Extracting the Private Key from a TREZOR Bitcoin Wallet with a $70 Oscilloscope
2015 – excellent work by Jochen Hoenicke on using an inexpensive oscilloscope to monitor the power drawn by a TREZOR bitcoin wallet to determine what data it was processing.
He writes:
There were some discussions on reddit whether TREZOR, a hardware wallet for securely storing Bitcoins, can be attacked using side channels like power fluctuations, electromagnetic radiations or similar. Such an attack would allow for retrieving the private key that gives access to the Bitcoins stored on the TREZOR. Usually the discussions of side-channel attacks mention the code that signs a Bitcoin transaction. To sign a transaction on the TREZOR, you need to enter the secret PIN first. So this is not useful in the scenario where the attacker has physical access to the device but does not know the PIN.
He explains how you can recover a private key from a TREZOR, if it still runs with firmware 1.3.1. It is an interesting read on how to take a device and see what is happening inside based on the power it is drawing.
Jochen did the right thing and informed Satoshi Labs of his result first. This is why the latest firmware, 1.3.3, will ask for a PIN when computing the public key. Also Satoshi included his suggested patches in the latest firmware that will reduce the information leaked through side-channels during computation of public keys, signatures, and decryption.
Do you like this type of investigation, let us know in the comments!
Adafruit has had paid day off for voting for our team for years, if you need help getting that going for your organization, let us know – we can share how and why we did this as well as the good results. Here are some resources for voting by mail, voting in person, and some NY resources for our NY based teams as well. If there are additional resources to add, please let us know – adafruit.com/vote
Stop breadboarding and soldering – start making immediately! Adafruit’s Circuit Playground is jam-packed with LEDs, sensors, buttons, alligator clip pads and more. Build projects with Circuit Playground in a few minutes with the drag-and-drop MakeCode programming site, learn computer science using the CS Discoveries class on code.org, jump into CircuitPython to learn Python and hardware together, TinyGO, or even use the Arduino IDE. Circuit Playground Express is the newest and best Circuit Playground board, with support for CircuitPython, MakeCode, and Arduino. It has a powerful processor, 10 NeoPixels, mini speaker, InfraRed receive and transmit, two buttons, a switch, 14 alligator clip pads, and lots of sensors: capacitive touch, IR proximity, temperature, light, motion and sound. A whole wide world of electronics and coding is waiting for you, and it fits in the palm of your hand.
Have an amazing project to share? The Electronics Show and Tell is every Wednesday at 7pm ET! To join, head over to YouTube and check out the show’s live chat – we’ll post the link there.
