How a Trezor Wallet Passphrase Taking a Lifetime to Brute Force Was Cracked by KeychainX Experts in 24 Hours – Sponsored Bitcoin News

You have lost your passphrase to your hardware wallet. Are you trying to find out how to get back your coins? This is what KeychainX’s recovery specialists have done for clients. The KeychainX service is trusted and can recover lost crypto wallets.

How to recover a Trezor wallet passphrase

A TREZOR hardware wallet is a security device that protects the user from key loggers and phishing e-mail, keeping the user’s Bitcoin and crypto safe. Various hacking groups could open the device by mitigating side-channel attacks; however, the method was only possible because ‘a passphrase was not used’. The transaction is protected by the PIN that the user enters when making it. Only backup is the 12/24 word mnemonic which determines which addresses are saved on the device.

A client recently asked KeyChainX to force his TREZOR wallet. The client forgot the passphrase (also known as the 25th Word). To ensure that funds remain safe in case a user loses their wallet or someone steals the 24-word mnemonic, the passphrase was created. It can be either a word, number or string of random characters. The idea behind it is to deceive the thief into believing that once he opens someone’s TREZOR or recovers it with the 24 words, he will only find a “fake” or low-value amount of BTC. This specific client had 10 USD worth of Bitcoin stored on their TREZOR’s main wallet based on the 24 words, but the real treasure trove was a wallet hidden behind his passphrase, the value the team cannot disclose.

KeyChainX divided the job into either two or three phrases. Before the team could get started, however, the client demanded that they meet face-toface. As travelling to South America was out of the question as we had a security presentation scheduled in Europe, the client agreed to a Skype “interview”. He was convinced by the team after two hours that they wouldn’t run off with his funds.

What did the team do to crack it open and brute force it?

Data sourcing is part one. The team began by gathering information on possible hints for the passphrase. A six-character passphrase is too difficult to crack with standard tools. Btcrecover, a tool that can bruteforce a number of hundred passwords per second is used by gurnec to break a GITHUB repository. A 5-character password can be broken in two days, but if you have to add numbers and capital letters it will take six months.

The client’s password consisted of more than 5-characters with both upper- and lower-case characters, possibly numbers and a unique character, which could approximately take 2+ years to brute force with the tool; that is, if the main wallet was the first created on the TREZOR. However, this was false. Instead, the “fake” wallet was created; first, there were transactions, and the genuine wallet was created later. The team had to look for different wallet addresses in order to change them, increasing the amount of time needed to crack the encryption.

The team received a request for TREZOR opening several times before they decided to create a customized tool using GPUs. This custom tool can process 240,000 passwords per minute, which is 1000x faster than the gurnec GitHub.

Customizing Mask Attack

KeyChainX was given five addresses by the client, some hints and the 24-word keymnemonic. To begin, the team needed to confirm that each of the 24 words was correct.

They had to then choose the derivation path they wanted to look for. A TREZOR could use either LEGACY addresses or SEGWIT addresses. It is easy to distinguish their specifications by simply looking at the first character in the address. SEGWIT begins with 3 and LEGACY with 1. Different derivation routes are used depending on BIP version. Therefore, the team needed to identify which wallet type to use and the derivation route to follow. Finally, SEGWIT uses m/49’/0’/0’/0 and LEGACY has several options. Finally, TREZOR started the tool by using eight x 1080Ti Founders Edition GPU card cards. They can be as high as 1000 USD each depending upon model and specifications.

The team initially searched a large space of words and characters, but it took two months to find the algorithm and mask. The team had to change tactics and look at the TREZOR owner’s hints and find a pattern. As the password characters, it used capital/small letters. There were then several lower-case characters and limited combinations of numbers such as birth dates, months, pin code to safe, etc. Also, two characters had been used that were unique so it was necessary for the team to take this into consideration. The mask was modified again, and BOOM, the team found the password within 24 hours after the “interview”.

WeChat sent a quick message asking for the client’s BTC wallet. The team advised the client not to use that TREZOR twice. The team transferred the client’s funds to them within the hour.

Crypto Wallet Recovery Experts

KeychainX is a crypto wallet recovery company that has been in operation since 2017. The company recovered wallet keys for many clients from all over the world and you can see some of their raving reviews on Trustpilot where KeychainX has an almost perfect 4.9 ‘Excellent’ score. This article will explain how the company unlocks various types of wallets. It also discusses its use with blockchain wallets.

KeychainX has relocated in 2021 from its birthplace in the U.S., to Zug, Switzerland – a part of the world known in the blockchain community as Crypto Valley due to its concentration of relevant companies. Robert Rhodin (CEO) is naturally a leading expert on the topic of recovery of cryptocurrency wallets.

To learn more about the company visit KeychainX.io or just send an email to [email protected] if you need to talk about password recovery.

---

This post is sponsored. Find out how you can reach our audience. Read disclaimer below.

Images CreditsShutterstock. Pixabay. Wiki Commons