Access to Ledger Nano S (2018 version) without PIN and seed words?

[mart]

Hey!

Is there any way to get access to the funds on Ledger Nano S (from year 2018) without the PIN code?
I also don't have the seed words.

The private keys are stored in the Secure Element (SE) of the Nano S: the ST31H320 chip.
The SE is asking for PIN before any action with the keys.

So the only way seems to be physically extracting the information from the chip.
Does anyone know a lab or someone who is able to extract the needed information from the chip?
I do know it is a secure chip designed in a way that it would be very hard to read anything from there.
But I guess some military grade labs are able to do that.

Any hint to successfully extraction of the keys will be paid in abundance.

Cheers!

[AB de Royse777]

The way I understand it, you do not need the same pin. Pin are just to keep the device locked. All you need is the seed phrase. If you have it then you can use any ledger device with any pin in it and restore the wallet.

The private keys are stored in the Secure Element (SE) of the Nano S: the ST31H320 chip.
The SE is asking for PIN before any action with the keys

What is this SE? Haven't you store your seed in physical form in a paper or any other form?

[NeuroticFish]

Is there any way to get access to the funds on Ledger Nano S (from year 2018) without the PIN code?

Since you don't have neither the PIN, nor the private key,... is this your Ledger? I guess not. And then, why would we help you steal somebody else's money? "paid in abundance" sound cool, but "accessory to crime" doesn't.

[hugeblack]

AFAIK, after 3 wrong PINs your device will be turned to new seed PIN cannot be bruteforce and seed will be.
here are service that can bruteforce your wallet seed if you lost 2-3 words, you can ask them for more details.
I don't know if there is a device that can be connected or modified on the hardware that makes it possible to do more than 3 PIN attempt.

[mart]

Is there any way to get access to the funds on Ledger Nano S (from year 2018) without the PIN code?

Since you don't have neither the PIN, nor the private key,... is this your Ledger? I guess not. And then, why would we help you steal somebody else's money? "paid in abundance" sound cool, but "accessory to crime" doesn't.

The situation is complex. In short: the owner was running a badly structured business and died. The business partners are trying to recover their funds from the wallet. There is nothing criminal.

The way I understand it, you do not need the same pin. Pin are just to keep the device locked. All you need is the seed phrase. If you have it then you can use any ledger device with any pin in it and restore the wallet.

The private keys are stored in the Secure Element (SE) of the Nano S: the ST31H320 chip.
The SE is asking for PIN before any action with the keys

What is this SE? Haven't you store your seed in physical form in a paper or any other form?

If I had the seed phase then I wouldn't have made this post 

AFAIK, after 3 wrong PINs your device will be turned to new seed PIN cannot be bruteforce and seed will be.
here are service that can bruteforce your wallet seed if you lost 2-3 words, you can ask them for more details.
I don't know if there is a device that can be connected or modified on the hardware that makes it possible to do more than 3 PIN attempt.

Yeah, thanks.

I do offer the service myself where I can restore your seed when you have up to 6 words missing  (And I can also find the missing words even if you mixed the order of the words.)

It is easy to put a custom software to the Ledger Nano S, but that doesn't help either while the chip that is holding the private keys is also asking for the PIN.

What is this SE?

Secure Element.

The Ledger Nano S has a dual-chip architecture. There is one normal chip for buttons, screen, USB, etc. And another one -- the secure element -- for all actions with private keys.
It's actually very good and clever design. And very hard to hack

[moderator's note: consecutive posts merged]

[NeuroticFish]

The Ledger Nano S has a dual-chip architecture. There is one normal chip for buttons, screen, USB, etc. And another one -- the secure element -- for all actions with private keys.
It's actually very good and clever design. And very hard to hack

I've found at some point these writings: https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/
I don't know if you're familiar with them, unfortunately I didn't get to read much either, but a quick look seems to tell that getting the info is possible, especially if you're lucky to have an old firmware on it (1.3.1).

[mart]

I've found at some point these writings: https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/
I don't know if you're familiar with them, unfortunately I didn't get to read much either, but a quick look seems to tell that getting the info is possible, especially if you're lucky to have an old firmware on it (1.3.1).

