Introduction to Cryptocurrency Hardware Wallet Recovery

To pay for this course using cryptocurrency, please select "Request an Invoice" and select cryptocurrency as your payment method. We will send you an updated invoice with a wallet address you can use for payment.

Disclaimer: Please read this first

Everything covered in this course is based on publicly available information. This course will focus on the Trezor One, however, the steps will likely be identical for other wallets based on the Trezor One (i.e. the Keepkey) and similar for wallets where a publicly known attack has not been published (i.e. the Ledger Nano S). We are simply summarizing all the available research for participants and going over a step by step guide to reproduce the attacks. As part of this course, neither the Trainer nor Advanced Security Training will be recovering wallets for participants of the course or providing you any warranty that you will succeed in recovering a wallet which you control. The goal of this course is EDUCATION and to teach you the exact steps required so that you can make an educated decision about recovering your own funds or funds of someone you know.

Ever since the Wallet.Fail talk in 2018 we've gotten hundreds of requests to recover people's wallets. This course is a way to give those people a peace of mind and educate them prior to seeking professinal consulting services. We do believe that people that have a background in computer security, electrical engineering and/or hardware hacking will be capable of recovering funds from a wallet they control after completing this class. Additionally, as part of this class, we will provide references to labs capable of offering wallet recovery as a professional service to clients.

Course Outline

The Most Popular open source hardware wallet to date is the Trezor One. The Trezor One offers excellent Open Source documentation, an excellent development environment and publicly available schematics that make it an obvious starting point for many other wallets. Nevertheless, the Trezor One uses an architecture built around a consumer-grade micro-controller, the STM32F2. Although the STM32F2 does offer some secuirty, this security can be bypassed through a series of glitches.

For instrumenting and attacking the STM32F2 we will use the Spearf1sh embedded security platform. The Spearf1sh utilizes the Digilent Arty Z7 development board with a custom embedded Linux Image. The Spearf1sh image will be made available publicly prior to the course.

Hardware Required

• A PC or Mac with Virtualbox or VMware installed - we will provide a VM with tools for building the trezor firmware and running the Trezor simulator

(Optional) Hardware Required to perform the Attack

If you are taking this class for educational purposes and do not plan on performing the attack yourself, you will not have to purchase this hardware.

• STM32F205RET6 - this is the STM32F2 used by the Trezor, which is nice to have to practice the attack to not have to perform the attack in situ
• Trezor One - We recommend buying at least 3 Trezor Ones to practice the attack before performing it on a real device
• Digilent Arty Z7 - for running the Spearf1sh image
• MicroSD card - we recommend 4GB to 32GB for loading the Spearf1sh image
• USB to MicroSD adapter for flashing the Micro SD card