Hi, we're going to do a teardown of this site Rez or Hardware Bitcoin wallet and thanks to the viewer who set this into the mailbag, they specifically wanted me to do a tad out of this puppy to see like how physically secure and everything else it is so that should be very interesting. Let's take a look But first of all, what is a hardware What? Well I won't get into what crypto currencies are and everything like that it you've no doubt heard of Bitcoin if you're watching this video well this is a way to store your bitcoins or other two handles Aetherium and Litecoin and various others. It's a hardware wallet physically stored on this little device which are plug in to micro USB here and the advantages of a hardware wallet over like your traditional software while other keeping on a USB stick or everything else is that they're encrypted on here. They're physically secure.

You can't get hacked by key loggers, malware, You can use them on any computer anywhere you know. Nobody can actually recover these unless they have the pin number on the actual device to do it. So yeah, these are like really offer quite a lot of advantages over a software wallet or just stir it on your hard drive a USB stick or one of those online now wallets for example. So even if this Hardware wallet gets stolen, they're not going to be able to steal your coins in there because it's pretty pin number protected.

So unless they coerced you into handing over your pin number and getting them that way, they should be physically secure ik and accept up to a nine digit. PIN And every time you incorrectly try the pin number at the the time the wait time period goes up by a factor of two. So it's practically impossible to guess the pin number on this thing. But hey, can you extract the pin number from it? Can you, you know, get something out? Can you physically hardware hacker? Well that's what we might try and have a little look at in the teardown anyway.

and if it does get stolen, you can actually I recover them another way. Using a recovery are see the recovery process. So it's really about the security number. Anything is what people need to physically extract the your coins from your hardware wallet so long as you keep your pen secure should be.

and I'm pretty physically impossible to actually I crack these things. That's the plan Anyway, now this is manufactured by us. Satoshi Labs It's at one of the most, if not the most popular Hardware our wallet on the market I Believe it was one of the first on the market and it's had a few security issues in the past. like somebody was able to do a side channel analysis power analysis attack on this thing and actually recover the private key out of the thing.

But yeah, that's been fixed in firmware a couple of years back, so apparently it has not been hacked since. And the other good thing. about this is that all software and here is open source so you can actually see. Go in there at the community, can go in there and analyze exactly what's going on inside this thing and the private keys are kept secure by us.

Satoshi Labs So as long as they're physically secure, everything should be fine and this supports our remote firmware upgrade over the USB. But you can't just like flash new firmware in their hat, firmware or whatever because the process of doing that actually will actually wipe the your coins. So you can do a firmware upgrade like a proper firmware upgrade without losing your coins. but putting in hacked firmware that's not a sign that doesn't meet the private key at Satoshi Labs then it's a it will wipe all your coins in there so you can't hack the thing by just doing some sort of firmware hack or firmware upgrade.

So what I'm interested in and what the viewer who sent it in is interested in is actually what's physically inside this thing. Is there any extra hardware security protection and stuff like that? I would like. There's a few things that I would like to see inside this: I Like if I was designing a hardware wallet like this that could be designed to store an unlimited number of Bitcoins. That with this Hardware while it can store billions of dollars worth of Bitcoins, it can physically do that.

so you know people trust these things to hazard. You know to store their Bitcoins we couldn't could be worth a phenomenal amount these days, especially if your boredom years or something like that when they are worth a pittance and now they're you know, a couple of thousand bucks a Bitcoin significant value tied up inside the hardware security inside these things. So if I was designing this thing just to be sure, there's some like measures that I would take in these and you see these in like pin pads and things like that were done tear downs of pin pads before and some other channels have done pin pad tear downs. If you don't know what a pin pad is, one of those RF post electronic point-of-sale transaction terminals that you get in shops and banks and things like that where you put your credit card in.

they have lots of hardware security measures in there. You might put the products like a hard potting compound in there I'd be doing that for physical security and then you'd have our ante. You might have some anti tamper stuff inside these things so if you try and crack the thing open then you know it might just do it. Raise the keys if you physically do that or you can actually get physically secure main processes.

You buy them where they have like a physical mesh over the top of the dye and other physical security measures. so even if you dissolve the chip in like sulfuric acid and try to get like an electron microscope or other device to try and actually read the individual data directly off the dye and stuff like that that can actually physically be prevented with the use of these physically secure chips that you can buy. So I'm just curious if it uses one of those is I put it there Any tamper protection? If you open the thing, it looks to be ultrasonic Li You know, heat welded or something like that so it looks like we're going to have to Dremel this thing open. But anyway, let's just take a look at doing a side channel power analysis attack if someone actually actually has done this in the past.

but I think I mentioned before, they have actually fixed that in a firmware update. they may have. The hardware may have changed in the couple of years since that hardware side channel attack was revealed, but that's all fixed now apparently. but let's just have a quick squeeze.

