TREZOR Model T

When the TREZOR T is unplugged, it powers down and disconnects from the internet. You might notice that the Model T doesn’t require users to back-up their mnemonic phrase, despite providing a card to write it down on. This allows users to skip the lengthy process of writing down their phrase when they first use the Trezor bitcoin wallet. Most other hardware wallets will ensure you write down your phrase, then have you re-enter it to ensure you’ve done so.

Fear hardware loss? No need.

There is a special dedicated region of flash for storing the security and device configuration, known as the Option Bytes (OB). Most important for the overall device security, the OB contains the Read-Protection Level (RDP Level) which is effectively the security configuration of the device. By default, the Trezor and its derivatives are configured with RDP Level 2, the strongest level of security offered by the STM32. In 2018, SatoshiLabs added to its inventory with a hardware wallet that improves on many of the Trezor One’s features.

By repeating the attack it is possible to extract all of the flash contents. Additionally, because the Trezor firmware utilizes an encrypted storage, we developed a script to crack the PIN of the dumped device, leading to a full compromise of the security of the Trezor wallets. The script was able to brute force any 4-digit pin in under 2 minutes. Read Memory, the BootROM bootloader command handler checks if the RDP Level of the device is RDP Level 0 for each command issued to it.

Our attack begins by re-enabling the integrated bootloader of the processor using a fault-injection attack. This integrated bootloader has functionality to read-out the flash contents of the device, but verifies the protection-level of the chip while executing the command. By utilizing a second fault-injection attack it is possible to circumvent this check, and then the entire flash-contents of the device can be extracted 256 bytes at a time.

Prior to developing hardware wallets, SatoshiLabs introduced the 24-word seed phrase (BIP32 HD wallet) backup method. The Model T is the second iteration of their work on hardware wallets. The Trezor T is a cryptocurrency hardware wallet designed by Satoshi Labs.

The TREZOR Model-T is a second generation Bitcoin/Altcoin hardware wallet manufactured by SatoshiLabs. The TREZOR line debuted in 2014 with the TREZOR One (T-One) and has remained one of the most popular cryptocurrency cold storage solutions to date. The Trezor Model T looks different from other crypto hardware wallets. It has eschewed the USB-aesthetic of other devices in favor of something that resembles a modern car-key fob—but with a screen.

The Model T was announced in November 2017, on the ninth anniversary of Satoshi Nakamoto’s Bitcoin white paper and made available for pre-order. All pre-order devices were sold out, and regular sales are expected to start soon. Much of the behavior of a microcontroller is defined by values it reads at power up. These include strapped pins that are read at boot (BOOT pins in the STM32 documentation) and the security configuration bits (Option Bytes in the STM32 documentation). Note, many of the following details have been determined through empirical reverse-engineering of the boot behavior of the STM32F2.

Note, because the glitching attack described in this work targets the BootROM code, it cannot be reliably mitigated by any countermeasures implemented in the vendor’s firmware. A vulnerability in the firmware leads to an inherent hardware vulnerability that cannot be patched and requires the underlying hardware to be replaced completely with a new hardware revision. Kraken Security Labs has devised a way to extract seeds from both cryptocurrency hardware wallets offered from industry leader Trezor, the Trezor One and Trezor Model T.

It was determined that the integrated BootROM bootloader can be re-enabled in a similar fashion. The new TREZOR model T, a hardware cryptocurrency wallet developed by SatoshiLabs, is the second generation of SatoshiLabs’ popular TREZOR hardware wallet family.

This is so that even if someone obtains your Trezor, they cannot unlock and use it unless they have your PIN code.This concludes the set-up process meaning you’re good to go. It goes without saying that at all times, be extra vigilant to ensure you don’t expose your keys or recovery seed. The Trezor Model T is a state of the art hardware cryptocurrency wallet that comes with exceptional coin security. Released in March 2018 with the latest firmware update in March 2019, the wallet features a new operating system tagged Trezor Core.

This deativates all debugging features and disables the integrated BootROM bootloader. With voltage glitching it is possible to corrupt the RDP value being read from the Option Bytes, as shown in the Wallet.Fail research. This effectively allows an attacker to downgrade the security configuration of a target device from RDP Level 2 to RDP Level 1.

Advanced features for expert users.