Thanks for that, but I have already went through the linked article. Even contacted the author

The attack described by Saleem Rashid in the article can be used to put a custom software to the Ledger Nano S before the usage by the user.
In my case that unfortunately doesn't help 

[dkbit98]

Is there any way to get access to the funds on Ledger Nano S (from year 2018) without the PIN code?
I also don't have the seed words.

How do you suppose to do that?
Seed words backup is mandatory to have, and it's even better if you have multiple copies in different locations.
If you don't have both PIN and seed words I can only consider you stole found this device from someone else, or you found it somewhere.

So the only way seems to be physically extracting the information from the chip.
Does anyone know a lab or someone who is able to extract the needed information from the chip?

You could in theory only extract encrypted stuff that means nothing to you and it can't be used for anything, unless Ledger and chip manufacturer have some backdoor access.
I wouldn't be surprised if they do have something like this, when everything is closed source and hush hush in their business.

The situation is complex. In short: the owner was running a badly structured business and died. The business partners are trying to recover their funds from the wallet. There is nothing criminal.

I understand this, but if he died he probably left some will and documents containing seed words and PIN, maybe even passphrase(s).
You can't hack hardware wallets so easy, or governments wouldn't pay millions to do it somehow.

[n0nce]

I've found at some point these writings: https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/
I don't know if you're familiar with them, unfortunately I didn't get to read much either, but a quick look seems to tell that getting the info is possible, especially if you're lucky to have an old firmware on it (1.3.1).

Thanks for that, but I have already went through the linked article. Even contacted the author

The attack described by Saleem Rashid in the article can be used to put a custom software to the Ledger Nano S before the usage by the user.
In my case that unfortunately doesn't help 

No no, the idea is to flash custom firmware on the Ledger's main MCU, leaving the secure element (and the seed stored therein) alone. You can do that before or after usage, should not matter.
This custom firmware can then just ask the secure element to sign a transaction sending all funds to a certain address and it should indeed return the signed transaction.

You do need to bypass firmware verification (performed by secure element), though, as described here.
https://youtu.be/Y1OBIGslgGM?t=1551

[mart]

No no, the idea is to flash custom firmware on the Ledger's main MCU, leaving the secure element (and the seed stored therein) alone. You can do that before or after usage, should not matter.
This custom firmware can then just ask the secure element to sign a transaction sending all funds to a certain address and it should indeed return the signed transaction.

You do need to bypass firmware verification (performed by secure element), though, as described here.
https://youtu.be/Y1OBIGslgGM?t=1551

It is true, that I could put a custom software to Ledger's main MCU and leaving the secure element with the keys as it is.
However, the secure element takes PIN code as an argument when doing actions (like signing transaction for example) with the keys.

So with custom firmware I could do all kind of interesting tricks with the Ledger, but without the PIN code I still have no access to the secure element and it's functions nor keys.
And when supplying 3 incorrect PIN-s to the secure element then it will just erase the keys.

Is there any way to get access to the funds on Ledger Nano S (from year 2018) without the PIN code?
I also don't have the seed words.

How do you suppose to do that?

No idea so far. That's what I'm trying to find out here

The situation is complex. In short: the owner was running a badly structured business and died. The business partners are trying to recover their funds from the wallet. There is nothing criminal.

I understand this, but if he died he probably left some will and documents containing seed words and PIN, maybe even passphrase(s).

The documents (and maybe the seed words) are stuck in court. The crypto business the owner was running was formalized loosely on a blockchain and the court does not understand nor accept that. The business partners have spent years without success in that front.

You can't hack hardware wallets so easy, or governments wouldn't pay millions to do it somehow.

I could pay 6-7 figures for this work.

[moderator's note: consecutive posts merged]

[n0nce]

No no, the idea is to flash custom firmware on the Ledger's main MCU, leaving the secure element (and the seed stored therein) alone. You can do that before or after usage, should not matter.
This custom firmware can then just ask the secure element to sign a transaction sending all funds to a certain address and it should indeed return the signed transaction.

You do need to bypass firmware verification (performed by secure element), though, as described here.
https://youtu.be/Y1OBIGslgGM?t=1551

It is true, that I could put a custom software to Ledger's main MCU and leaving the secure element with the keys as it is.
However, the secure element takes PIN code as an argument when doing actions (like signing transaction for example) with the keys.

