Skip to content

INTERPOL-Innovation-Centre/HardwareWallets_DF_List

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Hardware Wallets Digital Forensics List

List of Hardware Wallet vendor IDs and Product IDs to be used for Digital Forensics detection.

The below list may be used for forenscis analysis of a suspect's machine's logs of USB devices connected.
List is provided as best-effort and is not exhaustive.

Disclaimer

Prior to working on this repository and its contents, please make sure your agree to our disclaimer
Please let us know by opening an Issue if you want to suggest a new feature or device description or find an error or addition.

Vendors and Products Identifiers

Below is a list of Vendor and Product IDs as would be found in USB devices logs.
Forensics examiners may use this list to identify if such a device has been seen on the suspect's machines.

_VID(0x) _PID(0x) Vendor name Device desc. Attribution URI
03eb 2402 ShiftCrypto BitBox01 (DigitalBitBox) shiftcrypto.com
03eb 2403 ShiftCrypto BitBox02 shiftcrypto.com
096e 0891 Feitian Tech JuBiter Blade Github
1209 aaaa Prokey Optimum Github
1209 abba Generic SafeWISE CoinSafe Linux-usb.org
1209 b0b0 Generic Monero Hardware bootloader Linux-usb.org
1209 c0dA Generic Monero Hardware Linux-usb.org
1209 d00d Generic Monero Hardware developer Linux-usb.org
1209 53c0 SatoshiLabs Trezor v2 bootloader Github
1209 53c1 SatoshiLabs Trezor v2 Github
1209 7000 Secalot Secalot Dongle secalot.com/downloads/ HID Rules
1209 7001 Secalot Secalot Bootloader secalot.com/downloads/ HID Rules
1209 7551 Generic OpenDime DAFU bootloader Github
1209 9998 Opolo Cosmos Bootloader pid.codes
1209 9999 Opolo Cosmos Firmware pid.codes
2341 003d Bitlox Ultimate aka lockbox 3A8C Github
2341 003e Bitlox Ultimate aka lockbox Github
2581 1807 Ledger HW1 Github
2581 1808 Ledger HW1 Github
2581 1b7c Ledger HW1 Github
2581 2b7c Ledger HW1 Github
2581 3b7c Ledger HW1 Github
2581 4b7c Ledger HW1 Github
2581 f1d1 Ledger HW1? Or Ledger Nano S Plus Github
2b24 All KeepKey Bitcoin Wallet Linux-usb.org
2c97 All Ledger Ledger HW2, Nano S, Aramis, X and Blue Linux-usb.org and Github
2c97 1000 Ledger Ledger Nano S Github
2c97 3000 Ledger Ledger HW2 Github
2c97 4000 Ledger Ledger Nano X Github
2c97 5000 Ledger Ledger Nano S Plus Github
2c97 6000 Ledger Ledger Nano Stax Github
2c97 7000 Ledger Ledger Nano Flex Github
2f48 2130 D'CENT Biometric Wallet Github
534c 0001 SatoshiLabs Trezor v1 Github
0483 5740 Open Source Open Source Trezor ST Electronics driver recomendations
d13e cc10 CoinKite ColdCard Github

Missing or further research required

  • SafePal Ltd. Officially backed-up by Binance. Product: SFP SafePal S1.
  • SecuX Technology Inc., Taiwan. Products: W10, W20 and V20 Stone.
  • Opolo Inc., Hong-Kong and Opolo SARL, Luxembourg. Product: Cosmos. May appear as Interbiometrics (_VID 1209 and _PID 0x1000 to 0x1FFF).
  • Ngrave.IO NV, Belgium. Product: Zero. Is air-gapped but does have a USB-C for charging and firmware update.
  • Cobo Global Ltd, Cayman Islands. Products: Keystone Essential and Keystone Pro - Cobo Vault is an open source air-gapped HD wallet. It uses USB ONLY for Firmware updates. Cobo Vault uses QRcodes only. The Cobo Hardware is essentially an Android mobile phone based on an ARM Cortex A7 processor. Hardware schematics show that the Keystone device is built on component U201, an MTK processor model MT6580A/WM (same as the Ulefone Note 7). A firmware update using USB would likely leave traces as _VID=0x0D28 but this trace could be left by any other hardware based on the MTK ARM Cortex-A7. The Cobo firmware update code uses the Keil MDK and does not seem to be programmed to check the _PID & _VID combination. Considering this, digital forensics exploitation of this hardware wallet via JTAG and with OpenOCD could proove interesting.

