‘I FORGOT MY PIN’: AN EPIC TALE OF LOSING $30,000 IN BITCOIN - Continued

Tuesday, Nov 14 2017 11:49 AM

 

Continued from Part 1


The Hypnotist: May 25, 2017: 7.4 BTC = $12,861

“The hypnosis allows us to open all channels, all information,” Michele Guzy said. I was in a reclining chair in her Encino office, covered in a blanket, concentrating on her soothing patter. My wife, a journalist and editor, had interviewed Michele a few years ago for an article about hypnotism in movies, and I was so desperate to recall my PIN that I made an appointment with her.

Earlier in the session, Michele had me reenact the experience of writing my PIN on an orange piece of paper. She put the paper in her desk drawer and had me sit down and open the drawer and look at the paper. She explained that we were trying different techniques to trigger the memory of the PIN.

The exercises didn’t cause anything to surface to my conscious mind, but Michele told me that we were just priming my subconscious for the upcoming hypnosis portion of my appointment. She dimmed the lights and spoke in a pleasantly whispery singsong patter. She asked me to imagine going down a long, long escalator, telling me that I would fall deeper and deeper into a trance as she spoke. The ride took at least 15 minutes. I felt relaxed—but I didn’t feel hypnotized. I figured I should just go with it, because maybe it would work anyway.

After nearly four hours in her office, I decided the PIN was 5514455.

It took me a few days to build up the nerve to try it. Every time I thought about the Trezor my blood would pound in my head, and I’d break into a sweat. When I tried the number, the Trezor told me it was wrong. I would have to wait 16,384 seconds, or about four and a half hours, until the device would let me try to guess again.


The Final Guess: August 12, 2017: 7.4 BTC = $28,749

I tried to stop thinking about bitcoin, but I couldn’t help myself. To make matters worse, its price had been climbing steeply over the summer with no end in sight. That July, the eccentric software entrepreneur John McAfee tweeted that a single bitcoin would be worth more than $500,000 in three years—“if not, I will eat my dick on national television,” he said, with typical understatement. I didn’t actually believe the price would rise that spectacularly (or that McAfee would carry out his pledge), but it fueled my anxiety.

I couldn’t escape the fact that the only thing keeping me from a small fortune was a simple number, one that I used to recall without effort and was now hidden in my brain, impervious to hypnotism, meditation, and self-scolding. I felt helpless. My daughters’ efforts to sneak up on me and say, “Quick, what’s the bitcoin password?” didn’t work. Some nights, before I went to sleep, I’d lie in bed and ask my brain to search itself for the PIN. I’d wake up with nothing. Every possible PIN I could imagine sounded no better or worse than any other. The bitcoin was growing in value, and it was getting further away from me. I imagined it as a treasure chest on a TRON-like grid, receding from view toward a dimly glowing horizon. I would die without ever finding it out.

Carla and I were folding laundry in the evening when Sarina came in. She was home from college for the summer. “I know what the bitcoin password is!” she said. “It’s 55445!”

“Why do you think that?” I asked.

“Well, you sometimes use 5054 as your password, but since the Trezor doesn’t have a zero, you would have just skipped it and put nothing there. You wouldn’t have made it 5154, you would have just used 554, and added 45 to it.” (I sometimes append my passwords with 45 because the number has a meaning to me.)

Carla looked at me and said, “Your eyes have a spark. Maybe it is the number.” I thought she might be right.

Sarina said, “If it isn’t 55445, then it’s 554455, because sometimes you add 455 at the end of your passwords.”

“That could be it,” I said. “I’ll think about it overnight and if I like it, I’ll try it tomorrow.”

In the morning, I decided that I’d try the numbers. I felt better about them than any other numbers I could think of. I plugged the Trezor in. I had to wait 16,384 seconds, or about four and a half hours, before I could enter the PIN. It was a Sunday, so I did things around the house and ran a couple of errands.

Once the Trezor was ready, I asked Carla, Sarina, and Jane to gather around my computer with me. I wanted them for moral support, to make sure I entered the PIN correctly, and to share in the celebration with me if the PIN happened to be right.

I sat in the chair while Jane, Sarina, and Carla stood around me. My heart was racing so hard that I could hear my head throb. I tried to keep my breathing under control. I entered the PIN slowly. Each time I entered a digit, I waited for one of my family members to confirm that I got it right. After entering 55445, I hovered the mouse cursor over the Enter button on the Trezor website. “Ready?” I asked. They all said OK. I clicked it.

