Build yourself a Trezor

in trezor •  5 months ago

The recent rise of crypto valuations has spawned a new generation of millionaires. Consequently, this has also created many opportunities for hackers to steal the new found wealth.

In this post I will outline 2 methods you can use to secure your coins.

Get yourself a Trezor

Trezor is a fantastic piece of technology that will make your life much easier. Trezor is a hardware wallet, and all transactions are signed on it, which means that if someone hacks your computer, they can't steal your coins.

By far the best feature on Trezor is the way it generates private keys, by combining 2 seeds.

There is one seed key generated by Trezor on setup, and this key is securely enclaved on Trezors chipset.

The second seed is a password - any password. Every password combination will thus generate a new unique private key(s), which means that you could have unlimited number of wallets. This is especially good for traveling. For example, if you're asked to unlock your trezor at US customs, you could use a password that unlocks your wallet with 5 BTC. But you could also have a wallet with 100,000 BTC, and nobody could find it, or prove that such wallet exists.

Unfortunately, Trezor only supports a few coins (Bitcoin, Dash, ETH, Monero). To deal with other coins, we need to build our own, general purpose trezor-like computer.

Build your own Trezor

First, we need some hardware. I am a big fan of old Thinkpad laptops, and you can probably get a used T61 for less than 50 EUR.

The next step is air-gapping. We want to perform some surgery on it, to ensure that this computer will not be able to connect to the internet ever again.

Additionally, I think its a good idea to remove the hard drive and any other storage medium that could enable non intentional data persistence.

IMG_0439.JPG

I have recently performed this for a friend on a T61, and it is fairly easy. The dial-up modem / ethernet card, and the wifi card are located under the keyboard. I have also removed the hard drive.

IMG_0440.JPG

My OS of choice is Tails. The reason for this is that Tails is n00b friendly - it won't let you shoot yourself in the foot, while being super easy to use. Tails disables persistence by default. The OS filesystem is read-only, and all new userspace files will be lost on reboot.

IMG_0442.JPG

Tails has an option of creating a LUKS encrypted partition to enable persistence. It also ships with KeePassX, Bitcoin Electrum wallet and some other nifty tools. This allows us to stack encrypted layers, with different encryption algorithms and keys.

Encrypted FS (Persistent Volume) + Encrypted Bitcoin Wallet

or

Encrypted FS (Persistent Volume) + Encrypted KeePassX DB storing our private keys

.
The important thing to remember is that we should only ever mount our encrypted persistent storage from the air-gapped machine. To be safe, just don't plug the Tails USB key into any other device - ever.

Generating new wallets

Each coin has its own wallet software and tools. We need to get these tools on our air-gapped machine. We can do this trough an additional USB stick, mounted in read-only mode (don't forget to wipe it before plugging into networked pc), or a DVD rom (read-only medium) for the super paranoid.

Once the keys are generated, we store them in our Encrypted Persistent Volume.

Here is an example Steem (Python) script to generate Steem Keys. You can use the public keys from the newly generated keypairs to create a new Steem account, or replace keys on an existing account.

from steembase.account import PasswordKey

account_name = 'furion'
password = 'super secret and reasonably complex password'

posting_key = PasswordKey(account_name, password, role="posting")
active_key = PasswordKey(account_name, password, role="active")
owner_key = PasswordKey(account_name, password, role="owner")
memo_key = PasswordKey(account_name, password, role="memo")

Signing Transactions

We can also use the wallet software to sign the transactions on our air-gapped machine, and then broadcast these transactions on our regular machine - thus never exposing our private keys.

For Steem (Python), see steempy sign and steempy broadcast commands.

References

Trezor - https://trezor.io/
Thinkpad T61 - http://www.notebookreview.com/notebookreview/lenovo-thinkpad-t61-review/
KeePassX - https://www.keepassx.org/screenshots
Tails - https://tails.boum.org/
Steem (Python) - http://steem.readthedocs.io/en/latest/

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  trending

"Build our own, general purpose trezor-like computer." would have been a better title
Will correct my flag if this is improved.
(and take down my comment vote)

Very good post BTW, Big fan of the Ledger nano S lately, One good reason to build your own air-gapped wallet is that off the shelf hardware are not aimed at storing cryptocurrencies so are not targetted as much - if at all.
I like the Nano S because tampering is apparently cryptogrphically detectable.

