had the display turned off (or perhaps even with the display was turned on).  But that is good news for Trezor owners!  Tongue

Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
btchip
Hero Member
*****
Offline Offline

Activity: 623
Merit: 500

CTO, Ledger


View Profile WWW
April 09, 2015, 08:35:10 PM
 #3962


Ahem.  Anyone remembers a guy who used to post warnings here about hypothetical physical attacks, and got called retard, paranoid, fudster, shill, and some nastier things?...

I believe this was caused by the endless FUD around possible interdiction of hardware wallets rather than the description of a well documented attack.


fonsie
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250



View Profile
April 09, 2015, 09:17:15 PM
 #3963

Until 1.3.2, a physically compromised PC could extract the private key from a Trezor, if the owner happened to had the display turned off (or perhaps even with the display was turned on).  But that is good news for Trezor owners!  Tongue

Did you even bother to read the article?

I decided to no longer use a signature, because people were trolling me about it.
JorgeStolfi
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1003



View Profile
April 09, 2015, 09:32:16 PM
 #3964

Until 1.3.2, a physically compromised PC could extract the private key from a Trezor, if the owner happened to had the display turned off (or perhaps even with the display was turned on).  But that is good news for Trezor owners!  Tongue
Did you even bother to read the article?
Did you understand it?

Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
fonsie
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250



View Profile
April 09, 2015, 09:34:11 PM
 #3965

Until 1.3.2, a physically compromised PC could extract the private key from a Trezor, if the owner happened to had the display turned off (or perhaps even with the display was turned on).  But that is good news for Trezor owners!  Tongue
Did you even bother to read the article?
Did you understand it?

Yes, did you?

I decided to no longer use a signature, because people were trolling me about it.
JorgeStolfi
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1003



View Profile
April 09, 2015, 09:41:50 PM
 #3966

Until 1.3.2, a physically compromised PC could extract the private key from a Trezor, if the owner happened to had the display turned off (or perhaps even with the display was turned on).  But that is good news for Trezor owners!  Tongue
Did you even bother to read the article?
Did you understand it?
Yes, did you?
Sorry folks, please don't pay attention, he is one of my personal exclusive trolls.  I still suspect that he may be a Brazilian student that I flunked, hence his generosity in rendering his services for free, 24/7.

Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
fonsie
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250



View Profile
April 09, 2015, 09:49:46 PM
 #3967

Quote
I was more interested in determining the private key. In this section I will therefore look into the key generation. To avoid noise from the display, I set a blank home screen. You can consider this as cheating as changing the home screen requires the PIN. However, an unscrupulous attacker may just break open the case and rip off the display to achieve the same effect. The following graphic shows the computation of the master public key m/44'/0'/0'/0.

The above quote gives me the impression you'll need physical access to the Trezor. You'll also have to disconnect the screen.


Quote
Also, if you have passphrase protection, this attack does not work even with firmware 1.3.1, so you may consider adding that, too.


The above quote says that using a passphrase makes the attack pointless



So if you are stupid enough to not use a passphrase, it would be easier and cheaper for the thieve to buy a 5$ wrench (he saves 65$) and kindly ask for the piece of paper that had the seed written on it.



Please correct me if I'm wrong oh mighty stolfi ( I will admit it if I'm wrong, my balls can handle it ) and NO I'M NOT YOUR STUDENT.

PS: The attacker can use his own PC, he does not need an "physically compromised PC"

I decided to no longer use a signature, because people were trolling me about it.
JorgeStolfi
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1003



View Profile
April 09, 2015, 10:04:04 PM
 #3968

Quote
I was more interested in determining the private key. In this section I will therefore look into the key generation. To avoid noise from the display, I set a blank home screen. You can consider this as cheating as changing the home screen requires the PIN. However, an unscrupulous attacker may just break open the case and rip off the display to achieve the same effect. The following graphic shows the computation of the master public key m/44'/0'/0'/0.
The above quote gives me the impression you'll need physical access to the Trezor. You'll also have to disconnect the screen.

The power measurement could be done from inside the PC, by inserting the resistor and voltage probes in the wires leading to USB port.

