yogg (OP)
Legendary
Offline
Activity: 2464
Merit: 3158
|
|
June 10, 2019, 04:23:31 PM |
|
Received the test card today! ~snip~
Thanks a lot for your review Krogoth ! Yes, the point is to make it very difficult to tamper with the holo and access the private key without damaging the card. If you have any suggestions as to what I should do in another way, I'm all ears.
|
|
|
|
krogothmanhattan
Cypher Hodl LLC
Legendary
Offline
Activity: 2744
Merit: 3641
The Stone the masons rejected was the cornerstone.
|
|
June 11, 2019, 01:25:49 PM |
|
Received the test card today! ~snip~
Thanks a lot for your review Krogoth ! Yes, the point is to make it very difficult to tamper with the holo and access the private key without damaging the card. If you have any suggestions as to what I should do in another way, I'm all ears. No suggestions...the card and security authentication are as good as it can get.
|
BETFURY ..... | ██████▄██▄███████████▄█▄ █████▄██████▄████▄▄▄█████ ██████████████████████████ ████▐█████████████████████ ███████████▀▀█▄▄▄▄█████████ ██▄███████▄▀███▀█▀▀█▄▄█▄█▄██ █▀██████████▄█████▄▄█████▀███ ██████████▄████▀██▄▀▀█▀█████▄ ███████████████▐█▄█▀▄███▀█▀██▄ ███████▄▄▄███▌▌██▄▀█▀█████████▄ ▀▀▀███████████▌██▀▀▀▀▀█▄▄▄████▀ ███████▀▀██████▄▄██▄▄▄█▄███▀▀ ████████████▀▀▀██████████▀
| ..... Leading iGaming Platform ..... |
UP TO 60% A P R B T C S T A K I N G | |
8,000+ GAMES |
HIGH ODDS SPORTSBOOK | | █▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄ | | ▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄█ |
[/
|
|
|
nofreecoins
Jr. Member
Offline
Activity: 111
Merit: 1
|
|
June 11, 2019, 03:57:34 PM |
|
I really like these things, I think we could use them as wallets too, and remembered me a lot of the https://bitcointalk.org/index.php?topic=5111005 bitcointalk collectible, could be waaay cheaper to implement than any metal wallet.
|
|
|
|
krogothmanhattan
Cypher Hodl LLC
Legendary
Offline
Activity: 2744
Merit: 3641
The Stone the masons rejected was the cornerstone.
|
|
June 11, 2019, 04:43:49 PM |
|
Yes they would be nice for a bitcointalk collectable. And they can be loaded as well with any amount of BTC a person chooses to load them with.
|
BETFURY ..... | ██████▄██▄███████████▄█▄ █████▄██████▄████▄▄▄█████ ██████████████████████████ ████▐█████████████████████ ███████████▀▀█▄▄▄▄█████████ ██▄███████▄▀███▀█▀▀█▄▄█▄█▄██ █▀██████████▄█████▄▄█████▀███ ██████████▄████▀██▄▀▀█▀█████▄ ███████████████▐█▄█▀▄███▀█▀██▄ ███████▄▄▄███▌▌██▄▀█▀█████████▄ ▀▀▀███████████▌██▀▀▀▀▀█▄▄▄████▀ ███████▀▀██████▄▄██▄▄▄█▄███▀▀ ████████████▀▀▀██████████▀
| ..... Leading iGaming Platform ..... |
UP TO 60% A P R B T C S T A K I N G | |
8,000+ GAMES |
HIGH ODDS SPORTSBOOK | | █▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄ | | ▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄█ |
[/
|
|
|
LFC_Bitcoin
Legendary
Offline
Activity: 3752
Merit: 10669
#1 VIP Crypto Casino
|
|
June 12, 2019, 09:18:23 PM |
|
I don’t like to give out my address on this forum for obvious reasons but these are fucking awesome yogg.
Kudos.
|
|
|
|
yogg (OP)
Legendary
Offline
Activity: 2464
Merit: 3158
|
|
June 12, 2019, 09:50:55 PM Last edit: June 12, 2019, 10:15:02 PM by yogg |
|
Just got my card.. very nice. Will test it shortly. And yes.. I noticed this layer on the front side as well. I am assuming it covers the QR code to help protect from wear/damage. Thanks yogg I'm glad you got it, minerjones ! Can't wait to see results of your tests ! Yes, the durability of a physical bitcoin is a very important matter to me. Nothing better than plain old QR codes compatible with most open-source wallets.
I don’t like to give out my address on this forum for obvious reasons but these are fucking awesome yogg.
Kudos.
