Coin-Keeper (OP)
|
Trying to keep myself and other users safe while using Suite. I am using Suite app image on my Desktop - Debian Bullseye. As is typical the app image file itself doesn't change size while being used. sha256 example below:
user@debian:~$ cd Desktop && sha256sum Trezor-Suite-21.8.1 6d63979643af0469abffa51fec799080fdf2386f53ddc17cd3d0d857e0e42787 Trezor-Suite-21.8.1
Just to verify I repeated the sha256sum a few times after using Suite with my Trezor(s). Of course no changes.
That brings the next question. WHERE does Suite store any activity on my filesystem in the VM it is running on? As a reference the Electrum app image stores its activity in the .electrum folder. You can observe wallets, etc... in that folder. You can also delete that folder upon exit and then Bleachbit the VM so there is no trace of Electrum's use if desired.
So we can all attempt to keep each other safe and just generally to know what is happening under the hood, where are Suite's activities stored on my system? Perhaps nothing is stored but I wanted to run this by other members here that might be in the know.
Observations and thoughts?
|
|
|
|
|
|
Once a transaction has 6 confirmations, it is extremely unlikely that an attacker without at least 50% of the network's computation power would be able to reverse it.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
DireWolfM14
Copper Member
Legendary
Offline
Activity: 2170
Merit: 4238
Join the world-leading crypto sportsbook NOW!
|
I'm not sure that you can compare Trezor Suite with Electrum in an apples to apples type of way. Electrum requires that you save wallet files locally, which is why it creates a hidden user directory. Suite just reads the derivation paths from the hardware wallet to populate the information. I would assume that any runtime environment files it needs will temporarily populate in the /run directory.
Admittedly, I've only used Suite with Windows, and used the installer. I've never ran it in Ubuntu (my preferred Linux distro,) so I have no experience with the appimage.
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
It is not surprising that the AppImage itself isn't modified. Did you check the folder /home/<user>/.config/@trezor/suite-desktop/and /home/<user>/.config/@trezor/suite-desktop/ as mentioned in the notes from trezor regarding the trezor suite? If no files are stored there, you might also just run your software and then check in your home folder for recent file system changes with the following command: find /home/<user>/ -mmin 1 This command will find files inside the home folder which change within the last minute.
|
|
|
|
ABCbits
Legendary
Offline
Activity: 2870
Merit: 7471
Crypto Swap Exchange
|
Aside from @bob123 suggestion, you could use lsof command to see directory/file accessed by Trezor-suite. But it's not recommended since the output from lsof is big. lsof -p PID_OF_TREZOR_SUITE | grep 'REG|DIR'
|
|
|
|
Coin-Keeper (OP)
|
|
August 12, 2021, 11:06:31 PM Last edit: August 16, 2021, 06:43:00 PM by Coin-Keeper Merited by HCP (20), Pmalek (3), ABCbits (1) |
|
EDIT **** This post had a script edit to insert $USER in place of joe. Nice suggestion providing better flexibility for all users instead of one specific one. ****
You guys really helped me get a handle on this. I ran through this and created some helpful executable shell scripts to completely wipe both Trezor-Suite and Electrum app image created files with one click of a button. I know lots of people retain their crypto history on their systems and I understand why. I am not one of those. When I am finished working with T Suite I want the activity removed from my system beyond a simple delete. Same with Electrum. Of course I have my Electrum wallets backed up elsewhere and can import them in seconds when needed in the future.
I hope some may find these scripts I am pasting below to be of assistance if you like simplicity. --------------------------------------------------
#! /bin/sh cd /home/$USER/.config/@trezor && srm -llvz -r * && cd /home/$USER/.config && rm -r @trezor read -p "*** WIPED ---- @Trezor ---- WIPED ***" nothing
# $USER is added so this script will run for any user in a terminal #installed secure-delete (very small program) (sudo apt-get install secure-delete) # srm -- means secure remove # -r recursive to allow all folder/directory contents # z for Zero's during overwrite # v for verbose to display the progress as it runs (These files are very small and the task will complete in just a few seconds) # * wildcard to include all contents in directory # secure delete uses 38 passes by default -- UNLESS you use -l for only two passes (urandom followed by zero's), or -ll for only #one pass which is Zero's once over the original folder content. I elected for one pass of zero's --- -ll # paste this entire script into a new document on Linux Desktop and then right click and make it executable after naming it #whatever you want. ------------------------------------------
#! /bin/sh cd /home/$USER/.electrum && srm -llvz -r * && cd /home/$USER && rm -r .electrum read -p "*** WIPED ---- .electrum ---- WIPED ***" nothing
# $USER is added so this script will run for any user in a terminal #installed secure-delete (very small program) (sudo apt-get install secure-delete) # srm -- means secure remove # -r recursive to allow all folder/directory contents # z for Zero's during overwrite # v for verbose to display the progress as it runs (These files are very small and the task will complete in just a few seconds) # * wildcard to include all contents in directory # secure delete uses 38 passes by default -- UNLESS you use -l for only two passes (urandom followed by zero's), or -ll for only #one pass which is Zero's once over the original folder content. I elected for one pass of zero's --- -ll # paste this entire script into a new document on Linux Desktop and then right click and make it executable after naming it #whatever you want.