Turning off the progress display (which, according to that paragraph, a user can do without disconnecting the screen) reduces the noise and simplifies the analysis of the signal.  A more thorough analysis could perhaps succeed even if the progress display is active.

Quote
Quote
Also, if you have passphrase protection, this attack does not work even with firmware 1.3.1, so you may consider adding that, too.
The above quote says that using a passphrase makes the attack pointless

That protection is effective if someone stole the Trezor and tried to extract the private key by telling it to produce the public key.  But if the power measurement rig is hidden inside the PC, the trick could be used even without stealing the device.  Just wait until the user himself tries to use it.

Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
fonsie
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250



View Profile
April 09, 2015, 10:08:06 PM
Last edit: April 09, 2015, 10:23:53 PM by fonsie
 #3969

Not sure what kind of PC equiment they are using in Brazil, but unless the equipment needed is very tiny. Good luck putting it in my Nexus 6 or MacBook.

So as promised:

Trolfi I'll admit you are partially correct, but next time, keep your trolling attempts a bit more "possible in the real world".
Drug dealers(aka bitcoiners) are more for the quick approach when stealing.

I decided to no longer use a signature, because people were trolling me about it.
JorgeStolfi
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1003



View Profile
April 10, 2015, 12:03:40 AM
 #3970

but unless the equipment needed is very tiny. Good luck putting it in my Nexus 6 or MacBook.

For a PC in one's workplace, in a hotel convenience room, cash register desk, or internet cafe, the part that needs to be inside the PC is the resistor and two shielded probe cables leading to a digital oscilloscope hidden somewhere else.  Othwerwise one would need a small circuit that includes the A-D converter, some memory, and some means to transmit the data out at a suitable opportunity, e.g. by bluetooth. It may be hard to fit that inside a laptop, but perhaps the physical hacker can remove a speaker or some other component whose absence will not be noticed.

Recall that the whole point of a hardware wallet is to keep the keys safe even when using an untrusted machine to sign transactions or hand over a public key.  Requiring the host to have trusted hardware would be a significant restriction to its scope.


Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
2112
Legendary
*
Offline Offline

Activity: 2128
Merit: 1073



View Profile
April 10, 2015, 03:22:40 AM
 #3971

For a PC in one's workplace, in a hotel convenience room, cash register desk, or internet cafe, the part that needs to be inside the PC is the resistor and two shielded probe cables leading to a digital oscilloscope hidden somewhere else.  Othwerwise one would need a small circuit that includes the A-D converter, some memory, and some means to transmit the data out at a suitable opportunity, e.g. by bluetooth. It may be hard to fit that inside a laptop, but perhaps the physical hacker can remove a speaker or some other component whose absence will not be noticed.

Recall that the whole point of a hardware wallet is to keep the keys safe even when using an untrusted machine to sign transactions or hand over a public key.  Requiring the host to have trusted hardware would be a significant restriction to its scope.
How about a quick&simple workaround for this somewhat advanced attack?

When a drug-dealer bitcoiner wants to use Trezor on a really untrusted computer then connect it through a small powered USB hub than one can carry together with the Trezor. Would that defeat this attack?

Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
JorgeStolfi
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1003



View Profile
April 10, 2015, 03:26:33 AM
 #3972

How about a quick&simple workaround for this somewhat advanced attack?

When a drug-dealer bitcoiner wants to use Trezor on a really untrusted computer then connect it through a small powered USB hub than one can carry together with the Trezor. Would that defeat this attack?

It would work, I suppose.

Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
NLNico
Legendary
*
hacker
Offline Offline

Activity: 1876
Merit: 1295


DiceSites.com owner


View Profile WWW
April 10, 2015, 03:27:19 AM
 #3973

Extracting the Private Key from a TREZOR... with a 70 $ Oscilloscope
http://johoe.mooo.com/trezor-power-analysis/
johoe, same guy who returned 250 coins to blockchain.info. Very impressive.

fonsie
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250



View Profile
April 10, 2015, 08:38:18 AM
 #3974

Extracting the Private Key from a TREZOR... with a 70 $ Oscilloscope
http://johoe.mooo.com/trezor-power-analysis/
johoe, same guy who returned 250 coins to blockchain.info. Very impressive.

