Just a video about how bad some security holograms are

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: ChiBitCTy on August 08, 2024, 09:13:03 PM

Coming from the RC thread via your linking this : figured I’d post this here .. not sure how many people spend time to go through my walls of text on Cold Stoage Coins (a scam coin I sniffed out pretty much right away..the signs for scams are often so similar, and I’ve just gotten pretty use to seeing them).

So this is likely an issue w other coins out there already and we just don’t know it. There’s absolutely no such thing as a “fully secure” hologram at the end of the day, as you know.

https://youtu.be/a1Vw0mDY64I?si=8dYBm0I2RiCQrd9d

I know I have said it before, but I still have very little trust that there are not some hologram makers out there that have not make a few 100 extra holograms so they could buy coins - peel them - reseal - resell and nobody would be any wiser till the shit hit the fan.

Look at the crap going on with the RC coins at the moment, what would we be thinking if a bunch of them were compromised and RC had made no mistakes, just the company he bought the holos from made a couple dozen extra and then had a bunch of straw buyers & sellers here move them around a bit and copy the private keys.....

-Dave

ChiBitCTy

legendary

Activity: 2282

Merit: 3014

Coming from the RC thread via your linking this : figured I’d post this here .. not sure how many people spend time to go through my walls of text on Cold Stoage Coins (a scam coin I sniffed out pretty much right away..the signs for scams are often so similar, and I’ve just gotten pretty use to seeing them).

So this is likely an issue w other coins out there already and we just don’t know it. There’s absolutely no such thing as a “fully secure” hologram at the end of the day, as you know.

https://youtu.be/a1Vw0mDY64I?si=8dYBm0I2RiCQrd9d

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: Bullion-n-BTC on June 10, 2022, 07:34:49 AM

Quote from: MoparMiningLLC on June 05, 2022, 06:32:30 PM

wonder if that would harm a private key printed on regular paper. I use Revla paper (thanks to DaveF) and I am sure that would not be affected by this method. makes me question any second hand coin now...

I’m going to slap a laser jet printed QR code and an ink jet printed QR code under some holos and try this myself as I’m curious. I’ll send you a vid/pic of the QR codes and holos when I’m done and we shall see what they look like after and see if they are readable.

Try with the 99.5% if you can find it. In theory it will unstick the hologram the fastest while doing the most damage to the ink and paper.
If the QR survives that then you know that the lower concentrations would not harm it.
Obviously it would be best if we could test many types of paper & printers and inks and so on.
But that is just not going to happen.

-Dave

Bullion-n-BTC

copper member

Activity: 450

Merit: 65

Physical Bitcoin is the only way to stack

Quote from: MoparMiningLLC on June 05, 2022, 06:32:30 PM

wonder if that would harm a private key printed on regular paper. I use Revla paper (thanks to DaveF) and I am sure that would not be affected by this method. makes me question any second hand coin now...

I’m going to slap a laser jet printed QR code and an ink jet printed QR code under some holos and try this myself as I’m curious. I’ll send you a vid/pic of the QR codes and holos when I’m done and we shall see what they look like after and see if they are readable.

2stout

hero member

Activity: 2506

Merit: 603

Quote from: nullama on June 09, 2022, 08:04:18 PM

Quote from: OgNasty on June 09, 2022, 01:25:34 PM

Quote from: FFrankie on June 09, 2022, 08:49:25 AM

Anyone who didn't get their holos from securityhologram does not have good ones.

I think you should leave the video with the impression that security holograms are not "tamper proof" any more than a lock is not "pickable" so it doesn't matter where you buy them from... Casascius addressed this long ago by lasering the edges of his holograms so that they could not be removed cleanly with this technique. That was a great solution. In my first round of minted seats I also had crazy security features (anybody ever peeled one of the originals with the security bump under the hologram?) that proved to be too time consuming and labor intensive for me to continue while offering what I felt was a bargain basement price on my work. I imagine Casascius probably quickly tired of lasering his holograms onto coins as well, but it was a good solution that wouldn't matter where you bought the holograms from.

That's an interesting solution.

Would it be possible, at least in theory, to automate the Casascius process these days with a cheap home laser engraver and a camera, running some fancy computer vision algorithms?

This could even be done by the person who bought the collectible to make it more secure.

It could be but this would seem to at the least taint things, if not borderline bastardize them as you could have some holo's with and without the laser engraving but not done by the maker.

nullama

hero member

Activity: 1008

Merit: 960

Quote from: OgNasty on June 09, 2022, 01:25:34 PM

Quote from: FFrankie on June 09, 2022, 08:49:25 AM

Anyone who didn't get their holos from securityhologram does not have good ones.