So with custom firmware I could do all kind of interesting tricks with the Ledger, but without the PIN code I still have no access to the secure element and it's functions nor keys.
And when supplying 3 incorrect PIN-s to the secure element then it will just erase the keys.

True, true. There may be an implementation bug; especially due to the closed-source STM32 code, it may not have been spotted yet.
Basically, you're looking for a hardware / software n-day, in case your 2018 Ledger was never updated. The hardware should be unmodified from 2018 to 2022, so when looking for hardware bugs, that will actually be 0-days. Unfortunately, I'm not aware of firmware bugs that are easily exploitable on old Ledgers, like on Trezor Model One.

The situation is complex. In short: the owner was running a badly structured business and died. The business partners are trying to recover their funds from the wallet. There is nothing criminal.

I understand this, but if he died he probably left some will and documents containing seed words and PIN, maybe even passphrase(s).

The documents (and maybe the seed words) are stuck in court. The crypto business the owner was running was formalized loosely on a blockchain and the court does not understand nor accept that. The business partners have spent years without success in that front.

You can't hack hardware wallets so easy, or governments wouldn't pay millions to do it somehow.

I could pay 6-7 figures for this work.

Have you tried contacting reputable people with knowledge / experience in this field yet? That's probably a workable sum of money.

[AB de Royse777]

The situation is complex. In short: the owner was running a badly structured business and died. The business partners are trying to recover their funds from the wallet. There is nothing criminal.

I understand this, but if he died he probably left some will and documents containing seed words and PIN, maybe even passphrase(s).

The documents (and maybe the seed words) are stuck in court. The crypto business the owner was running was formalized loosely on a blockchain and the court does not understand nor accept that. The business partners have spent years without success in that front.

Does it have something to do with the exchange which owner suddenly died but later it was rumored that he did not? A lawsuit was filed against him for scamming and then disappearing. I can not remember the story correctly but there was Canadian (maybe) exchange few years ago that was gone by telling this story.

[m2017]

The situation is complex. In short: the owner was running a badly structured business and died. The business partners are trying to recover their funds from the wallet. There is nothing criminal.

I understand this, but if he died he probably left some will and documents containing seed words and PIN, maybe even passphrase(s).

The documents (and maybe the seed words) are stuck in court. The crypto business the owner was running was formalized loosely on a blockchain and the court does not understand nor accept that. The business partners have spent years without success in that front.

Does it have something to do with the exchange which owner suddenly died but later it was rumored that he did not? A lawsuit was filed against him for scamming and then disappearing. I can not remember the story correctly but there was Canadian (maybe) exchange few years ago that was gone by telling this story.

I understand what you're talking about and it would be funny that it turns out that way. Although hardly anyone would admit to being involved in that story. I also believe that many users of the exchange would have a lot of questions for those partners of the owner of this hardware wallet device, if they are on the bitcointalk forum. So, I think we will not wait for the coming out and perhaps OP has nothing to do with that story. Who knows.

[mart]

Unfortunately, I'm not aware of firmware bugs that are easily exploitable on old Ledgers, like on Trezor Model One.

Yes, the Trezor from that time where much easier to hack: one could simply brute force the PIN (https://blog.ledger.com/Breaking-Trezor-One-with-SCA) and there is no secure element in use -- so it would be possible to extract the keys straight from the chip (https://medium.com/the-capital/trezor-hardware-wallet-hacked-in-15-min-and-75-e3c23ced166).

Have you tried contacting reputable people with knowledge / experience in this field yet? That's probably a workable sum of money.

Do you have some people in mind that you think I should try to contact?

Does it have something to do with the exchange which owner suddenly died but later it was rumored that he did not? A lawsuit was filed against him for scamming and then disappearing. I can not remember the story correctly but there was Canadian (maybe) exchange few years ago that was gone by telling this story.

No, that's another story. The owner actually really died in Spain by suicide and the documents are in German court.

[NeuroticFish]

the Trezor from that time where much easier to hack

While looking up for something unrelated, I've read about Trezor's official reasons behind not using Secure Elements.