Okay, so let's just do some basic side channel power line analysis. What I've got is my road. What scope here: 10-bit ADC I've got high res Average mode on 20 Meg sample memory depth maximum and I'm breaking into the ground line of the USB here. I'm just breaking this out into a 10 ohm current sense resistor here.

Got that on the scope? Be careful where you put your ground on this. don't put on the positive. I've done a whole video on how not to blow up your oscilloscope when probing USB stuff like this, so just be very careful with that if you try and do something like this and we've got it connected. And the good thing is is we can get a decent voltage drop across this thing and it still works.

So this is actually fairly tolerant of you know, inserting resistors in the power line like this to actually get a quite a decent voltage. In this case, 100 millivolts per division. So we can see that we're about our 40 milliamps or so. so we're actually getting a quite a decent signal level there.

So we've got one second per division triggered at this point over here and at the same time that I triggered it roughly I connected to the wallet on the website. So as yeah, it's basically we're sitting there doing nothing and then I connected and sure enough, five seconds later which matched up with where the information popped up on the screen. Took about five seconds to connect and do its business. We see some anomalies here apart from the usual noise, so let me zoom in.

So go into the centre here where all this regular stuff is and as you can see it's very periodic, but we can get some really good detail on there and that stuff in there's about 5.3 Kilohertz is very Pirie Everything is very periodic, You know you can like scroll all the way through this and it is identical. So this is your regular processor operations. I Can't find any anomalies in there. Really, it's just your regular periodic stuff.

It's updating the display and doing your regular processor loops. I Can't find anything that is out of the ordinary there. So I think they actually have fixed that in the firmware. So the first thing we actually get to is this over here and we can.

Actually, because this is actually lower, you can see it's a lower current here. we can. Actually, it's probably like turned off the display or blinking doing something like that. and if it look, there's just not enough time in there for it to you know if for us to extract any useable data.

So I think they've hidden that quite well. I Mean this was a problem. This has been attacked before and then the information was given to Tresor And sure enough, like in the next firmware update, they fixed it and then might have even been hardware changes since this was a couple of years back. So who knows.

They might have tweaked the hardware a little bit as well since then, but this brand-new one that I've got. There's just not enough information in there based on the previous power line analysis attack where they got the private key out of it. It's just that there's not enough room. So I think they fixed it.

It's just yeah, we can actually measure stuff in there so it would be, but it looks like they've hidden it really well. So I can't see us extracting anything from that and we can actually use an E field probe as well. I tried a small hate-filled probe and I'm not getting any magnetic coupling over that, but if we put this into a certain places over the back, we can actually get a a coupling not via the ground but just via the PCB inside there which haven't taken apart so don't know the layout yet. But yeah, we are able to pick something up.

Let me show you well hang on. I was just capturing a summary field probe stuff and look I got some major packets here I was not connecting via the hardware wallet but I was doing some 200 millisecond per division stuff and look we've got some a much light like we've really got some periodic got stuff in there and you see it matches our the E field probe here. you might have a look at in a minute but you can actually see some huge variability in there so is that. but once again that is very periodic.

I don't see any information. was that like updating the display or something like that? but I don't see any actual data in there and I was not connecting to the wallet at the time and and I've tried some afield and H field probe stuff with the E field probe. I've been able to kinda get some correlation on here but no real extra information on there so yet like there's nothing doing with the MC analysis at all. So whilst I would like to see a you know elimination of any possible side channel attack via the powerline like this I mean you can do that in the hardware.

they obviously haven't bothered or they've made some Bart weeks since I since the hack was originally discovered and it looks like they fixed a bit. Still, you can see some processes stuff, you can see some periodic interrupts and you know stuff like that happening. but I can't see any data. doesn't mean it's not in there.

but yeah, it looks like they've hidden it really well and what I've got here is that actually starting up from the sleep state. So I click the trigger and click the website over here and then we can see it actually power on. And yeah we do have some stuff down there, but once again it's like really not enough information to decode. so there's yeah, there's nothing doing there at all.

One a really nice secure feature I Love about the tresor is that when you do a transaction, it pops up with a pin that you have to enter and it's not the same every time you have to actually have a look down on the device itself to actually see it, randomizes that pin location so it's not the same. That is really quite neat. So even if somebody had a key logger on your computer for example, yeah, they could get where you clicked on that keypad of course, and they would get of course the number of digits. but they don't know because it's a randomized order like this.

so they can. They can't even steal your pin number with a keylogger. Fantastic. And then when you're confirming a transaction actually pops up with the actual Bitcoin address on the device itself, so you've got to make sure that matches what's on the screen.

Terrific security. I Love it. It's thought of everything and we're in. Well, There you go.

