Bitcoin Forum
March 28, 2024, 08:58:23 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: 51 Btc locked up...  (Read 311 times)
ghostdaddy (OP)
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
December 17, 2017, 12:06:03 AM
 #1

On January 28 2015 I sent about 51 btc to my Trezor wallet. I Set up the Trezor wallet copied the seed made a couple of addresses and sent the 51 btc to one of the addresses which I still have a long with the recovery seed. The problem is that I set up a passphrase which I can't fully remember. Have been using btc recover which is a genius program thanks to Chris for making this available. First token list was about 34 words and available password guesses are at about 700,000,000,000 its on the 6th day of brute forcing doing about 6.30 kp/s.

Now I'm starting to doubt the seed I wrote down from Trezor is the correct one, the firmware is still on 1.4.2 and haven't updated so there might be some exploits available. Will I still be able to obtain the seed with the latest exploit around even though I can't remember the password? It can be that the brute force procedure is just wasting time and resources if the seed I'm giving it is not the correct one even if the token file has the correct words for the recovery process.

In other words... With this "hack" will I be able to obtain the recovery seed from the Trezor if I set up the passphrase on it with the latest exploit floating around? I just need to make sure I'm working with the correct seed so it can eliminate one of the variables. If so.... who can help? I know Saleem is the hardware hacker that discovered the Trezor vulnerability but how can we put it to use? Thanks in advance
Be very wary of relying on JavaScript for security on crypto sites. The site can change the JavaScript at any time unless you take unusual precautions, and browsers are not generally known for their airtight security.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711616303
Hero Member
*
Offline Offline

Posts: 1711616303

View Profile Personal Message (Offline)

Ignore
1711616303
Reply with quote  #2

1711616303
Report to moderator
1711616303
Hero Member
*
Offline Offline

Posts: 1711616303

View Profile Personal Message (Offline)

Ignore
1711616303
Reply with quote  #2

1711616303
Report to moderator
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 2856
Merit: 3071


https://bit.ly/387FXHi lightning theory


View Profile
December 17, 2017, 12:13:00 AM
 #2

What are you attempting to do? Brute force your trezor seed? Isn't the password a pin or have I got that wrong?

Do you have the encrypted string? What does it contain, is it words, does it start with a letter like 1, U, K, 5, L...
LoyceV
Legendary
*
Offline Offline

Activity: 3262
Merit: 16315


Thick-Skinned Gang Leader and Golden Feather 2021


View Profile WWW
December 17, 2017, 08:48:24 AM
 #3

Now I'm starting to doubt the seed I wrote down from Trezor is the correct one, the firmware is still on 1.4.2 and haven't updated so there might be some exploits available. Will I still be able to obtain the seed with the latest exploit around even though I can't remember the password?
~
I know Saleem is the hardware hacker that discovered the Trezor vulnerability but how can we put it to use? Thanks in advance
The full story on the guy who forgot the PIN of his Trezor is on wired.com. Thanks to Saleem he got it back! He had 7.4BTC in there. I read the full story a while ago. I'd say start your search from there, contact Saleem, and ask (and pay!) for his help. Be very careful, as you'll only get one shot at flashing a hacked firmware. Good luck, and please update your results here!

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
morbius55
Full Member
***
Offline Offline

Activity: 217
Merit: 109


View Profile
December 17, 2017, 11:37:47 AM
 #4

Has anyone tried using a hypnotist? It seems like a logical solution to the forgotten password situations.
ksgerb
Newbie
*
Offline Offline

Activity: 20
Merit: 0


View Profile
December 17, 2017, 04:35:13 PM
 #5

Now I'm starting to doubt the seed I wrote down from Trezor is the correct one, the firmware is still on 1.4.2 and haven't updated so there might be some exploits available. Will I still be able to obtain the seed with the latest exploit around even though I can't remember the password?
~
I know Saleem is the hardware hacker that discovered the Trezor vulnerability but how can we put it to use? Thanks in advance
The full story on the guy who forgot the PIN of his Trezor is on wired.com. Thanks to Saleem he got it back! He had 7.4BTC in there. I read the full story a while ago. I'd say start your search from there, contact Saleem, and ask (and pay!) for his help. Be very careful, as you'll only get one shot at flashing a hacked firmware. Good luck, and please update your results here!

So if there's already a way to brute trezor does it mean trezor is not safe anymore? Please correct me if I'm wrong because I'm really into confusion.
morbius55
Full Member
***
Offline Offline

Activity: 217
Merit: 109


View Profile
December 17, 2017, 05:16:01 PM
 #6

Now I'm starting to doubt the seed I wrote down from Trezor is the correct one, the firmware is still on 1.4.2 and haven't updated so there might be some exploits available. Will I still be able to obtain the seed with the latest exploit around even though I can't remember the password?
~
I know Saleem is the hardware hacker that discovered the Trezor vulnerability but how can we put it to use? Thanks in advance
The full story on the guy who forgot the PIN of his Trezor is on wired.com. Thanks to Saleem he got it back! He had 7.4BTC in there. I read the full story a while ago. I'd say start your search from there, contact Saleem, and ask (and pay!) for his help. Be very careful, as you'll only get one shot at flashing a hacked firmware. Good luck, and please update your results here!

