Ultra-Secure Cold Wallet: The "Sagem PHONE Infineon" Approach

[DeblokGsm]

Hello everyone,

As a telephony and electronics technician, I've recently explored a cold wallet approach that, after weeks of in-depth analysis and discussions, appears to offer an exceptional level of security and discretion, potentially surpassing some existing solutions, all at a minimal cost. I stumbled upon this method somewhat by chance while exploring old phones.

My idea revolves around using specific Sagem phones, based on the Infineon platform (like the MY 220V), a technology from the mid-2000s. Here's why this choice is crucial and how the system works.

Why Sagem Infineon? The Heart of Security

The uniqueness of these phones lies in their distinct and robust hardware and software architecture for their time:

RSA 1024-bit Encrypted Firmware: The operating system of these phones is protected by RSA 1024-bit encryption, making any unauthorized access or modification attempts extremely difficult. Publicly available "unlocking" tools are virtually nonexistent today.

Inherent Hardware Security: Infineon chips were designed with rigorous "secure boot" mechanisms. Any attempt to inject unsigned firmware is blocked. The fast boot time adds a layer of protection against glitching attacks (like RGH).

Lack of Modern Connectivity: These phones have no Wi-Fi, no advanced Bluetooth, no 3G/4G/5G, and no sophisticated web browser. This native digital isolation makes them immune to modern threats like Pegasus malware or exploits via complex SMS/MMS. The attack vectors for these threats simply don't exist on these devices.

Sandboxed Java: If Java applications are present, they are confined to a sandbox environment, further limiting their ability to interact with the system or exfiltrate data.

The Cold Wallet System: A Discreet and Resilient Fortress
Here are the various layers of security I've implemented:

Seed Storage in Drafts: The seed (BIP39 recovery phrase) is stored in the SMS drafts of each phone. It's disguised within innocuous text (e.g., "This series has 265 episodes"), making it invisible to the untrained eye.

Security Code Protection: Each phone is protected by a PIN or security code at startup. Too many incorrect attempts result in a brick or data wipe, protecting against brute-force attacks.

Maximum Physical Isolation: The charging connector is cut and sealed with epoxy resin. This prevents any attempt at data injection, flashing, or access via external ports. The phone is powered by an external battery charger, making its "power-up" unusual and discreet.

Ultimate Fragmentation and Redundancy (12 Phones): This is a key point. I use 12 distinct Sagem phones. The complete seed is stored and disguised within the drafts of each of these 12 phones. This ensures exceptional resilience: the loss, theft, or destruction of multiple phones does not compromise the seed's security, as any of the remaining phones can be used to recover it.

Ingenious Paperless Recovery Method: To reconstruct the seed, I developed a unique method that relies on the BIP39 standard, colors (12 different colored pencils), and each phone's unique IMEI number. The numbers corresponding to the seed words are "marked" on the IMEI with specific colored dots, and the order of the words is determined by the ascending numerical sequence of the phones' IMEIs. This method is incredibly complex for anyone not privy to the "key" of colors and ordering.

Key Advantages and Resistance to Attacks

Negligible Cost: Each phone costs around €10 (approx. $10-11 USD), making this high-level security very accessible.

Unparalleled Discretion: The "grandma's old phone" is the ultimate physical steganography tool. It goes completely unnoticed in any context (plane, mail, search), where a USB drive, a Ledger, or a laptop screams "sensitive data!" Psychologically, it's a perfect decoy.

Resistance to Advanced Attacks:

Pegasus & Co.: Completely immune due to its lack of modern connectivity and rudimentary OS.

Hardware Attacks (RGH, modified SIM, RX/TX): Thwarted by fast boot, secure boot, Infineon encryption, and the immense, destructive reverse engineering effort required, even if physical access were possible.

Nation-State Attack: Even if a government obtained Infineon's firmware signing keys, they would still need to physically acquire your phones, bypass your physical protections (destroying them in the process), and understand your complex disguise method (colors/IMEI) to extract the seed. A disproportionate effort for an individual target.