  • This integrated bootloader has functionality to read-out the flash contents of the device, but verifies the protection-level of the chip while executing the command.
  • By utilizing a second fault-injection attack it is possible to circumvent this check, and then the entire flash-contents of the device can be extracted 256 bytes at a time.
  • Our attack begins by re-enabling the integrated bootloader of the processor using a fault-injection attack.

A downgrade from RDP Level 1 to RDP Level 0 was determined to be infeasible in practice, due to the hamming distance between RDP Level 0 and RDP Level 2. By performing a voltage-glitch during BootROM execution it is possible to re-enable the JTAG and SWD debugging interfaces.

The Trezor Model T is a cold storage hardware wallet for storing cryptocurrencies like Bitcoin, Litecoin, DASH, and many others. A Digilent Arty A7 FPGA development board was used for glitch and pulse generation, as well as instrumenting the STM32 and accurately timing the glitch.

For those that want additional features (i.e.multisignature Bitcoin transactions), popular wallets like Electrum provides functionality that isn’t available on the Trezor portal. Even though some users won’t be at all concerned with the aesthetics of their hardware wallet, the Model T isn’t the flashiest looking device. Compared with the Ledger Nano X, or even the older Ledger Nano S, both of which feature brushed metallic covers, the Model T looks fairly utilitarian with its all black plastic body. Trezor Model T DownloadAll Trezor models come without firmware, making sure the latest version is installed at its first use, to ensure they aren’t vulnerable to hacks.

Trezor. Invented for your digital freedom.

The Trezor Model T generates a 12 word recovery seed, but can take in 12, 18 or 24 word recovery seeds from other compatible wallets. The recovery seed of the Model T can be entered solely via its touchscreen and not on the connected device (like model One). It is also worth noting that there are no known cases of crypto theft due to exploiting hardware wallet flaws. Also, the vast majority of cryptocurrency theft is due to user error.

TREZOR T Review

This means that it is possible to glitch commands that should fail based on the device’s RDP configuration (i.e. bypassing the command handler that should have returned a NACK). As a result, it is possible to execute commands that are not available at RDP Level 1 or RDP Level 2. If applied to the Read Command, it is possible to arbitrarily read flash memory from the microcontroller. Since the cryptographic seeds of many STM32-based wallets are stored in the STM32 flash, the seed storage of these devices can be compromised. The STM32s used in wallets like the Trezor One are set to RDP Level 2 at manufacturing time.

With a color touchscreen, an SD card slot, and support for thousands of coins, the Model T delivers many of the features one would expect from a modern crypto hardware wallet. The Trezor Model T runs onopen-source firmware that supports thousands of coins and tokens. Users can manage funds via the company’sweb portal, or through third-party desktop or mobile apps.

TREZOR Model-T vs. Ledger Nano X

Once the firmware is installed, users can now begin using the Model T to store their cryptocurrency. Trezor hardware wallets are the flagship project of theblockchain software and security group SatoshiLabs, which is also the creator of CoinMap. Pavol Rusnák and Marek Palatinus, the creators of SatoshiLabs and Trezor, built the Trezor wallets with audibility and open-source code in mind, rules which they still build by today.

If handled properly hardware wallets are extremely secure, and are routinely updated as blockchain technology advances. Kraken Security Labs has identified a critical security issue in Trezor hardware wallets which enables seeds to be extracted from the devices.

An FTDI FT232H-based breakout board, the Adafruit FT232H, was used for UART serial communication with the BootROM bootloader command handler. A Maxim MAX4619 multiplexer was used to multiplex between a nominal operating voltage for the STM32 CPU core voltage and the glitch voltage, i.e. A BreakingBitcoin board was used to simplify interacting, which is a pin-compatible Trezor breakout board. However, removing the microcontroller and placing it in a socket was deemed to be easier than soldering all the connections (brimarily Boot0 and Boot1) for the in-situ attack. After the initial set-up, the TREZOR Model T seems very easy to use, with an appealing UI and cool new features.

Most Cortex-M microcontrollers contain ROMs that are executed at boot, commonly referred to as BootROMs. BootROMs are the first pieces of software executed by a chip and are responsible for loading important parameters, such as the security configuration of the chip. In the case of the hardware wallet, this is the actual firmware of the manufacturer.