I'm very surprised just to find the bare PCB nothing look spotted at all. We should be I'm looks I wouldn't even get the chip number off that. We'll have a good look at the PCB shortly and they've got some gunk behind the micro USB connector. there.

Is that for some extra? just for some extra physical strength? Not entirely sure. Anyway, I'm very surprised that nothing's potted in this thing. That would have been my first port of call if I was designing this. If anything, just just to make it a bit more physically robust.

I mean this thing they say it's a well? Actually, that could be for water ingress? Maybe. Is that harder? Is that soft? Yeah, it's a softer. It's a soft compound. so yeah, that that looks like it's a might be a physical water Things I Don't think it's waterproof, but it's water resistant or something like that.

So yeah, but they could have done that better to make it entirely waterproof. But I would have potted the thing that would have been just as a matter of course, physically encapsulated into a hard epoxy potting compound over the whole thing just to make it physically difficult to access. And anyway, let's see if it still works, shall we? It still works. Look at that, right and I can confirm that that does hook up to my our wallet on the computer like the the web wallet up there.

I can see all my information I Can see that it still has my noir point double-o for bitcoins in there. I've got like nine currently. Nine dollars. eighty nine were the Bitcoin still stuck inside that thing, But that's the thing.

I'm very surprised at that. For something that's designed to protect your you know, your valuable bitcoins which could be worth it, you know, potentially millions of dollars. Oh, he wouldn't trust it. maybe to one and device, but still right.

I would have potted this thing because anyone can just hack that open like I did and get physical access to the pins of the chip and then you can start hacking away whether or not it's possible to actually you know, recover the pin from this thing. I You know I don't know it will require you know a huge amount of effort probably to try and do that. but the first line of defense is physical security and it does not have any so and it still works off you open it so there's no ambient light sensor or micro switch or anything else that any other sort of like anti physical protection tamper in there that prevents you from accessing chips. But the problem with that unlike say these are pin pads that I mentioned earlier the eff pasta terminals they will actually have a the keys inside will be battery backed up SRAM Static Ram So once you get in and it's actually they'll have a separate little micro in there that's actually detecting whether or not it's open and as soon as say an ambient light sensor trips or a micro switch like a contact physical contact breaks or something like that to know someone's gone in there then it'll just wipe the memory.

Whereas this doesn't have any battery or anything like that, that's why. Okay if it doesn't have you know as some sort of tamper detection that automatically are wipes it or whatever then that's fine. but at least physically prevent the access you know I I would have done that just as a matter of course. really.

So what I thought I'd do is just thermally cycle this just to see how it physically survives and of course, proper thermal cycle. Long-term thermal cycle testing is a you know, very time-consuming and complicated process. but I'm just going to do it the time poor engineers. We use the electronic freezer spray and the heat gun and just cycle it through I won't do it to the OLED display because that's not what then is important because you could actually a good thing about it not being pod as they could actually replace the only display if that failed.

but then of course you'd just buy it. You could buy a new wallet as well and re see the thing in and use your recovery that way. but we want to do the chip and um, yeah, just for kicks, why not? let's go. and I'm doing that at about a hundred degrees so you know not not hot enough to melt the solder.

So most like about a couple of times and I rechecked by connecting to it and my bitcoins are still there. So yeah, like we could go to town I might do it a few more times, just the kicks. but I don't expect any issues, it's just a bog-standard micro. You could of course get the industrial temperature rated one of course just for extra.

You know I would pay extra to get the higher rated more qualified device. But alright, let's have a look at this under the Takano microscope. The first thing you notice is the shine on there. That's a conformal coating that is to help the water water protection moisture protection stuff like that so they tried to make it a bit more reliable.

You can see where they've mastered off around the tactile switches there, so you know that's a reasonable moisture protection, so that's a nice little measure. It's not a security measure at all, it's just purely for water ingress. and it's basically just one arm chip on a board with the USB. That's um, that's basically it.

This would be the JTAG interface. We could follow the traces down to there, but it's one on. There won't be anything under the LCD there. that physical V LCD is physics re the OLED display.

There is physically down on the boards. there's nothing else. there's just that one arm cheaper. So it's basically just a software solution which is fine, which is you know, basically all that's all that's required and we can actually get in there.

and it looks like is that an ST Part 32 F 205 Re t6 Let's go to the datasheet, but I'm pretty sure this is not a physically secure processor, so that's a bit. it's just a regular Joe Bloggs processor. I'm a little bit disappointed in that peel off our gunk there. There we go.

Got access to our our pins and of course those test pads on the bottom. They're for our production bed of nails. Our so we can like this thing is easily probable, but it's all a matter of the the software security side as I said. so that's where all the magic happened.

