Bitcoin Forum
September 21, 2018, 03:08:22 PM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: 51 Btc locked up...  (Read 212 times)
ghostdaddy
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
December 17, 2017, 12:06:03 AM
 #1

On January 28 2015 I sent about 51 btc to my Trezor wallet. I Set up the Trezor wallet copied the seed made a couple of addresses and sent the 51 btc to one of the addresses which I still have a long with the recovery seed. The problem is that I set up a passphrase which I can't fully remember. Have been using btc recover which is a genius program thanks to Chris for making this available. First token list was about 34 words and available password guesses are at about 700,000,000,000 its on the 6th day of brute forcing doing about 6.30 kp/s.

Now I'm starting to doubt the seed I wrote down from Trezor is the correct one, the firmware is still on 1.4.2 and haven't updated so there might be some exploits available. Will I still be able to obtain the seed with the latest exploit around even though I can't remember the password? It can be that the brute force procedure is just wasting time and resources if the seed I'm giving it is not the correct one even if the token file has the correct words for the recovery process.

In other words... With this "hack" will I be able to obtain the recovery seed from the Trezor if I set up the passphrase on it with the latest exploit floating around? I just need to make sure I'm working with the correct seed so it can eliminate one of the variables. If so.... who can help? I know Saleem is the hardware hacker that discovered the Trezor vulnerability but how can we put it to use? Thanks in advance
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 1134
Merit: 1102


View Profile
December 17, 2017, 12:13:00 AM
 #2

What are you attempting to do? Brute force your trezor seed? Isn't the password a pin or have I got that wrong?

Do you have the encrypted string? What does it contain, is it words, does it start with a letter like 1, U, K, 5, L...

LoyceV
Legendary
*
Offline Offline

Activity: 1246
Merit: 1971


Let's make Bitcointalk great again!


View Profile WWW
December 17, 2017, 08:48:24 AM
 #3

Now I'm starting to doubt the seed I wrote down from Trezor is the correct one, the firmware is still on 1.4.2 and haven't updated so there might be some exploits available. Will I still be able to obtain the seed with the latest exploit around even though I can't remember the password?
~
I know Saleem is the hardware hacker that discovered the Trezor vulnerability but how can we put it to use? Thanks in advance
The full story on the guy who forgot the PIN of his Trezor is on wired.com. Thanks to Saleem he got it back! He had 7.4BTC in there. I read the full story a while ago. I'd say start your search from there, contact Saleem, and ask (and pay!) for his help. Be very careful, as you'll only get one shot at flashing a hacked firmware. Good luck, and please update your results here!

morbius55
Full Member
***
Offline Offline

Activity: 128
Merit: 100


View Profile
December 17, 2017, 11:37:47 AM
 #4

Has anyone tried using a hypnotist? It seems like a logical solution to the forgotten password situations.
ksgerb
Newbie
*
Offline Offline

Activity: 20
Merit: 0


View Profile
December 17, 2017, 04:35:13 PM
 #5

Now I'm starting to doubt the seed I wrote down from Trezor is the correct one, the firmware is still on 1.4.2 and haven't updated so there might be some exploits available. Will I still be able to obtain the seed with the latest exploit around even though I can't remember the password?
~
I know Saleem is the hardware hacker that discovered the Trezor vulnerability but how can we put it to use? Thanks in advance
The full story on the guy who forgot the PIN of his Trezor is on wired.com. Thanks to Saleem he got it back! He had 7.4BTC in there. I read the full story a while ago. I'd say start your search from there, contact Saleem, and ask (and pay!) for his help. Be very careful, as you'll only get one shot at flashing a hacked firmware. Good luck, and please update your results here!

So if there's already a way to brute trezor does it mean trezor is not safe anymore? Please correct me if I'm wrong because I'm really into confusion.
morbius55
Full Member
***
Offline Offline

Activity: 128
Merit: 100


View Profile
December 17, 2017, 05:16:01 PM
 #6

Now I'm starting to doubt the seed I wrote down from Trezor is the correct one, the firmware is still on 1.4.2 and haven't updated so there might be some exploits available. Will I still be able to obtain the seed with the latest exploit around even though I can't remember the password?
~
I know Saleem is the hardware hacker that discovered the Trezor vulnerability but how can we put it to use? Thanks in advance
The full story on the guy who forgot the PIN of his Trezor is on wired.com. Thanks to Saleem he got it back! He had 7.4BTC in there. I read the full story a while ago. I'd say start your search from there, contact Saleem, and ask (and pay!) for his help. Be very careful, as you'll only get one shot at flashing a hacked firmware. Good luck, and please update your results here!