Wrong PIN entered. Please wait 32,768 seconds to continue…

“Ah, shit,” I said.

“That’s OK, Daddy,” Sarina said. “When can we try 554455?”

I opened my calculator.

“Nine hours.”

Carla put her hand on my shoulder. “If it doesn’t work after a few more guesses, you should just break it,” she said. That seemed like the right thing to do. It would soon get to the point where I would have to keep the Trezor plugged into a powered-on computer for months (the countdown starts all over again if you unplug it), and then years and decades. The house we live in has lost power from a tripped circuit breaker, rain, or DWP maintenance at least once a year since we moved in 10 years ago. I could buy an uninterrupted power supply to keep the Trezor juiced during its years-long countdown, but I wanted this to be over, and killing the Trezor would end it.

The next morning before breakfast, I went into the office by myself and tried 554455.

Wrong PIN entered. Please wait 65,536 seconds to continue…


The Email: August 16, 2017: 7.4 BTC = $32,390

Awareness of my forgotten PIN had become something like tinnitus—always in the background, hard to ignore, annoying. What was wrong with my brain? Would I have remembered the PIN if I was in my 20s or 30s? I was feeling sorry for myself when I saw an email from Satoshi Labs, manufacturer of the Trezor, arrive in my inbox.

The subject line read, “TREZOR Firmware Security Update 1.5.2.”

The email said that the update was meant to fix “a security issue which affects all devices with firmware versions lower than 1.5.2.” It went on to say:

In order to exploit this issue, an attacker would have to break into the device, destroying the case in the process. They would also need to flash the device with a specially crafted firmware. If your device is intact, your seed is safe, and you should update your firmware to 1.5.2 as soon as possible. With firmware 1.5.2, this attack vector is eliminated and your device is safe.

Could there be a vulnerability in Trezor’s bulletproof security, one that I could take advantage of? I went to r/TREZOR to see what people were saying about it. The first thing I found was a link to a Medium post by someone who said they knew how to hack the Trezor using the exploit mentioned in the email. The post was titled “Trezor — security glitches reveal your private keys!”

The author included photos of a disassembled Trezor and a screengrab of a file dump that had 24 key words and a PIN. The author also included a link to custom Trezor firmware but no instructions on how to use it. I read the article a couple of times before I looked at the author’s name: Doshay Zero404Cool. It was the same person I’d corresponded with on Reddit five months earlier! I went to look at my old private messages with zero404cool and discovered another message from him or her a couple of months after our last contact:

Hi, have you figured out your PIN code? If not—it's such a small amount that you have locked up there. It's hardly even worth the recovery work. Even at today’s prices, maybe, just maybe, a 50%/50% split of recovered coins would do it...

I considered accepting zero404cool’s offer to help, but I decided to first reach out to a bitcoin expert I’d gotten to know over the years named Andreas M. Antonopoulos, author of The Internet of Money. I'd interviewed Andreas a few times for Boing Boing and Institute for the Future, and he was a highly respected security consultant in the bitcoin world.

He knew more about bitcoin than anyone I’d met. I emailed him on August 20 and told him how I couldn’t access the $30,000 worth of bitcoins stuck on my Trezor. I asked if the vulnerability offered a chance to get my bitcoins back. “The vulnerability described in the article is in fact real and it can be used to recover your seed, since you have not upgraded firmware to 1.5.2 (I assume), which disables this vulnerability.” I’m lucky I didn’t upgrade my Trezor to 1.5.2, because downgrading the firmware would have wiped the storage on my Trezor, permanently erasing the seed words and pin.

Andreas went on to say that he knew a teenage “coding whiz who has done amazing work on Trezor and related software.” The kid was 15 years old and his name was Saleem Rashid. He lived in the UK. Andreas had never met him, but he’d spent a lot of time hanging out with him in Slack. Satoshi Labs, maker of the Trezor, also knew about Saleem and had even given him a couple of development Trezors to experiment with. Andreas suggested we set up a private chat with Saleem on the Telegram app.

A few minutes later, Andreas introduced me to Saleem:

“Mark is the owner of a well-locked Trezor hoping for a miracle.”

Andreas outlined the plan: Saleem would initialize one of his Trezors with identical firmware as mine, practice a recovery hack on it until he perfected it, then send me the exploit program via Telegram. I would buy a second Trezor and practice installing and executing Saleem’s hack until I had it down pat. Then, as Andreas put it, I would “execute on the target device” (my original Trezor with the 7.4 bitcoins).

