Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Hardware wallets
Author

Topic: Weird layout of number buttons on Trezor emulator (Read 115 times)

HCP
legendary
Activity: 2086
Merit: 4361
Weird layout of number buttons on Trezor emulator
October 30, 2021, 03:59:02 PM
#9
Quote from: dkbit98 on October 30, 2021, 03:31:29 AM
Kraken team managed to bypass/extract PIN code in just few minutes from Trezor wallet, so it's obviously not that complicated if you have the proper equipment and skills.
That's slightly exaggerating what they did PIN-wise... what they actually did was extract an encrypted seed from the device using voltage glitching. They then decrypted that seed by bruteforcing the PIN. However, by that point... it was effectively just a "desktop wallet" type PIN encryption setup. All other hardware protections were gone because they had the data out of the device.

If the device didn't have the voltage glitch exploit, the PIN system would be a perfectly adequate way of securing it (as devices like Coldcard and Ledger do etc)... unfortunately, the Trezor device is inherently vulnerable to this physical attack Undecided So, your only option is to use a "strong" BIP39 passphrase, because if your device is lost/stolen... then, as you say, any one with physical access and some relatively basic equipment can bypass all the other protections with relative ease. Undecided
dkbit98
legendary
Activity: 2212
Merit: 7064
Re: Weird layout of number buttons on Trezor emulator
October 30, 2021, 03:31:29 AM
#8
Quote from: HCP on October 29, 2021, 11:46:45 PM
Except that the time you have to wait between incorrect attempts increases by a power of 2... and then the device wipes itself after 16 incorrect attempts:
My point was that wife and kids are not tech experts and they usually don't know how to hack stuff, maybe wife can sneak peak and know your PIN in a same way like they are doing with smartphones, jealousy is a funny thing  Cheesy

Quote from: HCP on October 29, 2021, 11:46:45 PM
Even attempting a 4 digit PIN under those conditions is going to be quite a challenge... unlike say, attempting to crack a 4 digit PIN on a desktop wallet.
Kraken team managed to bypass/extract PIN code in just few minutes from Trezor wallet, so it's obviously not that complicated if you have the proper equipment and skills.
Than again you could do the same thing with most smartphones and devices we have today, and hidden encryption backdoors can be in all devices and chips.
Pmalek
legendary
Activity: 2730
Merit: 7065
Re: Weird layout of number buttons on Trezor emulator
October 30, 2021, 02:03:39 AM
#7
Quote from: HCP on October 29, 2021, 11:46:45 PM
It also stops "mouse loggers" in conjuction with a Trezor One... theoretically, by monitoring where you click, an attacker could determine what your PIN code was if you were clicking in the same "pattern" every time you unlocked your device. By randomising the keypad, it makes this impossible.
It's a neat security feature for sure and I am glad they have it. With a Ledger, you have a right or left button that you click to increase or decrease the displayed number on the screen. For each character, the first displayed number is a random one. It can be a 0 or a 4, or anything else. If it was always the same starting number, you would have the same problem of making it easier for someone to determine your PIN based on how many times you click the buttons.

Quote from: HCP on October 29, 2021, 11:46:45 PM
Except that the time you have to wait between incorrect attempts increases by a power of 2... and then the device wipes itself after 16 incorrect attempts
I still think that too many attempts are given to enter the correct PIN. Even with such a long waiting time in between PIN entries, I would prefer not having more than 5 unsuccessful attempts before the device resets itself.
HCP
legendary
Activity: 2086
Merit: 4361
Re: Weird layout of number buttons on Trezor emulator
October 29, 2021, 11:46:45 PM
#6
It also stops "mouse loggers" in conjuction with a Trezor One... theoretically, by monitoring where you click, an attacker could determine what your PIN code was if you were clicking in the same "pattern" every time you unlocked your device. By randomising the keypad, it makes this impossible.


Quote from: dkbit98 on October 20, 2021, 04:24:49 AM
... but I don't think that cracking short PIN number code is hard for any hacker, so I don't trust that PIN will save me from anyone except maybe kids or wife gaining access to coins.
Except that the time you have to wait between incorrect attempts increases by a power of 2... and then the device wipes itself after 16 incorrect attempts:

Quote from: https://wiki.trezor.io/Security:Threats#Brute_forcing_the_Trezor_PIN
Brute forcing the Trezor PIN

Trezor is protected by a PIN code, which can be up to nine digits long. If a good PIN is selected, it would take hundreds of thousands of attempts to get it right. Every time a wrong PIN is entered, the waiting time between the attempts increases by a power of two. The device automatically wipes itself after 16 unsuccessful attempts.