I think you should leave the video with the impression that security holograms are not "tamper proof" any more than a lock is not "pickable" so it doesn't matter where you buy them from... Casascius addressed this long ago by lasering the edges of his holograms so that they could not be removed cleanly with this technique. That was a great solution. In my first round of minted seats I also had crazy security features (anybody ever peeled one of the originals with the security bump under the hologram?) that proved to be too time consuming and labor intensive for me to continue while offering what I felt was a bargain basement price on my work. I imagine Casascius probably quickly tired of lasering his holograms onto coins as well, but it was a good solution that wouldn't matter where you bought the holograms from.

That's an interesting solution.

Would it be possible, at least in theory, to automate the Casascius process these days with a cheap home laser engraver and a camera, running some fancy computer vision algorithms?

This could even be done by the person who bought the collectible to make it more secure.

OgNasty

donator

Activity: 4760

Merit: 4323

Leading Crypto Sports Betting & Casino Platform

Quote from: FFrankie on June 09, 2022, 08:49:25 AM

Anyone who didn't get their holos from securityhologram does not have good ones.

I think you should leave the video with the impression that security holograms are not "tamper proof" any more than a lock is not "pickable" so it doesn't matter where you buy them from... Casascius addressed this long ago by lasering the edges of his holograms so that they could not be removed cleanly with this technique. That was a great solution. In my first round of minted seats I also had crazy security features (anybody ever peeled one of the originals with the security bump under the hologram?) that proved to be too time consuming and labor intensive for me to continue while offering what I felt was a bargain basement price on my work. I imagine Casascius probably quickly tired of lasering his holograms onto coins as well, but it was a good solution that wouldn't matter where you bought the holograms from.

FFrankie

hero member

Activity: 2254

Merit: 960

100% Deposit Match UP TO €5000!

Anyone who didn't get their holos from securityhologram does not have good ones.

nullama

hero member

Activity: 1008

Merit: 960

Quote from: DaveF on June 05, 2022, 05:38:38 PM

Although the video is not related to BTC / crypto collectables everyone should keep this in the back of their head coins go person to person to person.
Some holograms are good others are...well....watch the video.

https://www.youtube.com/watch?v=xUJtqvYDnkg

With no offense to any one particular maker, do we really know how good the holograms really are?

Hint....no we do not.

-Dave

I don't think holograms, or any other physical method, are particularly good at keeping something secure.

You need to trust the creator of the collectible, because they have access to the private key.

This is the easy part, because they have to build a reputation, and they don't want to lose it.

But when buying from third parties it then becomes way more difficult to trust, as they can indeed get the coins and put back the hologram, or tamper with whatever mechanism there is.

It's the same with gold and anything else really.

OgNasty

donator

Activity: 4760

Merit: 4323

Leading Crypto Sports Betting & Casino Platform

I watched an interesting series of videos from the lockpickinglawyer and Stuff Made Here where the latter made an "unpickable" lock for the lawyer to try and crack. It was an interesting series of videos between the two and showed a great collaboration of different skill sets. Here's one of the videos. I found it worth the watch: https://www.youtube.com/watch?v=2A2NY29iQdI&t=0s

You know what they say... Locks keep honest people honest. Same with tamper proof holograms. That's why purchasing items from reputable people is important. Nothing is unbeatable.

MoparMiningLLC

legendary

Activity: 2254

Merit: 2419

EIN: 82-3893490

Quote from: LoyceV on June 06, 2022, 12:15:59 PM

Quote from: MoparMiningLLC on June 05, 2022, 07:31:14 PM

I meant with reg paper would it destroy the paper or make the key unreadable

That's easy to test. I printed on standard Xerox paper using an inkjet, poured 96% alcohol on it, poured some more, and rubbed it a bit with a tissue. Then I took this picture:
Image loading...

I didn't have a laserjet attached, but I expect it to be even tougher.

This is just one more reason for me not to buy collectibles: not your keys, ....... Don't get me wrong: I'd love it, but I don't dare.

Who's sending a Casascius to the LockPickingLaywer? Cheesy

this is why I always state everyone should make their own keys but there are some makers who flat out refuse to make DIY and demand you trust their keys

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: MoparMiningLLC on June 05, 2022, 07:31:14 PM

I meant with reg paper would it destroy the paper or make the key unreadable

That's easy to test. I printed on standard Xerox paper using an inkjet, poured 96% alcohol on it, poured some more, and rubbed it a bit with a tissue. Then I took this picture:
Image loading...

I didn't have a laserjet attached, but I expect it to be even tougher.

This is just one more reason for me not to buy collectibles: not your keys, ....... Don't get me wrong: I'd love it, but I don't dare.

