How to recover Trezor Pin

KeychainX
4 min readApr 7, 2023

--

Trezor One Pin access

Ever picked up that old Trezor One from your safe and realized its no longer working? Or you got a brain freeze and cannot for life remember what was your 6 or 9 digit pin?

Well that happens to hundreds of people every year.

Various hacks and techniques have discovered how to get your pin back, but that is only if you have not upgraded your bootloader, or your bootloader is version 1.7 or earlier. But none like this has been publicly disclosed; (Or is it, well, its still possible with version 1.8 or newer, just a few more steps and tricks…)

KeychainX, a crypto recovery service thats been around many years, has helped hundreds of clients to recover their crypto from hardware and software wallets.

As hardware wallets becomes more popular due to defunct CEXs like FTX or CELCIUS, or crypto lenders like Galaxy or BLOCKFI, more people start with self custody.

But with self custody comes a problem, you have to keep your keys safe, and even though you might use an air gapped device like Trezor or Ledger, you would still need to follow a few steps to keep them safe.

A famous CZ tweet from Binance read; Self custody is the future

So how do we do this and what can be done.

First of all, you should not try to enter the pin more than 16 times, that will erase your Trezor and your crypto is gone. (For Ledger Nano its 3…)

If you do still have a few tries left, we can help. (For Ledger amounts below 2mln USD worth of tokens its not worth the costs, more about that in a different article).

So lets dive in, A Trezor One hardware wallet is open source and you can find the hardware diagram and bootloader code on Github. There are many updates and variaties of it, and the most recent versions do their best to obstruct this method (And yes, we know Pavel you are reading this).

https://github.com/trezor/trezor-firmware

Why are we writing about this?

After reaching out to Trezor for several years trying to persuade them to do some cooperation to help people recover their lost crypto, we felt after being stonewalled (Same goes for ledger.com and blockchain.com) for such a long time it was time for an article to help you guys out, and there are plenty of you out there (in the thousands!!!).

You should not try this yourself, even though you have seen Colin from NEWAE using his chipshouter (it could blow your Trezor if handling wrongly) or seen those two day online courses on how to recover you lost trezor pin. (What they dont tell you is how easy it is to brick your Trezor). You will pay 5G and then bye bye Bitcoin…

Chipshouter side channel attacking Trezor One

You should first send us an email explaining your problem in detail to keychainx@protonmail.com. We will then explain step by step what needs to be done and how we will process your precious Trezor one.

The Steps involved are;

  1. Breaking the case of your Trezor One
  2. Removing a few capacitors to increase the strength of the signal

3. Attach a few wires to your Trezor

4. Run a side channel attack by glitching your Trezor by overvolting

5. Once the Trezor is glitched, we connect it to a FPGA board and initiate an upgrade process on your bootloader

6. While doing this, Trezor will backup your seed info to memory

7. We will dump the memory to a file

8. We will decrypt the file, and read out your pin and/or seed.

Is it dangerous? Yes. Can we accidently delete your seed and remove access too your crypto? Yes. Is there any other way to do this? NO.

So lets talk!

Disclaimer! This article was written by KeychainX Crypto Recovery Services. To read more about our company please visit https://keychainx.io or send us an email to keychainx@protonmail.com if you need to talk about password recovery.

--

--

KeychainX

Wallet Recovery Services https://keychainx.io We recover lost Bitcoin Ethereum Presale Multibit Classic Electrum Metamask Trezor Passphrase Armory Bitcoin