·

Why do you think you have the right to interfere with other people's payouts just because they didn't tickle your balls just right?

·
·

Yes, you think this post isn't making enough? then buy more SP and vote on it.

Is the Tails OS stored on USB key? Make sure You do a backup of it, especially of Encrypted Bitcoin Wallet or KeePass DB file. The USB drives can crash at the least expected moment :\

·

Backup onto encrypted USB keys, and give them to friends and family perhaps.

·
·

Thanks, I actually have a ThinkPad and the necessary hardware laying around and a lot of dvds for backup (soon it will probably be like having a 5. 25 floppy tho). Great post sir.

·
·

You should consider multi-sig perhaps glacier protocol to mitigate trust issues. BTC is gonna be worth betraying friends and family for some people.

·
·

buy a tresor check
build one wow!
sent this post to hubby
thank you

·

A nice looking alternative for Keepass would be "Keeweb". It is available for any OS, open source, 100% compatible with the .kdbx file format, can additionally sync with many cloud storages and has a really good UI. https://keeweb.info

·

I will use it

·

I will check on that one.

·

Thank you for this knowledge. I literally had no idea until you said this so thank you

Do you know of a good way to use the Trezor to unlock the USB on the air-gap computer?

·

I am not aware of any practical solutions at this time.

Afaik, with LUKS, you can have multiple keyphrases. So you could have your regular password, as well as a password that is deterministically generated by the Trezor.

Unfortunately I am not familiar with implementation details, or available API's on the Trezor, but the existence of projects like TPM make it seem doable.

Perhaps @xeroc would know better, as he has done some work with integrating Steem and Trezor already.

·
·

I have some FUSE same code but it did not work nicely .. lol .. Edit utilities go crazy with temp files, renames, and even links. They really work hard to not overwrite your file until they know they can write to disk (understandable). But this complicates the fuse bindings, then have to work just right. I have gotten partly there with example code but that still needs work.

·
·

I just finished a command-line utility you might find useful.

https://www.npmjs.com/package/trez

  • Create cold-storage backups
  • Use trez files to copy data to and from cold storage (keeping the USB clean).
  • Keep encrypted partitions locked more often by extract commonly use data into Trez files.
·
·

It will work, I think it is just a matter of finding or making a script that does this.

The API allows for a confirmed or unconfirmed encrypt and decrypt of any data. Software could encrypt a strong but relatively small decryption key and ask you to decrypt it when unlocking a drive etc..

It would work nicely with the FUSE file system where private keys could go into different files that could be confirmed on the Trezor separately when you try to open them and re-encrypt when they are saved.

Will this work for coins on exchanges that have not got wallets?

·

Even if you are using an exchange with wallet, you should always store a majority of your coins in a hard wallet for ultimate safety.

Keep your money safe my friends

I did something similar with an old Dell netbook years ago, but now I just use Trezor and Ledger wallets. Lazy in my advancing age... awesome write up, thank you!

Wouldn't it be better to use a Raspberry Pi. It would then be more portable and if you get a Pi 2 instead of a 3 you don't have to worry about internet since it had no wireless card. Also you could easily add an OLED display to it and program it to make it able to show transactions and wallet addresses

·

I don't think so. rPI2 + oled display + all the peripherals required would cost more than an old thinkpad. Also its a lot slower and less convenient to use. Also, you might not be able to compile certain wallets for ARM.

Great guide friend.. Thank you for sharing your efforts here with us..
But honestly wouldn't it be better to invest a bit of money to get a pre built one?
Although its a great idea if you are feeling crafty 💡 :)
Much love and happy steeming
-Goldie

AWESOME!!!
What an incredibly powerful post to share the potency of TREZOR design with us and teach us how to do this ourselves. Can't thank you enough! Good for us all.

All for one and one for all! Namaste :)

Fantastic post. Putting this on my to-do list. Thanks so much! Please follow, I have some amazing posts coming up, trying to build my audience for a while first. THANKS!!!! WOOOOOOT!!!!

: )

Thanks for the tutorial. I struggled to get Tails booting on my iMac so rather went the Ubuntu root. Probably not as secure as Tails but still better than Windows or MacOS I guess :)

What's the best place to buy a T61? Ledger Nano S and Trezor are on back order so this would be the nest best thing. I would like to be able to safely store the wallets of the little coins all in one place.

