Posted on Leave a comment

Ledger Hardware Wallets

Hardware wallets have come a long way. Love them or hate them they are here to stay. This blog is focused on helping you out with your Ledger NanoS and Ledger NanoX. This blog will grow over time and bring you help and information that you may need. 

In this blog I don’t want to rehash, too much, of what you can easily find out on the net. I want to bring you the harder issues to deal with. 

I will reference outside articles because I know my limits of explaining things and I also understand there are much smarter people in the space.  I can do the research so you don’t have to.

24 Words….. What?

An algorithm is used to derive the keys based on your seed words. Since the algorithm doesn’t change you can always generate the same keys with the same 24 words. This is also why it’s possible to simply guess a 24 word seed and you have a chance of finding someone’s coins. The chance is just infinitesimally small so it’s not worth the effort.

A Ledger Nano S or X can creates multiple addresses and thus multiple private keys for every cryptocurrency it supports. Since that list grows longer each month, the Ledger is able to manage hundreds of private keys. If you were to lose or break your Ledger, you can just buy a new one and restore all your wallets (private keys) with the 24 word seed phrase.

If Ledger or any other hardware wallet provider went out of business, you could still gain access to your private keys by Cracking Your Ledger. The wallet software knows the algorithm used to create those keys, so the software cracking process would just create them in the same way the ledger wallet hardware does.

What exactly are the 24 words that make up your private key? You might think that the 24 words come from a huge list of word from a dictionary. That’s just not true, they come from a list of 2048 words. This list of words is called BIP 0039 and the link to them can be found below. BIP stands for Bitcoin Improvement Proposal. 

https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt

BIP39 describes the implementation of a mnemonic code or sentence (a group of easily remembered words) to generate  deterministic wallets. It consists of two parts: generating the mnemonic, and converting it into a binary seed. This seed can be later used to generate deterministic wallets using BIP-0032 or similar methods.  If you want greater detail or something to read before bed, here is a nice Medium Article about it. 

Cracking Your Ledger

I haven’t seen this term used yet, so I guess I’ll coin the term.  So what is Cracking Your Ledger? Cracking your ledger is the process of using your 24 word phrase to gain access to the hidden private keys stored inside. Your Ledger wallet never sends your private keys outside of the device. It only approves the private key. The process of cracking your Ledger is pretty simple, but very dangerous (in my opinion). Once you crack your ledger I consider it compromised and you should never trust that set of 24 words (private keys) again. 

But why would you want to expose your private keys if you don’t have to? There are many reasons, but a simple example is claiming a forked coin. If you didn’t have your LTC on a disposable wallet (LTC core wallet) you would need your private keys to claim your LCC fork. The only way to do this is to crack your Ledger to expose your private keys and claim your fork with these private keys. 

Start by downloading the offline version of the BIP39 Tool. NEVER, EVER USE THIS TOOL ONLINE OR WHEN YOU ARE CONNECTED TO THE INTERNET.  If you didn’t understand what I just said, read it again. I have known people who have, with good intention, given their 12 or 24 word phrases to an online application or a support person who was going to help them. Both lost all their coins from their Secure Ledger Wallet.  It was not the Ledger’s fault that these coins were stolen, it was an end user issue. Please, never give out your 12 or 24 word phrase to anyone. The only place you should every type it in is directly into your physical Ledger (not LedgerLive).

The link to the download the BIP39 tool is below. Download and use this tool locally on your computer with your internet connection disabled. Yes, that includes both your Ethernet cable and your Wi-fi connection.

https://github.com/iancoleman/bip39

To see what it will look like when you download this to your computer and run it locally, you can visit this page:

https://iancoleman.io/bip39/

 

Recovery Phrase Is Not Valid

I have to admit, that’s a scary phrase to see on any hardware wallet. But as it turns out, it does happen. There is really no information from Ledger on their site about this issue, but I know it occurs. From the research I’ve been doing, this error appears to be related to using the incorrect word or words. Using the method above to Crack Your Ledger is potentially one way to resolve this issue. But if you don’t have the correct words in the correct order cracking your ledger won’t help you.

One tool that may help you is the Seed Recovery Tool. The link can be found below.

https://github.com/gurnec/btcrecover/blob/master/docs/Seedrecover_Quick_Start_Guide.md

  1. There are a few requirements if you wish to use this tool.A good estimate of what your seed is, AND

     

  2. One of these four, in order of preference:

    1. for Electrum (1.x or 2.x), a copy of your wallet file (a wallet file using Electrum 2.8’s new full-file encryption won’t work here), or
    2. your master public key (sometimes called an xpub), or
    3. a receiving address that was generated by your wallet from your seed, along with a good estimate of how many addresses you created before the receiving address you’d like to use, or
    4. an “address database”. If you don’t have i., ii., or iii. from above, please see the Recovery with an Address Database in the documentation.

 

Leave a Reply