What was the hacker's method for someone who had forgotten the PIN for a hardware wallet containing over 200 million yen in cryptocurrencies?

Hardware wallets can be safely managed by isolating virtual currencies from the Internet. However, there is a person who has forgotten the PIN of this hardware wallet and can no longer use the virtual currency equivalent to 2 million dollars (about 230 million yen). This 'forgetting the hardware wallet PIN' is a fairly frequent event, but there have been reports of cases of dealing with the rough work of having a hacker's friend hack this hardware wallet. increase.

Cracking a $ 2 million crypto wallet --The Verge


In early 2018, Dan Reich and his friends will buy another cryptocurrency, Theta Token, for $ 50,000 in Bitcoin. At that time, each Theta token was only 21 cents (about 24 yen), so Reich and others will get a large amount of Theta tokens. Reich and his colleagues held theta tokens on a Chinese-based crypto exchange, but a few weeks later it was revealed that the Chinese government would begin a widespread crackdown on cryptocurrencies. Reich and his colleagues need to transfer the theta tokens to a hardware wallet that stores cryptocurrencies in a location isolated from communications, as they will not be able to access the exchange and handle theta tokens as they are. I am pressed for sex. Reich and colleagues purchased a Trezor hardware wallet, set a PIN, and transferred theta tokens. However, it seems that the existence of the hardware wallet has been completely forgotten because the private life of Mr. Reich and others became busy.

After a while, Reich began to want to cash the Theta Token, but it turned out that his friend had lost the paper with the hardware wallet PIN. Initially, Reich and his colleagues thought they had set a four-digit PIN and tried to guess that number, but each time they failed, they doubled the waiting time before they could enter the PIN into their hardware wallet. It seems that it was extended. Also, if you fail to enter the PIN 16 times, all the data in the hardware wallet will be deleted automatically, so Reich and others give up on entering the PIN.

The value of theta tokens stored in the hardware wallet was about 12,000 dollars (about 1.4 million yen) at the minimum, but because theta showed a price increase, 3 million dollars (about 340 million yen) ) Has also risen.

To use the cryptocurrency built on the blockchain, you need to use the private key. Cryptocurrencies cannot be sold or used without the private key or the string (seed) of the word used to output the private key. However, if you can get the private key, you will be able to get the virtual currency in one anonymous transaction. Private keys can be stored on cryptocurrency software wallets, but because they are on the Internet, they have the disadvantage of being vulnerable to remote attacks.

On the other hand, a USB memory-sized hardware wallet like the one used by Reich et al. Will be able to operate cryptocurrencies safely by storing the private key on a local device in isolation from the Internet. .. However, if you forget the PIN you enter when using it, you will not be able to use virtual currency like Reich et al.

According to Chainalysis, a cryptocurrency-related research company, there are more cases than you can imagine that you will not be able to access cryptocurrencies by losing your private key or the PC or smartphone where your software wallet is stored. There are many patterns. Chainalysis estimates that $ 66.5 billion worth of Bitcoin has been lost due to the inability to access the private key.

In 2020, when the value of Theta Tokens skyrocketed, Reich desperately seeks a way to access his hardware wallet. Reich made an appointment with a hardware expert who discovered a way to access a Trezor hardware wallet in 2018, but he refused to help him. is.

After that, a Swiss financial company said, 'I have an acquaintance in France who can crack hardware wallets.' However, with this help, there was the risk of 'trusting the hardware wallet to a financial company and having it carried to a French acquaintance.'

After that, it seems that the plan to crack the hardware wallet was crushed due to the pandemic of the new coronavirus, but suddenly a better option appears. The option was to 'rely on

American hardware hacker Joe Grand.'

Mr. Grand has been a hardware hacker since he was 10 years old, is a member of the well-known hacker group L0pht , and once explained a vulnerability in the Senate in 1998.

Reich, an electrician who runs a software development company, quickly realized that Grand had the ability to crack hardware wallets, and after a conversation, he said, 'Wow! He's probably me ever. He is the best engineer I have ever met. '

Mr. Grand, who was asked to crack the hardware wallet by Mr. Reich, purchased multiple hardware wallets of the same model number. After that, I spent three months researching how to crack the hardware wallet, and succeeded in cracking what I purchased for the experiment.

According to Grand, there are some previous studies that could lead to cracking hardware wallets, made by British hardware hacker Saleem Rashid in 2017 by technology journalist Mark Frauenfelder's

Trezor. It was said that the method of cracking the hardware wallet of was helpful.

Rashid discovered that Trezor's hardware wallet 'when the hardware wallet is turned on, it copies a copy of the PIN stored in the secure flash memory portion to memory (RAM).' Therefore, by using the vulnerability to boot the hardware wallet in firmware update mode and installing the code created independently, we have succeeded in reading the PIN code in RAM. However, if you copy this technique and accidentally erase the data in RAM before reading the data, your PIN will be lost forever.

In addition, Rashid has released a method for cracking Trezor's hardware wallet, which allows Trezor to change the hardware wallet's specifications to 'a PIN that is copied to RAM at startup, when it goes into firmware update mode. I changed it to 'Delete from'.

So, Grand will focus on a technique called 'wallet.fail' announced in 2018. This technique has a specification in Trezor's hardware wallet that 'the PIN that was copied to RAM at boot time is deleted, but the PIN that should have been deleted at another stage is restored.' It is a poked attack.

The microcontroller installed in the Trezor hardware wallet has three security levels: the safest 'RDP2' that cannot read RAM, and 'RDP1' and 'RDP0' that can read RAM. The Trezor hardware wallet uses RDP2 to prevent the risk of intercepting the PIN in RAM, but it does a fault injection attack on the chip that affects the voltage flowing through the microcontroller. By doing so, it seems that security can be downgraded from RDP2 to RDP1. Therefore, wallet.fail is very similar to Rashid's attack method, except that it uses fault injection.

Later, Mr. Grand discovers that the firmware version installed in Mr. Reich's hardware wallet copies the PIN to RAM when the hardware wallet is turned on. This means that you are copying your PIN from storage and the PIN master key is still stored in storage. This means that if you accidentally crack and delete the RAM in your hardware wallet, your PIN will remain in storage, which means you can try cracking while reducing the risk of your PIN disappearing. about it.

In this way, Mr. Grand executed cracking based on 'wallet.fail'. After about three and a half hours of enforcement, we finally succeeded in reading the PIN code of the hardware wallet. It was a misunderstanding that Reich et al. Remembered that they had set a 4-digit PIN, and it seems that a 5-digit PIN was actually set.

In addition, Trezor received reports that Mr. Grand succeeded in cracking Mr. Reich's hardware wallet, 'The vulnerability (used for cracking) has already been fixed, and all our new products have been fixed. It is shipped by the boot loader. '

in Software,   Hardware,   Security, Posted by logu_ii