Even attempting a 4 digit PIN under those conditions is going to be quite a challenge... unlike say, attempting to crack a 4 digit PIN on a desktop wallet.
dkbit98
legendary
Activity: 2212
Merit: 7064
Re: Weird layout of number buttons on Trezor emulator
October 20, 2021, 04:24:49 AM
#5
Quote from: NotATether on October 20, 2021, 12:18:39 AM
If this is also the case on the physical device (which I highly suspect is the case since this is an emulator), and not just a kludge of the emulator, then why would Trezor choose to arrange the numbers in a scrambled order?
Yes I can confirm that this is the case on actual physical device, order of numbers is changing every time and that is not the case only on Trezor model T that have touch screen, but also on Trezor model One (you need to use computer mouse here).
This obviously improves security with random orders, but I don't think that cracking short PIN number code is hard for any hacker, so I don't trust that PIN will save me from anyone except maybe kids or wife gaining access to coins.
I think that Keepkey hardware wallet is using the same thing on their hardware wallet that is forked from Trezor:

NotATether
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Re: Weird layout of number buttons on Trezor emulator
October 20, 2021, 04:08:44 AM
#4
Quote from: Pmalek on October 20, 2021, 03:33:14 AM
It's because of a hardware vulnerability with OLED displays that could make side-chain attacks possible. Someone who knows how to check the Trezor's power consumption could recover parts of the seed or PIN code.  
The vulnerability could be exploited if the owner of the device uses a fake USB cable that is pre-prepared for this scenario.

This Trezor blog post explains it much better than I can.

The attack is dependent on the number of bright pixels used on a particular row to "guess" what letter or number it is, but if they're adding dummy pixels around each number to mitigate this, then why the need to randomly change the order of the numbers? I'm just wondering.

Is it for something else, namely:

Quote from: mocacinno on October 20, 2021, 12:26:41 AM
My model T also shows scrambled numbers to enter the pin on it's touchscreen, it makes it much harder for somebody looking over your shoulder to see your pincode.

this?

People familiar with T9 keypads can often guess the numbers being typed based on the position your fingers move even if they are sideways or 120 degrees off the other person (I have unwantedly seen more than one phone PIN code that way).
Pmalek
legendary
Activity: 2730
Merit: 7065
Re: Weird layout of number buttons on Trezor emulator
October 20, 2021, 03:33:14 AM
#3
It's because of a hardware vulnerability with OLED displays that could make side-chain attacks possible. Someone who knows how to check the Trezor's power consumption could recover parts of the seed or PIN code.   
The vulnerability could be exploited if the owner of the device uses a fake USB cable that is pre-prepared for this scenario.

This Trezor blog post explains it much better than I can.
mocacinno
legendary
Activity: 3584
Merit: 5243
https://merel.mobi => buy facemasks with BTC/LTC
Re: Weird layout of number buttons on Trezor emulator
October 20, 2021, 12:26:41 AM
#2
Yes, it's a safety feature...

I have a model one (without a touchscreen), the model one's screen shows the scrambled numbers, the website (or electrum) shows an empty grid, you have to click on the correct place in the empty grid, corresponding with the place of the number on your HW wallet's screen. If it were unscrambled, a program tracking your clicks would be able to deduct your pincode.

My model T also shows scrambled numbers to enter the pin on it's touchscreen, it makes it much harder for somebody looking over your shoulder to see your pincode.

I don't have a good memory, but if i remember correctly, the first firmware of my model T did show the number in the "normal" order on it's touchscreen, but one of the first firmware updates fixed it so the numbers were scrambled (at least, that's how i remember it)
NotATether
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Re: Weird layout of number buttons on Trezor emulator
October 20, 2021, 12:18:39 AM
#1
I recently got the chance to play around with a Trezor emulator from a friend, and one of the first things I noticed is that when typing the PIN, the numbers are not in their standard order like:

1 2 3
4 5 6
7 8 9
  0

But they're all scrambled.

If this is also the case on the physical device (which I highly suspect is the case since this is an emulator), and not just a kludge of the emulator, then why would Trezor choose to arrange the numbers in a scrambled order?
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Hardware wallets
Jump to: