Black Friday 2024: 25+ Ways to Save on Online Learning

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Wallet.fail

media.ccc.de via YouTube

Start learning Write review

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Grab it
Explore a comprehensive analysis of security vulnerabilities in popular cryptocurrency hardware wallets in this conference talk from the 35th Chaos Communication Congress. Delve into architectural, physical, hardware, software, and firmware vulnerabilities that could potentially allow malicious attackers to access wallet funds. Examine various attack vectors, including breaking proprietary bootloader protection, exploiting web interfaces, and performing physical attacks like glitching to bypass security measures. Gain insights into recurring issues across multiple wallets and learn about necessary changes to build more resilient hardware wallets. Witness live demonstrations of some of the most intriguing vulnerabilities on stage. Cover different classes of vulnerabilities, including firmware, software, hardware, physical, and architectural issues, along with their potential for mitigation or long-term impact on wallet security. Understand the challenges of building secure hardware and the implications for cryptocurrency storage and trading.

Syllabus

Intro
A long story short...
How is cryptocurrency stored?
What's a hardware wallet?
Security stickers
Counterfeiting is a real problem
Removing Tamper Stickers with hot air
Stickers cause confusion
Sticker Attack Takeaways
Opening Enclosures
What do you do once it's opened?
Goals for the hardware implant
When do you install an implant?
supermicro.fun - works on a breadboard
Antenna design
Is my backdoored device genuine?
The attacker can use moar power
Supply Chain Attack Takeaways - Recap
The Ledger Nano S security model
Ledger STM32 Firmware Upgrade
Ledger STM32 Bootloader
Ledger Nano S boot process
First attempt..
After more reversing..
The STM32 memory map...
Second attempt...
Ledger Nano S MCU verification
MCU verification bypassing...
Building the compressor
Public releases
Ledger Blue: Inside
Analyzing the signal
Getting training data...
How accurate is it?
Glitching - Backstory
DC 25 RECAP - Breaking Bitcoin Board
DC 25 RECAP - ChipWhisperer Glitch
Prior STM32 Security Research
STM32 Read-out Protection (RDP)
STM32F2 Boot process (1.8ms)
STM32F2 Boot process (1.4ms)
Power consumption after reset (2009)
Glitching the Trezor One
Reviewing the upgrade procedure...
Getting the seed
The Trezor Glitcher

Taught by

media.ccc.de

Reviews

Start your review of Wallet.fail

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.