--------------------------------------
It will only take a few minutes to set these up and then you zero WIPE your actions in seconds. Enjoy!
|
|
|
|
ABCbits
Legendary
Offline
Activity: 2870
Merit: 7471
Crypto Swap Exchange
|
|
August 13, 2021, 09:30:58 AM |
|
#! /bin/sh cd /home/joe/.config/@trezor && srm -llvz -r * && cd /home/joe/.config && rm -r @trezor read -p "*** WIPED ---- @Trezor ---- WIPED ***" nothing
# In this example-only the user is assumed to be joe
You can replace joe with $USER for flexibility. cd /home/$USER/.config/@trezor && srm -llvz -r * && cd /home/$USER/.config && rm -r @trezor
|
|
|
|
Coin-Keeper (OP)
|
|
August 13, 2021, 06:45:24 PM |
|
#! /bin/sh cd /home/joe/.config/@trezor && srm -llvz -r * && cd /home/joe/.config && rm -r @trezor read -p "*** WIPED ---- @Trezor ---- WIPED ***" nothing
# In this example-only the user is assumed to be joe
You can replace joe with $USER for flexibility. cd /home/$USER/.config/@trezor && srm -llvz -r * && cd /home/$USER/.config && rm -r @trezor
Good point. That is what I do, but I thought it might confuse folks looking for where to enter their user name. By the way the T Suite script using secure-delete does a good job of finding most of the connected files. I am not looking for forensic perfection just a mostly thorough bye bye to the obvious files. My VM's are all on encrypted drives hiding inside LUKS containers when closed!
|
|
|
|
Coin-Keeper (OP)
|
|
August 16, 2021, 06:39:52 PM Last edit: August 19, 2021, 05:40:26 PM by Coin-Keeper |
|
#! /bin/sh cd /home/joe/.config/@trezor && srm -llvz -r * && cd /home/joe/.config && rm -r @trezor read -p "*** WIPED ---- @Trezor ---- WIPED ***" nothing
# In this example-only the user is assumed to be joe
You can replace joe with $USER for flexibility. cd /home/$USER/.config/@trezor && srm -llvz -r * && cd /home/$USER/.config && rm -r @trezor
After further consideration I EDITED post #5 on this thread to add $USER in my scripts for overall better flexibility. I should not have assumed $USER would confuse linux users in the first place. These small but effective scripts work amazingly well.
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4316
<insert witty quote here>
|
|
August 19, 2021, 08:00:38 AM |
|
Excellent thread... and thanks for posting the scripts! Anything which helps users to enhance their privacy and/or security should be commended.
Also, kudos for the info on secure-delete
And just FYI, if anyone goes looking for similar data on Windows, it should be found in your "AppData" directory. Specifically: C:\Users\<user>\AppData\Roaming\@trezor\suite-desktop\
|
|
|
|
Coin-Keeper (OP)
|
|
August 19, 2021, 06:11:40 PM |
|
Thought I would add some depth by posting a VERBOSE report to better see the wiped content. Remember I added the -v command to always see what is happening during the process. This process was run on a brand new unused Trezor-Suite app image. I let it mount/run and then it asked to connect the Trezor. I didn't do that so this is the minimum zero wipe for this script. Of course once someone starts using Suite it will add even more data to be wiped.
Secure-delete is old school stating that reducing the # of passes from 38 is insecure,LOL. A one pass of zero's is plenty using today's drives for the purpose we are aiming at here.