Thank you very much for your kind words, LFC_Bitcoin. Happy you like our Coldkeys ! We will be launching our website soon, and will be looking to offer a store where you can purchase these with BTC or credit card. This way, there wouldn't be a connection between your forum profile and the order. We are a company and all details will be available soon on the website. (This week)
Sorry I am on mobile and can't find the original thread yet. When are these shipping, I think I bought a couple a few months ago? Thanks yogg! Hey owlcatz ! Thanks for your message Yes, absolutely ! Thanks so much for purchasing some of our pre-orders ! You have no idea how these have helped us to go further I was about to update the Genesis Edition sales thread with pictures of finished cards this weekend at latest. Shipping will start next week, as planned. I will most likely contact you when your order is about to ship.
|
|
|
|
Sat0shisGhost
|
|
June 13, 2019, 02:31:54 AM Last edit: June 13, 2019, 05:50:29 AM by Sat0shisGhost |
|
I find the prospect of mass-adopted physical wallets very exciting for a number of reasons and was fortunate to get 2 Coldkeys from Yogg for testing. Here's a description and results of my first test. The photos below are low-res to save bandwidth. Here's a high-res album: https://imgur.com/a/a0qqmO6Inspired by the S1 Casascius solvent hack, I decided to give a variation of that method a shot. For this test, I decided to test 2 different solvents. Chloroform (pictured) and another non-polar solvent. Unfortunately I was out of glass syringes so I used plastic. And the smallest needle I could find. I attempted to pierce the non-adhesive part of the hologram and inject in some chloroform, however the needle was blocked by a layer of paper/cardboard between the hologram and the private key. It also left a pretty obvious track mark (See photo below). The next thing I tried was trying to slice the edge of the hologram with a scalpel, and trying to inject some chloroform between the plastic card and the hologram. This worked to some extent, but soon, the word 'void' was clearly visible. I won't get into the details of the hologram now, but there's two layers. If the two layers are no longer adhered to one another, the word 'VOID' becomes visible. (see photo below). Next, I decided to attack the hologram from the LEFT side using my other solvent and pretty much the same technique as above. The second solvent was a lot better at dissolving the adhesive and I was able to peel back most of the hologram without the 'VOID' becoming visible. However, it's still visible at the edges from the original incision/prying open the adhesive to inject solvent in. I then sliced the top and bottom off with the scalpel. Yogg promised me a "surprise" and he delivered. The private key is printed on a polymer that is different from the card plastic and almost the entire key melted (probably too fuzzy to be recoverable), as a result of the chloroform. However, as you can see in the photo below, the LEFT side, where I used my other solvent, is not melted. So I'm pretty confident that I've found a solvent that can remove the adhesive without dissolving the private key, but will test this more in the coming days. As you can see below, the hologram is pretty mangled, however, I think if I practice my technique and stick with the second solvent, I might be able to do a much better job. I'm going to spend 4 or 5 days thinking about how to attack my second Coldkey and will a few more ideas on this one. I'm also going to try a few tricks to reattach the hologram without leaving too many traces (as it's pretty obvious this one has been tampered with) and will see if I can find a way to get rid of the 'VOID' text. I have access to a lot of equipment and chemicals and am definitely open to suggestions if anyone has some. I'll also be testing some optical attack vectors and will see if I can alter the public key although it looks tough. Below is a photo of the tampered coldkey (left) and the untampered one (right). I think after about 1 second of inspection, it's pretty obvious this Coldkey has been tampered with. Make sure to zoom in on the high res photos: https://imgur.com/a/a0qqmO6
|
|
|
|
yogg (OP)
Legendary
Offline
Activity: 2464
Merit: 3158
|
|
June 13, 2019, 08:30:21 AM Last edit: June 13, 2019, 10:05:08 AM by yogg |
|
I find the prospect of mass-adopted physical wallets very exciting for a number of reasons and was fortunate to get 2 Coldkeys from Yogg for testing. Here's a description and results of my first test.
Thank you very very much for this extensive range of tests, Sat0shisGhost !! I am very happy our Coldkeys pass those security tests. Yes, the point would be to find the way to provide the most secure ways and media for bearing crypto funds. That'd be awesome to see Coldkeys being mass-adopted as physical crypto. Yogg promised me a "surprise" and he delivered. The private key is printed on a polymer that is different from the card plastic and almost the entire key melted (probably too fuzzy to be recoverable)
Hah, so your first solvent actually took away the layer on which the private key is printed, right ? Then it'll only be the blank card. That layer is very thin and fragile. It will ruin the QR code but if some malicious person tries to tamper with it, then that's only better. So I'm pretty confident that I've found a solvent that can remove the adhesive without dissolving the private key, but will test this more in the coming days.