Good post! Upvoted!
But one small correction, Trezor doesn't support Monero, but Zcash

This post received a 18% upvote from @randowhale thanks to @furion! For more information, click here!

Nice job under post!

Qué buena información me interesa mucho

Thanks for sharing this information about securing our wallets.. this is going help many of us in protecting our coins.

I'm about to buy a Trezor. My biggest question entrusting my coin to it is what happens if the internals of the Trezor are rendered unusable from static shock, EMP a house fire etc? Would the wallets become unrecoverable?

I'm mostly curious if you can export the private keys or does it only give you the 12 word brain wallet? If so is the brain wallet useless if the internal seed is lost?

Thanks in advance!

Edit: I checked Trezor's FAQ and it's possible to recover to a new Trezor or other compatible wallet using the 24 word brain key.

·

No you can write a sentence or a group of words on a piece of paper and with that recover the Trezor. But please verify that, it has been a while.

Nice post, let us vote and follow @svtechnik @coreyou

Congratulations @furion!
Your post was mentioned in my hit parade in the following categories:

  • Upvotes - Ranked 3 with 1032 upvotes
  • Comments - Ranked 9 with 128 comments
  • Pending payout - Ranked 1 with $ 1967,25

i think you should do a video so you can help all us noob so we can build our own.... it would help alot of us... great post @furion

This is a fantastic way to ensure your wallet is safe! Thanks!

WOAH! Pretty AWESOME!

Could you do one with ledger nano s? There are so many people buying them that it is nearly impossible to get. Great article!

Nice post. Useful.
p.s almost had your bank card in the pic.

Good idea but not exactly transport friendly, won't fit into pocket, it would be an extra laptop on airflights,and it would weigh a lot more than a Trezor.
I'm sure it works though. Great post.

Very useful information. I'm impressed with your knowledge and abilities!!

This is very interesting. Am going for trezor now

I just wish this stuff was way less complicated. How do we ever get a billion people on board with bitcoin wallets with stuff like this making it sound like you need an engineering degree just to secure it.

·

Exactly. I agree. I am a visual fx artist, wrangling data for years, always studying and upgrading, constantly learning. My brain eats this stuff for lunch. But try to help the girl at the checkout counter by telling her to look into bitcoin gets you very strange reactions. We need a bigger boat!

Great post !!!
Thanks for sharing @furion

·

Nice one @mcekworo
Hope u homma apply what u learnt

Wow.. Smart and good job

Thanks for this post and all of this info, great work

I just saw an advertisement for Trezor and they said it was open source, to see that he was doing exactly what he was supposed to do, they also mentioned that you can build yourself one if you do not like their accent :))))

Interesting but alot I don't understand. Sounds like a two lock box. TFS.

thank you! definitely will look at it once i get something hackers might be interested in :)

Amazing post, thank you so much

I have fuck all chance of doing this as I am a computard.

This is awesome knowledge to have, man. Thanks. Resteeming. How much does a Trezor cost, by the way? EDIT: Well, on second thought, why don't I just look that up myself! Cheers, and thanks again.

Hello @furion. PLEASE HELP us to save the Abongphen Highland Forest in Cameroon. We have just started with our crowdfunding on Steemit to get resources to protect and restore 1000 hectares of the precious mountain forest in Kedjom-Keku village. We would like to avoid the worst which could happened (actually already happening) - lack of water. Let´s use Steemit to achieve our dream and necessity. Thank you plenty for your resteems, upvotes, promotion or donation. Follow @kedjom-keku https://steemit.com/introduceyourself/@kedjom-keku/do-it-for-forest-crowdfunding-who-are-we-actually-forest-friendly-family-each-11usd-10x10-m-forest-saved

Nice one and going to look into Trezor
Good post @furion ...upvoted a d following you already

This is freaking amazing. I wish I had some computer knowledge so that I could have gathered some courage to do this operation on my own. Nyway great post. I hope steemq is on the way. any secret news ?? a lil secret info leak may be as a tip for commenting. :)

great article! can you use raspberry for this?

Which one is the better - Ledger S or the Trezor?

Thanks for sharing a wonderful Information

super useful article. thank you for writing!

Very interesting. Resteemed :-)

@fusion really intresting post very good like the way you used the laptop carry on the great work and keep pushing steem amazing stuff

Yo, this is clearly not for noobs as I wouldn't try this at home even with my laptop. What's your take on paper wallets?