So if there's already a way to brute trezor does it mean trezor is not safe anymore? Please correct me if I'm wrong because I'm really into confusion.
Only on the old firmware, before the back door was closed.
ksgerb
Newbie
*
Offline Offline

Activity: 20
Merit: 0


View Profile
December 17, 2017, 05:38:38 PM
 #7

Now I'm starting to doubt the seed I wrote down from Trezor is the correct one, the firmware is still on 1.4.2 and haven't updated so there might be some exploits available. Will I still be able to obtain the seed with the latest exploit around even though I can't remember the password?
~
I know Saleem is the hardware hacker that discovered the Trezor vulnerability but how can we put it to use? Thanks in advance
The full story on the guy who forgot the PIN of his Trezor is on wired.com. Thanks to Saleem he got it back! He had 7.4BTC in there. I read the full story a while ago. I'd say start your search from there, contact Saleem, and ask (and pay!) for his help. Be very careful, as you'll only get one shot at flashing a hacked firmware. Good luck, and please update your results here!

So if there's already a way to brute trezor does it mean trezor is not safe anymore? Please correct me if I'm wrong because I'm really into confusion.
Only on the old firmware, before the back door was closed.

Oh thanks for the response. It really helps.
ccie38216
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
December 18, 2017, 12:19:50 AM
 #8

Since you did not upgrade than you can actually use the vulnerability published recently regarding copying the private key, passphrase, pin and seed phrase from SRAM using the chip JTAG.

Keep in mind though if you screw this attempt up and loose your private keys you're currently out of $900,000 dollars... lol
techniumunlimited
Member
**
Offline Offline

Activity: 182
Merit: 12


View Profile
December 18, 2017, 06:52:03 AM
 #9

Whatever you do, don't update your hardware wallet! Next couple years a exploit will be found and you will be able to break in before its fixed on old version.
HCP
Hero Member
*****
Offline Offline

Activity: 728
Merit: 923

<insert witty quote here>


View Profile
December 18, 2017, 11:30:05 PM
 #10

Now I'm starting to doubt the seed I wrote down from Trezor is the correct one, the firmware is still on 1.4.2 and haven't updated so there might be some exploits available. Will I still be able to obtain the seed with the latest exploit around even though I can't remember the password? It can be that the brute force procedure is just wasting time and resources if the seed I'm giving it is not the correct one even if the token file has the correct words for the recovery process.

In other words... With this "hack" will I be able to obtain the recovery seed from the Trezor if I set up the passphrase on it with the latest exploit floating around? I just need to make sure I'm working with the correct seed so it can eliminate one of the variables. If so.... who can help? I know Saleem is the hardware hacker that discovered the Trezor vulnerability but how can we put it to use? Thanks in advance
Theoretically yes, you would still be able to hack the seed out... but it won't show you the passphrase. You would still need to bruteforce the passphrase, but at least you'd know that the seed you're working on is the correct one.

A bit of google searching should find you plenty of info on the hack and how to do it... like this: https://medium.com/@Zero404Cool/trezor-security-glitches-reveal-your-private-keys-761eeab03ff8

However... If you want some peace of mind... I will say that if you type the seed into something like the BIP39 mnemonic code converter (https://iancoleman.io/bip39/ - create an offline copy etc) and it doesn't flag it as invalid, the chances that you wrote it down wrong are actually pretty minimal... the odds of changing one word to another valid one is actually relatively small... as not ALL combinations of 24 words are actually valid seeds.

Also, the most common mistake is either missing a word (which you haven't done) or writing a similar word (ie. then/them etc)... however, the chances of a similar word actually still generating a valid seed is also very small... so if the BIP39 tool detects it as a valid seed, I'd say you have a very good chance of already having the correct seed.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!