Pitrezor🔍 Last analysed 11th April 2022 . Do-It-Yourself Project
This project is not meant for non-technical end users.
As part of our Methodology, we ask:
Is the product meant to be ready for use "out of the box"?If the answer is "no", we mark it as "Do-It-Yourself Project".
Many hardware wallet projects aim to be as transparent as possible by using only off-the-shelf hardware with an open design and open code. If the product reviewed is not available in an assembled form - if the user has to source his own hardware to then maybe solder and compile software to install on the device it falls into this category.
Do your own research!
Try out searching for "lost bitcoins", "stole my money" or "scammers" together with the wallet's name, even if you think the wallet is generally trustworthy. For all the bigger wallets you will find accusations. Make sure you understand why they were made and if you are comfortable with the provider's reaction.
The Analysis ¶
Rather than selling a product, this site appears to be a guide on how to make a hardware wallet using a raspberry pi and a fork from thefirmware.
Private keys can be created offline
The guide recommends a Raspberry Pi zero as network drivers are not loaded by the platform.
A raspberry pi zero. You don’t need the pi zero W, it cost probably a little bit more than the regular pi zero, but it will work anyway. The difference is that pi zero W has wifi and bluetooth but this project don’t use it. The network drivers are not loaded by the platform so the W can be considered as secure. As mentionnend, you can use a pi 4 also if you already have one but it is more expensive than the pi 0
Private keys are not shared
From the site:
Is this secure?
The main difference of this device versus the real trezor device is that the pi zero stores everything on the SD card. The equivalent of the flash memory for the trezor is stored in a file on the first partition. That means that anybody that has your SD card can access your seed words and private key.
However, the wallet supports the usage of a passphrase. The passphrase is a kind of an extra seed word that is not stored on SD card. By using a passphrase, you would prevent a thief that could have your SD card to empty your wallet.
Thus, the recommendation is to always use a passphrase!
Code and Reproducibilty
The website links the Github repository containing the modified Trezor firmware.
From the step-by-step instructions:
- If you don’t have the software called “etcher” already installed in your computer, download it here : https://etcher.io/ . This software is used to write the program image to the SD card.
- Download the latest pitrezor SD card image by clicking here and select “save” to save the zip file
Pitrezor’s firmware is precompiled. This project is primarily a diy project. We have to check if the precompiled firmware can be reproduced from the provided source code.
Share onTwitter Facebook LinkedIn
Or embed a widget in your website
<iframe src="https://walletscrutiny.com/widget/#appId=hardware/pitrezor&theme=auto&style=short" name="_ts" style="min-width:180px;border:0;border-radius:10px;max-width:280px;min-height:30px;"> </iframe>
<iframe src="https://walletscrutiny.com/widget/#appId=hardware/pitrezor&theme=auto&style=long" style="max-width:100%;width:342px;border:0;border-radius:10px;min-height:290px;"> </iframe>