So if there's already a way to brute trezor does it mean trezor is not safe anymore? Please correct me if I'm wrong because I'm really into confusion.
Only on the old firmware, before the back door was closed.
ksgerb
Newbie
*
Offline Offline

Activity: 20
Merit: 0


View Profile
December 17, 2017, 05:38:38 PM
 #7

Now I'm starting to doubt the seed I wrote down from Trezor is the correct one, the firmware is still on 1.4.2 and haven't updated so there might be some exploits available. Will I still be able to obtain the seed with the latest exploit around even though I can't remember the password?
~
I know Saleem is the hardware hacker that discovered the Trezor vulnerability but how can we put it to use? Thanks in advance
The full story on the guy who forgot the PIN of his Trezor is on wired.com. Thanks to Saleem he got it back! He had 7.4BTC in there. I read the full story a while ago. I'd say start your search from there, contact Saleem, and ask (and pay!) for his help. Be very careful, as you'll only get one shot at flashing a hacked firmware. Good luck, and please update your results here!

So if there's already a way to brute trezor does it mean trezor is not safe anymore? Please correct me if I'm wrong because I'm really into confusion.
Only on the old firmware, before the back door was closed.

Oh thanks for the response. It really helps.
ccie38216
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
December 18, 2017, 12:19:50 AM
 #8

Since you did not upgrade than you can actually use the vulnerability published recently regarding copying the private key, passphrase, pin and seed phrase from SRAM using the chip JTAG.

Keep in mind though if you screw this attempt up and loose your private keys you're currently out of $900,000 dollars... lol
techniumunlimited
Member
**
Offline Offline

Activity: 214
Merit: 12


View Profile
December 18, 2017, 06:52:03 AM
 #9

Whatever you do, don't update your hardware wallet! Next couple years a exploit will be found and you will be able to break in before its fixed on old version.
HCP
Legendary
*
Offline Offline

Activity: 2086
Merit: 4315

<insert witty quote here>


View Profile
December 18, 2017, 11:30:05 PM
 #10

Now I'm starting to doubt the seed I wrote down from Trezor is the correct one, the firmware is still on 1.4.2 and haven't updated so there might be some exploits available. Will I still be able to obtain the seed with the latest exploit around even though I can't remember the password? It can be that the brute force procedure is just wasting time and resources if the seed I'm giving it is not the correct one even if the token file has the correct words for the recovery process.

In other words... With this "hack" will I be able to obtain the recovery seed from the Trezor if I set up the passphrase on it with the latest exploit floating around? I just need to make sure I'm working with the correct seed so it can eliminate one of the variables. If so.... who can help? I know Saleem is the hardware hacker that discovered the Trezor vulnerability but how can we put it to use? Thanks in advance
Theoretically yes, you would still be able to hack the seed out... but it won't show you the passphrase. You would still need to bruteforce the passphrase, but at least you'd know that the seed you're working on is the correct one.

A bit of google searching should find you plenty of info on the hack and how to do it... like this: https://medium.com/@Zero404Cool/trezor-security-glitches-reveal-your-private-keys-761eeab03ff8

However... If you want some peace of mind... I will say that if you type the seed into something like the BIP39 mnemonic code converter (https://iancoleman.io/bip39/ - create an offline copy etc) and it doesn't flag it as invalid, the chances that you wrote it down wrong are actually pretty minimal... the odds of changing one word to another valid one is actually relatively small... as not ALL combinations of 24 words are actually valid seeds.

Also, the most common mistake is either missing a word (which you haven't done) or writing a similar word (ie. then/them etc)... however, the chances of a similar word actually still generating a valid seed is also very small... so if the BIP39 tool detects it as a valid seed, I'd say you have a very good chance of already having the correct seed.

..JAMBLER.io..Create Your Bitcoin Mixing
Business Now for   F R E E 
▄█████████████████████████████
█████████████████████████
████▀████████████████████
███▀█████▄█▀███▀▀▀██████
██▀█████▄█▄██████████████
██▄▄████▀▄▄▄▀▀▀▀▀▄▄██████
█████▄▄▄██████████▀▄████
█████▀▄█▄██████▀█▄█████
███████▀▄█▀█▄██▀█▄███████
█████████▄█▀▄█▀▄█████████
█████████████████████████
█████████████████████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
      OUR      
PARTNERS

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
▄█████████████████████████████
████████▀▀█████▀▀████████
█████▀█████████████▀█████
████████████████████████
███████████████▄█████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████▀█████████
████████████████████████
█████▄█████████████▄█████
████████▄▄█████▄▄████████
▀█████████████████████████████
█████████████████████████████████████████████████
.
   INVEST   
BITCOIN

.
█████████████████████████████████████████████████
████▄
██
██
██
██
██
██
██
██
██
██
██
████▀
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!