Pages:
Author

Topic: BC Vault hardware wallet - is this a reasonable answer to a question? (Read 1548 times)

copper member
Activity: 27
Merit: 1
Sorry, no more security related details will be provided. As said, good luck with your mission though!
newbie
Activity: 2
Merit: 0
Good luck Smiley Nice effort, but looong loong way from success.

We implemented proprietary security mechanisms (using standard aes256 of course) and thus we do not provide any shortcuts.

Sole purpose of any crypto wallet is to NOT MAKE IT EASY to even try to approach brute forcing….latest example of this is Ledger users receiving FAKE LEDGERS with changed software etc..sad but true. Open source is two edge sword and one edge is hackers exploiting it.

I wish you luck with trying the passwords.

Thanks for replying!
This thing is becoming interesting to me, because if i am not successful, my funds will be locked forever, so, no chance to fail here.

I think that you are right for looking for security in your device, this is the thing we want when we look for hardware wallets. But, i also think that open source is not the problem. The real question on open sourcing things is the way you do it. There are a lot of open source and secure things, like bitcoin itself, linux, and so much on. The problem is how you deal with people involved with your business. Wouldn't be great if we, the community, help you make BCVault even more secure then it is? Someone, maybe not me, WILL sooner or later decrypt the file, or hack the device. I just think that BCVault should be involved on this in a responsible and secure disclosure, not to get caught by surprise.

It is a great start to us to hear from you that this is an AES-256 secured device, but also, you mention you implemented security mechanisms. Which of the seven AES operation modes did you used? ECB, CBC, CTR, PCBC, CFB, OFB or GCM? How the password and PIN are hashed to form the key, is it an known hashing function?

Hope you get involved and hear to us, your actual, and possible clients.
legendary
Activity: 2212
Merit: 7064
A lot of their code is open source.
No, it's not, don't spread lies and act smart.
There is no bit of open source, bit of closed source, don't mix apples and oranges.
Bc vault github is only for their wallet provider and for javascript API for integrating BC-Vault, not a single line of code regarding firmware or anything else.
I can also create fake Bitcoin code that is also open source, but nobody will use that, except maybe people who don't use their brain.
https://github.com/bc-vault
copper member
Activity: 27
Merit: 1
A lot of their code is open source. Trezor also had same issues with fake devices due to open source (source: https://blog.trezor.io/psa-non-genuine-trezor-devices-979b64e359a7?gi=17785e898fa5)

Fake Ledgers: https://www.google.com/amp/s/www.forbes.com/sites/leemathews/2021/06/18/cybercrooks-are-mailing-users-fake-ledger-devices-to-steal-their-cryptocurrency/amp/

Well there is a lot of options and you always choose what you think is good for you! Diversity and competition drives the development and improvement.
legendary
Activity: 2212
Merit: 7064
Sole purpose of any crypto wallet is to NOT MAKE IT EASY to even try to approach brute forcing….latest example of this is Ledger users receiving FAKE LEDGERS with changed software etc..sad but true. Open source is two edge sword and one edge is hackers exploiting it.
Ledger is NOT open source same as bc vault so I don't know why you would mention this in same content.
Much greater danger is coming from hardware wallets with closed source code with potentially hidden and dormant backdoors that can stay asleep for years before activation.
If federal agents can wait 3 years and create anom phones, I don't see why doing the same for hardware wallets would be any trouble for them.
copper member
Activity: 27
Merit: 1
Good luck Smiley Nice effort, but looong loong way from success.

We implemented proprietary security mechanisms (using standard aes256 of course) and thus we do not provide any shortcuts.

Sole purpose of any crypto wallet is to NOT MAKE IT EASY to even try to approach brute forcing….latest example of this is Ledger users receiving FAKE LEDGERS with changed software etc..sad but true. Open source is two edge sword and one edge is hackers exploiting it.

I wish you luck with trying the passwords.
newbie
Activity: 2
Merit: 0
Hey guys, i am trying to solve this question in this github repo:
https://github.com/eliaspoliceno/decrypt-bcvault

I think BCVault is a great device, but i also think that sending backup files to anyone is not a secure thing to do.
So i am trying to decrypt it by myself.

Maybe
Quote
alien2108
could help us a bit? Or even play a hot and cold game guiding us?
I know all the info in this brand new device, global and wallet pass and pin. I need to know now:
  • Which algorithm to use, in which mode, and where to find the extra parameters? Is it an AES-256 CBC as i am suspecting?
  • After decrypting the outer block, where the innner block starts? Is it the same algorithm, same mode, in the same way to find parameters?
  • Finally, after decrypting, how can i read back the private key from the resulting byte array?

Hope to be successful!
newbie
Activity: 2
Merit: 0
Please contact [email protected]

You will have to get it right, this is the sole purpose of the device - protect private keys and allow access only with correct credentials.