That "other solvant" that you used from the left looks more appropriate for this use to me, but there still is the whole work of replacing the hologram correctly, untouched ( ) and being able to put a new plastic layer on top of that. I am already starting to think of a solution to make the tampering with the holo much much difficult than it actually is, and quasi-impossible to re-use. I have access to a lot of equipment and chemicals and am definitely open to suggestions if anyone has some. I'll also be testing some optical attack vectors and will see if I can alter the public key although it looks tough.
Thanks so much for bringing our Coldkeys to your lab and for all the hard work you've done
|
|
|
|
yogg (OP)
Legendary
Offline
Activity: 2464
Merit: 3158
|
|
June 14, 2019, 04:21:42 PM |
|
To be honest, congratulations for your achievements with the above pic. This got me thinking to find a solution that would not allow to re-use the hologram, if we imagine the case where the VOID pattern doesn't appear. So far, this is what I found as a solution : This way, the holo cannot be re-used if we emboss something on it. It doesn't have to be a word. Maybe simple "BTC" or the ticker of the coin. I don't know yet. It can be solely some character. By the way, test generic hologs were 20x20mm, but the definitive ones will be 22x22, so more space to crush something on them.
|
|
|
|
Sat0shisGhost
|
|
June 14, 2019, 05:44:28 PM |
|
That seems like a good change and a much simpler fix than anything I could come up with. If the imprinting on the hologram is unique, that'd help a lot too because it would prevent people from reusing a hologram they harvested from one card (say an unloaded one) on a different card. The part where I damaged the hologram the most was when trying to get the needle between the card and the bottom layer of the hologram so as pictured, I'm not sure this would be more difficult. I would use the letter as a channel to help guide my syringe under the hologram. (Let me know if that doesn't make sense, it's kind of hard to explain). My intuition says it might be easier to get it in where the hologram has been imprinted. Arrow denoting where I'd try to inject. That being said, if you have bigger holograms and the imprinting doesn't overlap with the edge of the hologram, it'd definitely be harder. I'm meeting with a polymer engineer this afternoon to see if we can relaminate the back of the card to mask that the hologram. I'll let you know! Also heading to the laser lab now and will test out a REALLY bright "light" (although I'm not optimistic about optical methods).
|
|
|
|
yogg (OP)
Legendary
Offline
Activity: 2464
Merit: 3158
|
|
June 21, 2019, 02:59:18 PM |
|
That seems like a good change and a much simpler fix than anything I could come up with. If the imprinting on the hologram is unique, that'd help a lot too because it would prevent people from reusing a hologram they harvested from one card (say an unloaded one) on a different card. The part where I damaged the hologram the most was when trying to get the needle between the card and the bottom layer of the hologram so as pictured, I'm not sure this would be more difficult. I would use the letter as a channel to help guide my syringe under the hologram. (Let me know if that doesn't make sense, it's kind of hard to explain). My intuition says it might be easier to get it in where the hologram has been imprinted. Arrow denoting where I'd try to inject. That being said, if you have bigger holograms and the imprinting doesn't overlap with the edge of the hologram, it'd definitely be harder. I'm meeting with a polymer engineer this afternoon to see if we can relaminate the back of the card to mask that the hologram. I'll let you know! Also heading to the laser lab now and will test out a REALLY bright "light" (although I'm not optimistic about optical methods). Thanks so much for your review Sa0shisGhost. Yes, I will try to munch a little on the holos in the future, but this has to be thought of during the card designing stage. I am curious to know how easily can the back of the card be laminated again. The embossing should make this difficult to reproduce. /!\ Don't do this at home I have been experimenting a little further with Coldkeys, particularly with the private key QR code. First, I started by carving the privkey QR code with a pair of scissors and made some strip. Then, why not, I completely cut off the QR code in two. And the results are surprising ! This card that's been so badly damaged is still functioning !
|
|
|
|
guigui371
Legendary
Offline
Activity: 2114
Merit: 1693
C.D.P.E.M
|
|
February 06, 2020, 08:13:35 PM |
|
Bump, @Yogg I have confirmed with my father that if you provide one card with a hologram I can have it put through a medical/research scanner and through an IRM to try to see through the holo.
Obviously the card shouldn't be loaded, it doesn't have to have the printing on it.
You could just provide a white/unprinted one. You could write on it, no resale / experimental / you could even cut a corner. The hologram should be the one you use on your card. The QR code (it doesn't even have to be of a BTC address) should be printed the same way you do for your real cards.
The card can be returned to you after the experiments or destroyed (as you wish). We will do the scanner first, and the IRM next. Because the holo is a foil, there is a great chance that it will be damaged by the magnetism. Also, it is possible that the IRM test might be interrupted halfway if it looks like it could damage the multi-million machine.