Who's sending a Casascius to the LockPickingLaywer? Cheesy

SFR10

legendary

Activity: 2968

Merit: 3406

Crypto Swap Exchange

Quote from: MoparMiningLLC on June 05, 2022, 06:32:30 PM

wonder if that would harm a private key printed on regular paper.

I don't have a definite answer, but I have a feeling depending on the type of ink that's used on the paper in question, it could penetrate "some" of them ^{[because of the ethanol part]} and distort them to a very small extent ^{[don't quote me on this one]}.

Quote from: MoparMiningLLC on June 06, 2022, 09:40:29 AM

I see that it says "virtually undetectable" and states "small deformation where the needle had stretched the sticker during insertion" I wish I could see pictures of this.

I found what you were looking for in "another article":

Edited version

MoparMiningLLC

legendary

Activity: 2254

Merit: 2419

EIN: 82-3893490

Quote from: yogg on June 06, 2022, 09:18:15 AM

About the hologram, the one in LPL's Youtube video is a generic one.
They are certainly not as elaborated as the Casascius hologram, despite it being exploited already :

https://www.coindesk.com/markets/2013/08/13/defcon-hackers-crack-physical-bitcoin-casascius-coins/

I see that it says "virtually undetectable" and states "small deformation where the needle had stretched the sticker during insertion" I wish I could see pictures of this.

yogg

legendary

Activity: 2464

Merit: 3158

This is indeed something very critical, and among the top of my concerns when elaborating physical Bitcoin items.
You can read more about how these issues are addressed at Coldkey by checking this thread : https://bitcointalksearch.org/topic/free-free-coldkeys-for-testing-reviews-5145343

Many thanks Sat0shisGhost for making the chemical / solvent tests on Coldkeys and sharing your results with us

Chemical tests on Coldkeys : https://bitcointalksearch.org/topic/free-free-coldkeys-for-testing-reviews-5145343.msg51448024#msg51448024

About the hologram, the one in LPL's Youtube video is a generic one.
They are certainly not as elaborated as the Casascius hologram, despite it being exploited already :

https://www.coindesk.com/markets/2013/08/13/defcon-hackers-crack-physical-bitcoin-casascius-coins/

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: JanEmil on June 06, 2022, 12:55:55 AM

Are we poor again?

As I have mentioned a few times before, there has always been a risk with things like this.
My biggest fear has not actually been an attack like this but someone who went out and bought a bunch of coins and found a supplier that would make the same hologram that one of the big names makers that did not supply a list of addresses.

Quote from: Kryptowerk on June 06, 2022, 04:26:54 AM

Interesting and definitely concerning.
What is the liquid used in the video to help peel the holo without any damage?
I wanted to make a peel-a-Moonbits video for quite some time, and trying this method would be a good start.

He mentions at about 2:50 in the video it's just denatured alcohol. Does not say if it is 95% or 99% or 99.5%
Would probably start with 95% and work my way up.

-Dave

MoparMiningLLC

legendary

Activity: 2254

Merit: 2419

EIN: 82-3893490

Its denatured alcohol

Kryptowerk

legendary

Activity: 2114

Merit: 1403

Disobey.

Quote from: DaveF on June 05, 2022, 05:38:38 PM

Although the video is not related to BTC / crypto collectables everyone should keep this in the back of their head coins go person to person to person.
Some holograms are good others are...well....watch the video.

https://www.youtube.com/watch?v=xUJtqvYDnkg

With no offense to any one particular maker, do we really know how good the holograms really are?

Hint....no we do not.

-Dave

Interesting and definitely concerning.
What is the liquid used in the video to help peel the holo without any damage?
I wanted to make a peel-a-Moonbits video for quite some time, and trying this method would be a good start.

JanEmil

hero member

Activity: 2422

Merit: 668

Community management 24/7 for hire

Are we poor again?

MoparMiningLLC

legendary

Activity: 2254

Merit: 2419

EIN: 82-3893490

Quote from: DaveF on June 05, 2022, 07:08:21 PM

Quote from: MoparMiningLLC on June 05, 2022, 06:32:30 PM

wonder if that would harm a private key printed on regular paper. I use Revla paper (thanks to DaveF) and I am sure that would not be affected by this method. makes me question any second hand coin now...

Would it matter what happens to the paper? Once the hologram is off you can always reprint it.

I mentioned it to someone else in a PM but:

Certain issues have been well known for 9 years
https://www.coindesk.com/markets/2013/08/13/defcon-hackers-crack-physical-bitcoin-casascius-coins/

Supposedly they (Casascius) fixed their holograms.
But with everyone else we have to hope they bought their holograms from a quality maker and not just the lowest cost one.

-Dave

I meant with reg paper would it destroy the paper or make the key unreadable

Topic: Just a video about how bad some security holograms are (Read 654 times)