But before we went any further, Andreas said, “best to start by clarifying expectations and terms. For the possibility of success but also for the possibility of failure (which is higher).”

I told Saleem I wanted step-by-step video instructions on what to do. I offered 0.05 BTC ($200) up-front and an additional 0.2 BTC ($800) if I was successful in getting my bitcoins back. Saleem agreed to the terms. I added, “If you end up spending a lot of extra time preparing the instructions, let me know and we can increase the payment accordingly.”

I ordered a second Trezor on Amazon. In the meantime, Saleem told me I would need the open source operating system Ubuntu Linux. I installed it on an old MacBook Air.


The Fee: August 24, 2017: 7.4 BTC = $32,387

Saleem:

Hey Mark The video is done, but I would like to raise the price a bit for a few reasons

  1. Making the video was absolute hell (I don't have a proper camera for this so I had to do some elaborate mounting system which took ages to set up)
  1. I had to write the code for the exploit firmware (which I think should be factored into the price)

Me:

Fair enough

Saleem:

So, would it be possible to get 0.35 BTC for the video and the exploit firmware, then 0.5 BTC if you're successful?

For a total of 0.85 BTC

I know it's a steep increase, but I think it's a fair amount for the work I've done

Saleem wanted the equivalent of $3,700, almost four times as much as the original fee, but I figured it was worth it (and was a vastly better deal than the one zero404cool had offered me). If I could just see my PIN again—the one that Trezor, Wallet Recovery Services, Reddit users, and everyone else told me was irrecoverable—I would happily pay Saleem whatever he asked. It would be, like Andreas said, a miracle. How could I put a price on that?

Me:

Have you tested your firmware on a Trezor that's running the same firmware that I have?

Saleem:

In the video I install 1.4.0 on a TREZOR, set it up, then get the PIN wrong a few times (so it's in the same state as yours)

Me:

OK, it's a deal then.

Saleem gave me his bitcoin address and I sent him 0.35 bitcoin from an online wallet I'd set up a couple of months earlier. A minute later, he uploaded two files, one called exploit.bin, the other a 10-minute video. The video was a screen capture of his computer display, showing Linux line commands that he was entering in a terminal window. There was no sound. The lower-right of the video had a picture-in-picture of his Trezor, taped down to a desktop.

I know very little about Linux line commands, so what I was watching had little meaning. The first part of the video was just instructions for initializing the test Trezor and downgrading the firmware to version 1.4.0 so I could practice on my second Trezor. The actual instructions for installing and using the exploit firmware were on the final three minutes of the video.

I asked Saleem to explain how his hack worked. He told me that when the Trezor is powered on, its firmware (basically, the Trezor’s operating system) copies its PIN and 24 seed words into the Trezor’s SRAM (static RAM, memory that the Trezor uses to store information) in an unencrypted form. If you do what is called a “soft reset” on the device—accomplished by delicately shorting two pins on its printed circuit board—you can then install the exploit firmware without wiping the SRAM’s memory. This allows you to see your PIN and seed numbers.

My second Trezor arrived on Friday. I was eager to get started, but I had to wait until Saturday because I had to record a bunch of podcasts that afternoon. The only thing I did on Friday was cut open the practice Trezor’s case to remove its printed circuit board. I used a snap-blade knife, running it along the seam slowly and gently until I could pull the case apart. Even though it was just the practice Trezor, I was sweaty and shaky. I’d had such a terrible relationship with the Trezor over the past five months that I couldn’t think rationally about it. I was terrified that I would cut through a trace on the board. Once I got it open, I plugged it in to make sure it still powered on. It did.


The Exploit: August 26, 2017: 7.4 BTC = $32,208

I slept surprisingly well on Friday night. Carla and Sarina were out of the house. Jane was practicing ukulele and Japanese in her bedroom. I cleared off a small desk in my office, put the MacBook Air running Linux on the desk, and attached the USB cable to the practice Trezor. I taped it down on the table, like Saleem had.

I watched Saleem’s video again, this time writing down the Linux commands he’d used into a text file so I could copy and paste them into the terminal window. At one point in the video, Saleem had reset his Trezor by shorting two pins on the circuit board using a pair of tweezers and pushing the Trezor’s two buttons at the same time. The PINs were tiny, and I knew my hands would be shaking too much to use tweezers. Instead, I rigged together a couple of wires and a pushbutton to make it easy to reset the Trezor.