Specific no-USB HD Wallets

  • Embedded Agency LLC, Canada and USA. Product: Husky HDW20 - This HD Wallet is only using Wifi, including for OTA Firmware update (Over-The-Air)

  • Ellipal Ltd., Hong-Kong. Products: EC01, Titan Mini Cold Wallet and Titan Cold Wallet. This is an air-gapped wallet. The Firmware update is done via micro SD card inserted in a seperate "security module". The micro-USB port of the security module is only for charging

  • C∞lBitX (CoolBitx), Taiwan. Products: CoolWallet S and CoolWallet Pro. These are Bluetooth only cards, uses NFC to charge. CoolBitX is also the creator of the Sygna Bridge, a compliance tool used as a gateway for the exchange and querying of data accross Financial actors

  • CoinKite Inc., Canada. Products: OpenDime and ColdCard. Although these are air-gapped cards, the ColdCard Firmware update is done in DFU mode via USB

Related hardware

  • Axell Corporation, Japan. Product: VIPPool Wallet. Sometimes mentioned as "a cold wallet for transfers" but our research tends to show theses are not cold wallets but licensing USB sticks also manufactured by Axell Corporation, Japan as product "Shalo". _VID and _PID information not found.

Pictures

The below are images from the manufacturers' websites (links below). Provided here for examiners who may have to search a scene for exhibits.

Brand Model
Bitlox Ultimate
Ultimate
Cobo Global Cobo Vault Pro and Essential
Cobo Vault Pro and Essential (aka Keystone Pro)
Coinkite Coldcard
Coldcard
Coinkite OpenDime
OpenDime
CoolBitX CoolWallet Pro
CoolWallet Pro (Crypto.com branded)
CoolBitX CoolWallet S
CoolWallet S (OKEX branded but could be Binance and others)
Cryptnox Cryptnox card
Cryptnox card
Ellipal EC01
EC01
Ellipal Titan
Titane Mini
Ellipal Titan
Titane
Feitian JuBiter Blade
JuBiter Blade
LEDGER Ledger HW1
HW1
LEDGER Ledger Nano Blue
Nano Blue
LEDGER Ledger Nano S
Nano S
LEDGER Ledger Nano X
Nano X
LEDGER Ledger Nano S Plus
Nano S Plus
LEDGER Ledger Flex
Flex
LEDGER Ledger Stax
Stax
NGRAVE NGRAVE Zero Hardware Wallet
NGrave Zero
Prokey Optimum
Optimum
Secalot Dongle
Dongle (discontinued)
SecuX SecuX V20
V20 Front
SecuX V20
V20 Back
SecuX SecuX W10
W10
SecuX SecuX W20
W20
ShapeShift KeepKey
KeepKey
ShiftCrypto BitBox01
BitBox 01 aka Digital BitBox
ShiftCrypto BitBox01
BitBox 02
TANGEM Tangem Cards and Ring
Cards and Ring
TREZOR Trezor T
Model T or "v2"
Open Source TREZOR Dev Kit Trezor Dev Kit Trezor Dev Kit
Open Source Dev Kit

Sources

A list of Hardware wallets is available at https://en.bitcoin.it

Ledger https://www.ledger.com/
Trezor https://trezor.io/
Tangem https://tangem.com/
Open Source Trezor Dev Kit https://mcudev.github.io/trezor-model-t-dev-kit/
Shapeshift Keepkey https://shapeshift.com/keepkey
Shiftcrypto BitBox https://shiftcrypto.ch/
C∞lWallet (CoolWallet) https://www.coolwallet.io/
Cobo Vault (Keystone) https://cobo.com/about?locale=en or https://keyst.one
Cold Card Wallet https://coldcardwallet.com/
Cryptnox https://cryptnox.com/
Ellipal https://www.ellipal.com/
JuBiter Blade https://www.ftsafe.com/store/product/cryptocurrency-wallet/
SafeWize CoinSafe https://safewise.io/#/home
Husky HDW20 https://www.huskywallet.com
SFP SafePal https://safepal.io
D'CENT https://dcentwallet.com
Cosmos https://opolo.io
VIPPool Wallet https://www.axell.co.jp
Zero https://www.ngrave.io
W10, W20, V20 Stone https://secuxtech.com
Ultimate https://www.bitlox.com
Optimum https://prokey.io
Dongle https://www.secalot.com

About

List of Hardware Wallets for Digital Forensics

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published