In one of the many options we reviewed, we saw a potential candidate for a Secure Element to be used in our product and we went deeper into our research. As this was a Common Criteria certified chip, we did not expect what we found. Over a few weeks, we uncovered several different critical flaws requiring no special hardware leading to the extraction of the secrets from the chip. We quickly realized these were the attacks nobody tested against.

I don't know whether it's the same chip as Nano S is using, but maybe you get to use some of Trezor's knowledge on the matter.
Unlike Ledger, who are bound to not divulge anything about the secure chip they use, Trezor may be able to help.
I don't know, maybe I'm wrong, still, it can be an idea...

[mart]

In one of the many options we reviewed, we saw a potential candidate for a Secure Element to be used in our product and we went deeper into our research. As this was a Common Criteria certified chip, we did not expect what we found. Over a few weeks, we uncovered several different critical flaws requiring no special hardware leading to the extraction of the secrets from the chip. We quickly realized these were the attacks nobody tested against.

I don't know whether it's the same chip as Nano S is using, but maybe you get to use some of Trezor's knowledge on the matter.
Unlike Ledger, who are bound to not divulge anything about the secure chip they use, Trezor may be able to help.
I don't know, maybe I'm wrong, still, it can be an idea...

Wow, that's an interesting finding!
I will contact them and see if they can help 

[mart]

In one of the many options we reviewed, we saw a potential candidate for a Secure Element to be used in our product and we went deeper into our research. As this was a Common Criteria certified chip, we did not expect what we found. Over a few weeks, we uncovered several different critical flaws requiring no special hardware leading to the extraction of the secrets from the chip. We quickly realized these were the attacks nobody tested against.

I don't know whether it's the same chip as Nano S is using, but maybe you get to use some of Trezor's knowledge on the matter.
Unlike Ledger, who are bound to not divulge anything about the secure chip they use, Trezor may be able to help.
I don't know, maybe I'm wrong, still, it can be an idea...

Wow, that's an interesting finding!
I will contact them and see if they can help 

Reply from SatoshiLabs:
Hacking other companies' HW wallets is not our company's focus. We are also not able to provide you with any contacts for any subjects that deal with this because we simply don't have them.

Completely understandable.

[NeuroticFish]

Reply from SatoshiLabs:
Hacking other companies' HW wallets is not our company's focus. We are also not able to provide you with any contacts for any subjects that deal with this because we simply don't have them.

Completely understandable.

Well, I've tried. Sorry that the idea was not as good as I hoped...

Maybe you could concentrate on finding flaws in that secure chip instead of telling that you're targeting exactly a Ledger device; if you tell about Ledger some may not help you because it can cause them bad publicity (bad actors vs the competition).
But yeah, make your own decisions, my ideas are not always great.

[Pmalek]

If it weren't for the secure element present in the Ledger, I would tell you to get in touch with hardware hacker Joe Grand. He has some experience in that field, but it was with a Trezor with outdated firmware.

His website that deals with hacking hardware and software wallets is https://www.offspec.io/.
The way I see it is that you have nothing to lose that isn't already lost (meaning the crypto on the device whose PIN you don't know and you don't have the seed either).

[mart]

Reply from SatoshiLabs:
Hacking other companies' HW wallets is not our company's focus. We are also not able to provide you with any contacts for any subjects that deal with this because we simply don't have them.

Completely understandable.

Well, I've tried. Sorry that the idea was not as good as I hoped...

Maybe you could concentrate on finding flaws in that secure chip instead of telling that you're targeting exactly a Ledger device; if you tell about Ledger some may not help you because it can cause them bad publicity (bad actors vs the competition).
But yeah, make your own decisions, my ideas are not always great.

Yes, concentrating on the chip is a good idea.
Actually the idea of Trezor as fan of open source hacking a closed source chip looked quite engaging

If it weren't for the secure element present in the Ledger, I would tell you to get in touch with hardware hacker Joe Grand. He has some experience in that field, but it was with a Trezor with outdated firmware.

His website that deals with hacking hardware and software wallets is https://www.offspec.io/.
The way I see it is that you have nothing to lose that isn't already lost (meaning the crypto on the device whose PIN you don't know and you don't have the seed either).

Yes. I contacted them and got some hope

Their answer was:
Currently, there is no attack for the Ledger but we’re working on it.