By following the instructions, I was successfully able to downgrade the firmware to version 1.4.0. I gave the test Trezor a PIN (2468) and wrote down the 24-word seed it generated for me. Then I installed the exploit firmware, entered about a dozen different Linux commands, pressed the buttons to soft-reset the Trezor, then entered a few more commands. It worked! The practice Trezor had been successfully cracked, and I could see the recovery keywords and PIN on the Mac’s display. I went through the process six more times, which took the entire morning and most of the afternoon. I was surprised to see that it was already 3:45 in the afternoon. The time had shot by, and I'd missed lunch and my usual afternoon espresso. I had no desire for either.

I was ready to try it on the original Trezor. I called Jane to come in and make a video recording of my one shot at getting my bitcoins back.

One thing that had made me nervous for the past few days was my uncertainty about whether I’d added a passphrase on top of my PIN, which was an additional security feature the Trezor offered. After five months of not being able to use it, I wasn’t sure if I’d set it up with one or not. Saleem and Andreas had told me that if my Trezor did have a passphrase, then it really was game over. My Trezor would be locked for good. My doubt on this point was like an icepick in my gut every time I thought about it, which was often.

I plugged in the Trezor and entered:

sudo trezorctl get_features

This caused the screen to display information about the state of the Trezor. I frantically moved my eyes around the screen until I saw the words:

passphrase_protection: false

Yes! That’s what I wanted to see. Almost nothing could stop me now.

When it came time to push the buttons on the Trezor, my fingers wouldn’t obey me. “I’m shaking so hard,” I said to Jane. I had to stop for a minute and sit back. I tried again and failed. On the third attempt I was able to press all three buttons at once. This reset the Trezor, allowing me to install exploit.bin.

I typed in the following command to load Saleem’s custom firmware onto the Trezor:

sudo trezorctl firmware_update -f exploit.bin

This command erased the existing firmware and installed Saleem’s version. The Trezor’s display said:

New firmware successfully uploaded. You may now unplug TREZOR.

This was where I absolutely should not unplug the Trezor. (I remembered a warning Andreas had given me: “Power loss during the firmware upload is catastrophic, you will lose all your data.”) Instead, I pushed the little button I’d wired to the printed circuit board to soft-reset the Trezor. Its display showed an exclamation point in a triangular icon and said:

WARNING Unofficial software detected

Thanks for the warning, I thought. This was exactly what I was trying to do: run unofficial software on this damned thing. I pressed one of the Trezor’s buttons to confirm that I wanted to proceed, and the screen said EXPLOIT, which meant Saleem’s software was on the Trezor. There was no turning back. Either this was going to work, or the Trezor would be wiped clean and my bitcoin would be gone forever, even if I happened to recall my PIN sometime in the future. Now I needed to enter a few more commands to read the contents of the Trezor’s static RAM (the part where my 24 word seed and PIN would reside, as long as the Trezor didn’t lose power).

“OK,” I told Jane as I entered a command, “this is going to tell us the seed.” I leaned over the keyboard and hit enter.

I sat back, and said quietly, “Oh my God. It worked.”

The 24 seed words I’d written on an orange piece of paper in December and lost in March had risen from the cryptographic confines of the bulletproof Trezor and were now gently glowing on the screen of my computer. I could stop here if I wanted. Those 24 words were the only thing I needed to recover my 7.4 bitcoins. I could just reinitialize the Trezor and enter the words back into it and I would be done. But there was one more thing I needed to do, and it was even more important than the money. I wanted to force the fucking Trezor to cough up my PIN.

Following Saleem’s instructions, I copied a string of text from the terminal window and added it to a Linux command Saleem had supplied. The PIN appeared instantly.

45455544

Months of soul-crushing anxiety fell away like big clods of mud that had been clinging to my shoulders. I stood up, raised my arms, and began laughing. I’d conquered the Trezor with its nerdishly cruel PIN delay function, and one-upped the part of my brain that thought it could keep a secret from its owner. Fuck the both of you, I thought. I won.


Editor's note: The PIN numbers in this story have been changed to protect the author's privacy.

by  , 10.29.17

Original Article : https://www.wired.com/story/i-forgot-my-pin-an-epic-tale-of-losing-dollar30000-in-bitcoin/