Topic: Hardware wallets on USB pendrive - page 2. (Read 618 times)

Another reason why this would be a bad idea, is because the Firmware on these devices are fulnerable and exploitable like we saw with BadUSB Malware back in 2014. The hack utilized the security flaw in the USB that allowed an attacker to insert malicious code into the USB device firmware. 

Also, why would companies like Trezor and Ledger allow people to effectively create their own hardware wallets, if their main income source are derived from the sale of these devices? This is the main reason why they are using special Cryptographic electronics in these chips to talk specifically to their software. 

To "mimic" hardware wallet create bootable  USB drive   and install Kali Linux with  persistent storage. Install on that  persistence   partition  Electrum wallet. Use that USB stick  solely  offline with single purpose   to sign transactions created with watching-only copy of Electrum installed on online computer. Use QR codes to transfer unsigned/signed transactions to/from that USB stick with   cold Electrum wallet. Broadcast signed transaction via Electrum on your online machine.

Simple answer, no.



That's not possible.

A hardware wallet consists of more than just a flash memory chip.




No, also you need some kind of verification which happens outside of your computer you are using to transact (preferably only on the hardware wallet itself).




They are not. Hardware wallets have secure elements embedded which keep the secret information secure and do the signing operations.
Like your credit card. It doesn't only consist of some plastic with a small flash memory.




Because it is not possible.
We have seen people who think it is possible, which simply just copied their wallet file onto the usb. But those people don't have a clue at all.




I guess you are talking about hardware wallets now (not usb sticks) ?

IF some attacker is able to flash the firmware of a hardware wallet without erasing its secret information (seed), yes.. definitely possible.
But you can't simply flash the firmware to get your own version on it without erasing all relevant data. If you would be able to do so, that would be quite a severe vulnerability (which already existed in ledgers hardware wallets, but got fixed).

If you are not able to flash the firmware, you have to somehow get the secret information out of the device with the official firmware installed.
And this is not possible, given that there are no vulnerabilities (which could always exist; especially side-channel attacks etc.. ).

No it is a embedded system that is running. For a more in depth view of the ledger nano s check out this youtube video. Very interesting and will explain why it isnt that easy as you think.

The screen provides more functionality than simply providing an input method for a PIN or password. Any transaction made is displayed on the screen, both address and amount, and needs to be manually verified before it will send. This is to ensure that these values haven't been tampered with or changed by malware infecting the computer the hardware wallet is plugged in to.

Because they're not. Hardware wallets have a chip on them known as a secure element, which provides far great security than a simple USB drive.

You can absolutely store your wallet on a USB drive, anything from a simple list of private keys to an wallet.dat file. But it's terrible security if not encrypted.

It is many orders of magnitude harder to extract private keys from a hardware wallet than it is to extract them from a USB (depending on your security), or load some malware on to the USB which will automatically run next time you unlock your wallet.

In short, wallets on a USB are doable, but security is very user-dependent.

If I'm understanding right, here's something that kind of does what you want:

https://opendime.com/


It's not a very good model for the traditional "cold storage" type system though.

I don’t think this is easily done (or even possible). Hardware wallets are more than a flash drive with a screen. They have specific chips with cryptography functions to generate private keys, sign transactions and only transmit certain informations; while an USB flash drive is just a storage device that mounts a partition on your PC so you can store files on it. There is also a lot more on hardware wallets (like the way they are build to prevent tampering and someone from simple opening the device and getting everything that is stored there).

The closest you can get from a hardware wallet with a USB flash drive is by keeping your wallet file there and only plugging it in a safe air-gapped device to sign transactions (while offline) and later broadcast them.

Is it even possible to create a hardware wallet and integrate it to a normal USB pendrive. I am not talking about transferring the paper wallet to USB.
I am talking about copying the code embedded in hardware wallets like Trezor and Ledger Nano S and then integrating it to USB drives.

A few questions that came in my mind:

1. The above devices have a built-in screen that protects their device with a password. Now obviously our USB drive won't have that feature. If we remove that feature and implement the other features would that be doable thing ?
2. Basically, the hardware devices are just USB drives with embedded code. Why can't it be copied and integrated on other USB drives ?
3. If it is possible why haven't we seen people doing it ?
4. Can't a hacker get hands on one of these device and manipulate the code to get access to the wallet ?
Well I do know that it is encrypted through cryptographic algorithm which makes it almost impossible to hack the wallet by manipulating the code but I would like more info on this.