I can organised photos to be taken, but don't expect macro shots or HD photos. They would be taken from the smartphone of my dad. And he doesnt have the lastest camera, nor the best skills (but I love him, it's my dad !).
Let me know if you are keen (I've PMed you).
|
it ain't much but it's honest work
|
|
|
yogg (OP)
Legendary
Offline
Activity: 2464
Merit: 3158
|
|
February 10, 2020, 10:01:36 PM |
|
This morning I had an apointment with a company that does quality control on PCBs. They really have some high-end hardware, it was a very interesting tour. Anyway, the engineer who was doing the tests on Coldkeys said he can't think of a method that can reveal the private key without damaging the card. There is nothing to be seen, that's all. I brought in two Loaded Coldkeys. One that is done, loaded, and funded. It's serial "BTC-19.5M.14". The other one was a test Coldkey with the privkey exposed, to compare tests. The best they could come up with is this : We can see the shape of the square paper that is underneath the hologram. I made a short video when they were fiddling with settings to check what can be extracted from the Coldkey with x-rays. Video : https://streamable.com/z532hThere's nothing to see here. They will try with a few other methods, one called "laminography" which is "3d xray" or something like that. As the Xrays are sensible to the change ("contrast") in matter's atomic density, they told me that overall, they don't expect to see much from these tests.
Bump, @Yogg I have confirmed with my father that if you provide one card with a hologram I can have it put through a medical/research scanner and through an IRM to try to see through the holo.
Obviously the card shouldn't be loaded, it doesn't have to have the printing on it.
[...]
Also, it is possible that the IRM test might be interrupted halfway if it looks like it could damage the multi-million machine.
Hello guigui371, Thanks a lot for your proposal. It is very interesting ! I'd love to see how a Coldkey looks under an MRI scan device. Alright, I can do it and mark it in a way it's good only for such use. I'll reach out to you to arrange it all and talk about it in more details. Just bear in mind, that Coldkey, the operating company and myself cannot be held liable for any kind of damage that would happen with the MRI scan device. Thank you.
Any idea on how to crack these Coldkeys ?
|
|
|
|
krogothmanhattan
Cypher Hodl LLC
Legendary
Offline
Activity: 2744
Merit: 3641
The Stone the masons rejected was the cornerstone.
|
|
February 10, 2020, 10:44:40 PM |
|
Cool test Yogg! That is great to hear how secure these really are!
|
BETFURY ..... | ██████▄██▄███████████▄█▄ █████▄██████▄████▄▄▄█████ ██████████████████████████ ████▐█████████████████████ ███████████▀▀█▄▄▄▄█████████ ██▄███████▄▀███▀█▀▀█▄▄█▄█▄██ █▀██████████▄█████▄▄█████▀███ ██████████▄████▀██▄▀▀█▀█████▄ ███████████████▐█▄█▀▄███▀█▀██▄ ███████▄▄▄███▌▌██▄▀█▀█████████▄ ▀▀▀███████████▌██▀▀▀▀▀█▄▄▄████▀ ███████▀▀██████▄▄██▄▄▄█▄███▀▀ ████████████▀▀▀██████████▀
| ..... Leading iGaming Platform ..... |
UP TO 60% A P R B T C S T A K I N G | |
8,000+ GAMES |
HIGH ODDS SPORTSBOOK | | █▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄ | | ▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄█ |
[/
|
|
|
yogg (OP)
Legendary
Offline
Activity: 2464
Merit: 3158
|
|
February 26, 2020, 05:54:31 PM |
|
We have pushed the engineering tests a little bit further, this time testing a non-invasive method called "laminography". Laminography, basically, generates a 3D sample of the inside of an item, putting in evidence cavities and/or irregularities. Here is the best image of the laminography of a Coldkey : There are other pictures (different "depths"), but this is the sharpest one. Here is a video of the shot, and going through the hologram, to see what's further underneath it : https://streamable.com/dynhcNo QR code appears.
As the non-invasive methods that would allow to reveal the private key QR code are defeated one after the other; we are headed towards delivering very elegant and secure solutions for everybody to hold onto their cryptos.
|
|
|
|
TheBeardedBaby
Legendary
Offline
Activity: 2254
Merit: 3150
₿uy / $ell ..oeleo ;(
|
|
February 27, 2020, 11:45:24 AM Last edit: February 27, 2020, 12:52:39 PM by iasenko |
|
Great work. What time are you planning to release those? After all those tests looks like a solid and secure cold storage:) BTW the website in your profile http://coldkey.eu/ is throwing 520 error so.. It's working now. I've tried on 2 different browsers no matter www or not was the same. It was cloudflare error.
|
|
|
|
|