Accessibility for All: Once the initial system is set up by an expert, daily use (storing the seed in drafts, recovering it with the color system) is simple and intuitive, even for a non-technical person.


Conclusion

After thorough analysis, this cold wallet solution appears to cover all bases of security, from physical protection to software resilience, along with unparalleled discretion. It transforms what might be perceived as a weakness (an old phone) into an unexpected strength.

I'm eager to hear your feedback, analyses, and if you identify any flaws I might have missed.

Feel free to ask any questions!

[stanner.austin]

Hello
Nice to see someone from gsm. i also spend more than 15 year in gsm reverse engineering & programming.
Infineon & locosto cpu base phone made by sagem, old time we used jtag to read memory dump and decrypt data for unlock code.

Most secure in old time and never cracked security publicly is by blackberry (company is dead long go) qualcomm cpu base phones, same principal use in latest modern hardware wallets.

Its not secure to relays on any older security. for example RSA 1024 its still not broken but consider unsafe everyone move to RSA 2048.

There is always EMMC/JTAG method to dump data on old phones. some may be encrypted but only firmware part data is decrypted most case.

I think latest qualcomm & samsung trustzone and trusttonic are best to start, it may be costly but security never come in cheap.

samsung exynos & qualcomm latest phones are more secure currently for research part for wallet.

[DeblokGsm]

Clarifications on Seedkeeper’s with SAGEM Security Design

Hi, and thanks a lot for your detailed reply.

It’s great to exchange with someone who really knows GSM reverse engineering and memory access techniques — I appreciate the time you took to share your thoughts.

You made valid points about the limitations of older security models and the theoretical vulnerabilities of legacy platforms. Let me clarify a few key elements regarding the Seedkeeper system and why, despite its low-tech nature, it remains extremely robust in practice:

1. RSA 1024 is not used for encryption – only firmware lockdown

You’re absolutely right: RSA 1024 is no longer recommended for modern cryptographic tasks.

However, in this case, the RSA layer isn’t used to encrypt the seed or any user data — it’s used to protect the Infineon firmware integrity via signed bootloaders.

So the value of RSA 1024 here is architectural: it blocks unauthorized flashing or custom boot attempts.

Even if it’s considered “weak” today, nobody has published a working custom firmware loader for these Sagem RSA phones, and Infineon

signing keys are still not publicly available.

2. JTAG access is mitigated by hardware + software defenses

You mentioned JTAG/Locosto memory dumping — a known and powerful technique back in the day.
However, in Seedkeeper, the JTAG angle is already mitigated:

The charging/data port is physically cut and sealed with epoxy, preventing any easy UART or JTAG access,

Each phone has an active “Post Code” (Sagem’s master PIN lock),

And this lock protects access to user memory (like SMS drafts where the seed is stored).

The key point is:

Any attempt to flash or reset the firmware to bypass the code results in the loss of all user data.

So even if someone managed to connect JTAG and extract raw flash data, the critical info (seed fragments) would be encrypted, protected, or wiped without the valid post code.

This makes JTAG-based attacks both technically hard and functionally useless.

3. This is a different security model than modern wallets

I fully agree with you: modern TrustZone / TEE / Secure Enclaves offer powerful solutions for secure key handling.

But Seedkeeper is not designed to compete with Ledger, Coldcard, or Qualcomm TEE.

Instead, it’s a disconnected, steganographic cold wallet:

Zero modern connectivity (no Wi-Fi, no USB, no Bluetooth),

No firmware update paths,

Camouflaged seed fragments stored in plain sight (SMS drafts),

And a unique recovery method based on IMEI sorting + colored markers (not paper, not electronic).

It’s a different paradigm: ultra-stealthy, physically resilient, and immune to remote attacks — because there are no digital attack surfaces to begin with.

Thanks again for your valuable input.

If you see any other potential vectors or ways to improve the model, I’m definitely open to discussion — exchanges like this are what help refine real-world resilient systems.

Looking forward to your thoughts!