"A picture is worth a thousand words" so here is the picture:
Using /dev/urandom for random input. Wipe mode is insecure (one pass [zero]) Wiping suite-desktop DIRECTORY (going recursive now) Wiping Network Persistent State * Removed file Network Persistent State ... Done Wiping Cookies * Removed file Cookies ... Done Wiping config.json * Removed file config.json ... Done Wiping Preferences * Removed file Preferences ... Done Wiping blob_storage DIRECTORY (going recursive now) Wiping 06a4aa46-d645-445a-82e8-2bb39fb9d97e DIRECTORY (going recursive now) Removed directory 06a4aa46-d645-445a-82e8-2bb39fb9d97e ... Done Removed directory blob_storage ... Done Wiping TransportSecurity * Removed file TransportSecurity ... Done Wiping Cache DIRECTORY (going recursive now) Wiping 24b53bcee349c0c7_0 * Removed file 24b53bcee349c0c7_0 ... Done Wiping index-dir DIRECTORY (going recursive now) Wiping the-real-index * Removed file the-real-index ... Done Removed directory index-dir ... Done Wiping f3a6eb276b5284a0_0 * Removed file f3a6eb276b5284a0_0 ... Done Wiping index * Removed file index ... Done Wiping 5da8bdabc36b61c1_0 * Removed file 5da8bdabc36b61c1_0 ... Done Removed directory Cache ... Done Wiping Local Storage DIRECTORY (going recursive now) Wiping leveldb DIRECTORY (going recursive now) Wiping MANIFEST-000001 * Removed file MANIFEST-000001 ... Done Wiping LOCK * Removed file LOCK ... Done Wiping 000003.log * Removed file 000003.log ... Done Wiping CURRENT * Removed file CURRENT ... Done Wiping LOG * Removed file LOG ... Done Removed directory leveldb ... Done Removed directory Local Storage ... Done Wiping QuotaManager * Removed file QuotaManager ... Done Wiping Session Storage DIRECTORY (going recursive now) Wiping MANIFEST-000001 * Removed file MANIFEST-000001 ... Done Wiping LOCK * Removed file LOCK ... Done Wiping 000003.log * Removed file 000003.log ... Done Wiping CURRENT * Removed file CURRENT ... Done Wiping LOG * Removed file LOG ... Done Removed directory Session Storage ... Done Wiping Crash Reports DIRECTORY (going recursive now) Removed directory Crash Reports ... Done Wiping Code Cache DIRECTORY (going recursive now) Wiping wasm DIRECTORY (going recursive now) Wiping index-dir DIRECTORY (going recursive now) Wiping the-real-index * Removed file the-real-index ... Done Removed directory index-dir ... Done Wiping index * Removed file index ... Done Removed directory wasm ... Done Wiping js DIRECTORY (going recursive now) Wiping index-dir DIRECTORY (going recursive now) Wiping the-real-index * Removed file the-real-index ... Done Removed directory index-dir ... Done Wiping index * Removed file index ... Done Removed directory js ... Done Removed directory Code Cache ... Done Wiping Dictionaries DIRECTORY (going recursive now) Wiping en-US-9-0.bdic * Removed file en-US-9-0.bdic ... Done Removed directory Dictionaries ... Done Wiping GPUCache DIRECTORY (going recursive now) Wiping data_0 * Removed file data_0 ... Done Wiping data_3 * Removed file data_3 ... Done Wiping index * Removed file index ... Done Wiping data_2 * Removed file data_2 ... Done Wiping data_1 * Removed file data_1 ... Done Removed directory GPUCache ... Done Wiping QuotaManager-journal * Removed file QuotaManager-journal ... Done Wiping .updaterId * Removed file .updaterId ... Done Wiping Cookies-journal * Removed file Cookies-journal ... Done Wiping IndexedDB DIRECTORY (going recursive now) Wiping file__0.indexeddb.leveldb DIRECTORY (going recursive now) Wiping MANIFEST-000001 * Removed file MANIFEST-000001 ... Done Wiping LOCK * Removed file LOCK ... Done Wiping 000003.log * Removed file 000003.log ... Done Wiping CURRENT * Removed file CURRENT ... Done Wiping LOG * Removed file LOG ... Done Removed directory file__0.indexeddb.leveldb ... Done Removed directory IndexedDB ... Done Removed directory suite-desktop ... Done *** WIPED ---- @Trezor ---- WIPED ***
|
|
|
|
|