This is a wonderful post and I think everyone should get trezor. Thank you for sharing this information with us.

Key management is HUGE and needs to be talked about more.

Private key generating on an air gapped net neutered laptop, then also using said laptop to sign transactions offline? Priceless.

I kinda want to build one now, just because I know I might need it in the future. I like the idea of doing "surgery" on an old laptop.

Ah man, I wish I was a bit more techsavvy. This looks great and exactly what one needs.

It should be a goal of the whole cryptoindustry to make it easy accessible and easy +safe storage , since this is a key element of main stream adoption. Thank you for this blogpost!

Amazing! I have access to a bunch of old laptops... at least one of them is about to get modified.

Always great to know how to secure your new found financial freedom!!

interesting.

I've got 5-6 old laptops that won't work correctly (mostly hard drive problems, though the Thinkpad with touch screen, technically one of the first laptop-tablet hybrids, has a broken screen), 3 of them thinkpads. this might be a good use for one of them.

Thanks for the tutorial !

Thanks I am going to try and look into this more.

This is awesome. I plan on buying a Trezor for ease of use purposes but might still build of of these just because I like to tinker.

Dude! This is awesome.
I will try this for sure!
Thank your very much.

I already feel crafty :3

Great tutorial. Will try..

Thanks for this amazing tutorial!

dude this is so cool! :D

Build me one..i will buy..lol

so that's the way, I finally know how to secure my coin.

Very helpful thanks for the tutorial, this is very helpful @ furion

But I have a little question, whether to use a pc / laptop with the same brand or product ,? What about the windowns of the pc / laptop,?

Really very interesting as a tutorial. Personally I think buying a smaller one

What about using something like this to store them on..http://www.ironkey.com/en-US/encrypted-storage-drives/

Nice tutorial @furion. Have you thought of using Raspberry pi instead of laptop?

But I still prefer the cloud based solution for my crypto currency password management.

Cheers,
@Yehey
https://QUE.com - I will follow ALL who follow me. I think that's fair.

·

I have, and I think an old thinkpad is cheaper, faster and more convenient.

·
·

What is the cost of an old thinkpad?
Cheaper compare to Raspberry pi for $35 or less?

·
·
·

craigslist.org

Just have a couple of junk laptops at work, I will try to do everything on your instructions. Thank you!

Thank you for sharing this very nice detailed info!

Woah! Great work I must say. Really impressive!

Waaaw nice information

Wow! Did know this was possible. But then again I guess anything is possible.

Hi @furion ! i ended up ordering a tremor and it should be here by tomorrow!!

I've taken a few computers apart to modify accessibility to the net. I could do this, excellent instructions!

Definitely not for novices like myself. Will have to buy a Trezor. :)

If Trezor is easier to develop on than the ledger nano, I should get one. I have been asking around if people wants a hardware wallet for Steemit.

I will b doing this adding my own twist to it great post

awesome!!:o

Hello my friend ,, regards stem i son indonesia help me, this is my name @syehlah, i like posting You @furion

Thank you! This was a good read.

this just solved lotta problems

Thanks Mr. Furion
Awesome program

I just bought ETH and WAVES... BTC gooing directly to hell

This is amazing!

Do you know if there are plans for the trezor to support other coins? Or do you think "trezor" like things will eventually come onto the market that will be able to facilitate all/new cryptos?

Awesome post! i just got a trezor!

I got a lot out of the first part of the article, and I just checked out the Trezor thingy... they accept bitcoin as payment which is cool. The 2nd part was way beyond this newbie who is a bit tech challenged, but from what I could tell you did a great job explaining the low budget, "retrograde" alternative and I appreciate that. All the best!

Very informative post. I am brand spanking new to the world of cryptocurrency, and soaking in as much info as I can. Thank you!

love it, I love tinkering with stuff..this is my type of article :)

You have to be a hacker to prevent hackers from stealing your bitcoin O.o lol

I feel like this is a little out of my depths, but I plan on giving this a second look over just to remember all the great advice. As a newbie, this stuff is incredibly fascinating/valuable to me.

Practical if you have a sh*tload of coins. If one is just starting up, I think there are decent mobile wallets that serve their purpose. One can also first learn to do cold storage, restoring from backup etc. I 'll definitely keep this post for reference on my way to the moon! Thanks!

This looks like a cool project, I'm gonna take your word for it and hire someone to build me one when I get to the place that I need it.