Indeed, a very capable guy with his heart in the right place. Perhaps we can let him take a look at the voynich manuscript...

I decided to no longer use a signature, because people were trolling me about it.
JorgeStolfi
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1003



View Profile
April 10, 2015, 10:54:42 AM
 #3975

johoe, same guy who returned 250 coins to blockchain.info. Very impressive.
Indeed, a very capable guy with his heart in the right place. Perhaps we can let him take a look at the voynich manuscript...

Folks, again, sorry for the above off-topic and incomprehensible post, but this @fonsie guy has been stalking me for months. He seems to be obssessed with my person, I don't know why.  He parodies my signature and even used a photo of myself as avatar for a while.  I wonder if he knows that I am married already?

Academic interest in bitcoin only. Not owner, not trader, very skeptical of its longterm success.
fonsie
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250



View Profile
April 10, 2015, 10:56:30 AM
 #3976

johoe, same guy who returned 250 coins to blockchain.info. Very impressive.
Indeed, a very capable guy with his heart in the right place. Perhaps we can let him take a look at the voynich manuscript...

Folks, again, sorry for the above off-topic and incomprehensible post, but this @fonsie guy has been stalking me for months. He seems to be obssessed with my person, I don't know why.  He parodies my signature and even used a photo of myself as avatar for a while.  I wonder if he knows that I am married already?

Not sure why, but it seems the only one doing the stalking is you. If you don't like me posting, don't let the door hit you on the way out.

Can't you stand that credit is given where credit is due? What's wrong with giving credit for his remarkable achievement in detecting a weakness in Trezor and helping it resolve?

Why are you also constantly without shame trying to hurt SatoshiLabs their business? All of this for a so called Professor, you should know better.

I decided to no longer use a signature, because people were trolling me about it.
jmw74
Full Member
***
Offline Offline

Activity: 236
Merit: 100


View Profile
April 10, 2015, 12:40:28 PM
 #3977

For a PC in one's workplace, in a hotel convenience room, cash register desk, or internet cafe, the part that needs to be inside the PC is the resistor and two shielded probe cables leading to a digital oscilloscope hidden somewhere else.  Othwerwise one would need a small circuit that includes the A-D converter, some memory, and some means to transmit the data out at a suitable opportunity, e.g. by bluetooth. It may be hard to fit that inside a laptop, but perhaps the physical hacker can remove a speaker or some other component whose absence will not be noticed.

Recall that the whole point of a hardware wallet is to keep the keys safe even when using an untrusted machine to sign transactions or hand over a public key.  Requiring the host to have trusted hardware would be a significant restriction to its scope.
How about a quick&simple workaround for this somewhat advanced attack?

When a drug-dealer bitcoiner wants to use Trezor on a really untrusted computer then connect it through a small powered USB hub than one can carry together with the Trezor. Would that defeat this attack?


Wouldn't it be much more convenient and safe to just use an old Android device running Mycelium?

Edit: just remembered this requires USB OTG, which I think it not supported by old devices. Still, there are probably cheap android devices that do support it.
fonsie
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250



View Profile
April 10, 2015, 12:59:37 PM
 #3978

A new device works just as good.

I decided to no longer use a signature, because people were trolling me about it.
defcon23
Legendary
*
Offline Offline

Activity: 1120
Merit: 1002


View Profile
April 10, 2015, 03:17:40 PM
 #3979

Extracting the Private Key from a TREZOR... with a 70 $ Oscilloscope
http://johoe.mooo.com/trezor-power-analysis/
johoe, same guy who returned 250 coins to blockchain.info. Very impressive.
impressive is THE perfect word here...  Shocked
600watt
Legendary
*
Offline Offline

Activity: 2338
Merit: 2106



View Profile
April 11, 2015, 09:52:55 AM
 #3980

ok, i have updated my trezor.


when i plug it in, it asks for the pin. after i punch in the pin it shows the device name but that is it. it does not ask for the passphrase. what should i do ?  (tried several times to disconnect it and plugged it in again. always the same. it seems to try to load something, but it never gets there.)


Pages: « 1 ... 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 [199] 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 ... 265 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!