So I didn't guess. It doesn't need to be any fancier than this, but I I just maybe would have used just a secured processor as a matter of course because if you get in there and dissolve or away or the the epoxy our case with a sulfuric acid then you can get access to the dye. and technically if you didn't damage it during that process which is possible you could get in there with an electron microscope or other means and physically see and physically extract the presumably the pin number out of it. but that'd be you know, real advanced, pretty advanced skills.

but maybe it's possible. But the interesting thing about this is even if you could dissolve the chip in sulfuric acid, get access in there, recover the pin. The security: You can reflash the programming, fusing their load some firmware on which you know, some hacked firmware which could extract it or whatnot you know, spoof it into extracting the pin code out of the thing and getting to work in that way. um, all that takes significant time.

Whereas if you are once you realize your traceur Hardware wallet has been stolen, you can simply change the recovery seed key for the thing which would effectively should present and prevent them actually are doing that. You know it. rebase achill ear Enders the thing physically useless once you've changed that recovery seed. So um, yeah, you know it's probably adequate I Guess my main concerns they like adequate.

From a hacker security point of view, my main concerns would be I'm just just a physical reliability of the wallet I would have okay, they've done some conformal coating him here which is okay to prevent moisture ingress and stuff like that is there. er, as a you know, a little bit there which is exposed and moist. you can get in under the like, what not I just physically would have potted the whole thing like that's not a huge extra cost I would have would have done that as a matter of course, really. And there's not a huge amount of our capacitance or diode protection in here to prevent that power line attack.

But as we saw, you know there's not real. There doesn't seem to be anything to see there because they've smooth that fixed it in our first software. which is you know, entirely possible. So the fact that you know stuff does get back out like you know, you can see the processor cycles, the interrupts, cycles inside this thing, and other stuff is leaking back out through the power line.

It's not a big deal as long as you know about that fact and you can compensate for that in software so you can. This software is open source so you can go see the changes they made since this was originally had that power Line hacking. you can see what you know anti-spoofing stuff they've done there. It's all it all Be documented in this source code surely.

So there you have it. That's the Tresor Hardware wallet from Satoshi Labs and it's just a microcontroller with lots of software magic and that's all there is to it. There's no extra hardware. our security jump a little bit surprised at, but it you know and it's not a real issue because it's all about the software security.

I Really have thought about this thing and apart from the power Line attack which lay house, fix that I don't believe. Please correct me in the comments down below. if you know of another successful hack attempt on these things, to get the pin and recover the bitcoins out of it is a hardware or a software, please let us know. Yes, we could hook up the programmer on there to get in there, but we're not.

They've thought about this. Okay, they're right. it's all about the firmware in there is signed via the secret key. It's a private key at Satoshi Labs and if you try and do anything to the firmware, it's just going to erase those keys.

So yeah, there's pretty much going to be no attack there. I'm not going to say it's impossible, but I haven't heard of anyone doing it and I'm not going to try and do it because that's not my expertise like a software hack in an ST micro for example, or any sort of our cryptographic hacking and stuff like that. I'll leave it up to those more experienced. and I'm sure a lot of people have tried and there's only been the one successful Powerline attempt as far as I know, so it seems pretty solid.

although it just occurred to me what if you actually hooked up the STR programmer to the programming port on this thing? I've got one here. It cost like, you know, tens of dollars. They're dirt cheap and what if you could actually are getting there and modify the E Squared prime content where it actually stores that pin enable things I can get like the pin in correct for example, it will store it in the E Squared prom they got it wrong and then the next time you power it up you could like it reads that and then it determines right. You've got to wait a longer period and then a exponentially longer period as you do more attempts.

but if you can somehow automate the power cycle process and also I reset, find and reset that R squared from contents where it actually stalls that, maybe you can have an infinite that. What a very fast process, but actually systematically attacking the PNM running through all the pin number contents. Although maybe you know you can only write to an E Squared problem so many times, so it might die before you get to the pin number, especially if it's 9 digits long for example. but you never know I you know I Thought that maybe there might be something there, but yeah, I'd have to set up this and find that where it's actually stored in there and actually try it and it's a lot of effort.

maybe for a second video or maybe someone else out there can give it a try or maybe they already have and it's not an issue. Anyway, that just came to mind. but I think like this thing should have a version or you know, maybe you can pay more for you know, a premium version that is just like instead of having the plastic case on the thing actually encase the entire thing in epoxy caught in putting compound and it becomes the case. It becomes one big solid monolithic block with just the cut out window for the LCD and the switches.

The switches could even be capacitively coupled or something like that perhaps. But yeah, I wouldn't you know I'd like to see a more physically robust device in this? If I was you know, trusting huge sums of bitcoins on this thing, then you know and what's I would like to pay for more premium physically robust device. But the security I think you know they're probably as good as you're going to get software wise. So I hope you enjoyed that video and found it interesting and useful.

If you did, please give it a big thumbs up. Catch you next time you.