Ok, I'm doing this, but it hasn't been easy days, it's my economics of life  and father in my wallet Sad, and i know that i'm responsible for this situation, but i hopely expect that BC Vault team help me.
copper member
Activity: 27
Merit: 1
Please contact [email protected]

You will have to get it right, this is the sole purpose of the device - protect private keys and allow access only with correct credentials.
newbie
Activity: 2
Merit: 0
Hello There,

Its my firs time here posting message, nice to meet all there.

I´m in a big real trouble and if i´m in a wrong place, tell me where i must go...

I have BC Vault with 2 Wallets, but i wrote my Wallet Password / Pin from Wallet 2 wrong in a paper.

Global Password - Ok
Global PIN - Ok
Wallet Password or Wallet PIN [Wrong]

What alternatives i have in this situation? Somebody has some experience / solution for this?

It´s possible i´m write some program to try passwords by combination and try automatically ?
copper member
Activity: 27
Merit: 1
Indeed!

Bounty wallet of 1BTC (Actually 1.17) is preloaded on every unit, it is exactly the same as every wallet you create. You hack it, it is yours!

BC Vault did independent security audit (including architecture, hardware, sources!): https://bc-vault.com/2020/05/bc-vault-completes-security-assessment-by-siq/

You can also always export RAW PRIVATE KEYS (our infrastructure NOT needed): https://support.bc-vault.com/a/solutions/articles/43000543089

Did you know that every purchased BC Vault hardware wallet is shipped with pre-loaded 1 Bitcoin? Smiley
Yes, if you order their hardware wallet you will get device with privatekey and 1 Bitcoin worth  50k worth bitcoin paid around, BUT there is a catch and you could claim it only if you break their encryption.
This is also available for everyone to see on their website:
Quote
Each and every BC Vault ships pre-loaded with 1.0 BTC. If you break the encryption on it, its yours!
https://bc-vault.com/
archive: https://archive.vn/iXT6N

Bad thing about this wallet is that everything is closed source but they say they will release it as open source if they go bust  Roll Eyes
https://github.com/bc-vault

legendary
Activity: 2212
Merit: 7064
Did you know that every purchased BC Vault hardware wallet is shipped with pre-loaded 1 Bitcoin? Smiley
Yes, if you order their hardware wallet you will get device with privatekey and 1 Bitcoin worth 50k at this time, BUT there is a catch and you could claim it only if you break their encryption.
This is also available for everyone to see on their website:
Quote
Each and every BC Vault ships pre-loaded with 1.0 BTC. If you break the encryption on it, its yours!
https://bc-vault.com/
archive: https://archive.vn/iXT6N

Bad thing about this wallet is that everything is closed source but they say they will release it as open source if they go bust  Roll Eyes
https://github.com/bc-vault
copper member
Activity: 27
Merit: 1
Hey all!

As promised BC Vault did complete hardware certifications, radio certifications and of course the most important thing complete security assessment (software+firmware+services - architecture review, SW+HW pentest, Source code review) review by independent external organisation - SIQ (TÜV in Slovenia, responsible for all worldwide standard certifications - CE, EMC, RoHS...).

https://bc-vault.com/2020/05/bc-vault-completes-security-assessment-by-siq/
https://bc-vault.com/2020/04/bc-vault-successfully-completed-conformity-certificate/



newbie
Activity: 4
Merit: 0
Yes, wallet is already undergoing testing, but this things take a lot of time. So once they will be made, we will of course publish them!

Excellent, looking forward to read the audit!
copper member
Activity: 27
Merit: 1
Yes, wallet is already undergoing testing, but this things take a lot of time. So once they will be made, we will of course publish them!
newbie
Activity: 4
Merit: 0
Hey!

Thank you for your support, we sure hope you will become a user in the future. Yes there is a code available, that is valid up to end of the year in our shop: "christmas10bcvault" Expiry date 2019-12-31.

Thank you, sure planning to do so. Are there any independent audits of your Wallet that will be released in the near future?
copper member
Activity: 27
Merit: 1
Hey!

Thank you for your support, we sure hope you will become a user in the future. Yes there is a code available, that is valid up to end of the year in our shop: "christmas10bcvault" Expiry date 2019-12-31.
newbie
Activity: 4
Merit: 0
I am glad that you incorporated exportation of the seed, as I was very interested in your wallet but hesitant due to the seeds being ”locked” to the BC Vault. Will there be a christmas discount?
copper member
Activity: 27
Merit: 1
Thank you for raising the concerns and I hope we did provide you with proper answers!
newbie
Activity: 4
Merit: 0
I am the original poster of the question on this forum. Thanks for listening to us alien2108 and for your responses. I will follow your progress with your vault. Unfortunately this time I went with a different vendor, but I still really like your product. I hope you become a big comptetitor to the other devices out there.
Pages:
Jump to: