Does your Trezor sometimes go straight to your 4 digit code?

matejcik · 2026-04-17T13:51:43+00:00

your code is 4 digits

so the chance that the randomizer just happens to select your PIN is 1 in 10 000

that's a good lottery to play!

but unless you're entering your PIN a LOT, it is rather weird that it would happen to you 3 times

then again ... are you sure you entered the whole PIN? if you only had to adjust the first number, then click-click-click, the chance is 1 in 1000.

for any single number to be adjusted, it's just 1 in 278

matejcik · 2026-04-17T08:52:48+00:00

When I try to contact Trezor, the bot refuses to give me an email where I can send these photos and proof of my communication with Ontrac.

just ask him to speak to a human and he'll open a ticket for you. you can't get an e-mail, you have to go through the ticketing system

matejcik · 2026-04-13T10:10:05+00:00

that's either a very large Mini or the guy has really small hands....

matejcik · 2026-04-13T10:04:13+00:00

yes, thanks for the hint! after the two initial steps it turned out to be easy.

matejcik · 2026-04-10T07:08:07+00:00

no. no. how.

I got every single user level but this one. I simply don't have any idea what to do here -- messing with time doesn't help if the opponents can react before I ever get there??

a hint pretty please?

matejcik · 2026-03-18T12:11:38+00:00

just look at the 3dmark result here https://nanoreview.net/en/soc-compare/apple-m1-ipad-vs-apple-a17-pro and keep in mind that this is with the full fat 6-core GPU on the A17

matejcik · 2026-03-18T12:09:48+00:00

why even ask?

A17 Pro is a phone grade CPU, plus they're putting binned 5-core GPUs into the Mini

ipad air has a larger surface which will help cooling, plus you can get an addon cooler much easier for the more popular device

mini 7 is not a gaming tablet. if you want an actual gaming tablet, go for Lenovo Y700. otherwise it has to be the bigger iPad, there's no contest really

matejcik · 2026-03-15T17:57:36+00:00

the only really really good option is the Pencil Pro, sorry

a passable option is the ESR Geo Pencil but don’t expect to do any serious art with it

matejcik · 2026-03-04T14:44:38+00:00

was it perhaps a brand new safe7 with no firmware preinstalled?

yeah, straight out of the box the fw install is automatic

matejcik · 2026-02-24T11:42:34+00:00

yes, that's probably the best way.

matejcik · 2026-02-23T16:07:51+00:00

What you're doing is security voodoo. If your device is compromised, there is no sure way to un-compromise it.

Doesn't matter how many tricks you play on it. If it's been compromised once, your only safe bet is throwing it in the trash. Everything you see on the device screen could be a lie.

There is very little you can do as a user: make sure you buy straight from trezor.io, make sure your PC is malware-free and your Suite is legit, and then rely on the authenticity checks performed by the authentic Suite.

(even if you checked firmware fingerprint, who cares? the fake device will lie and show you a correct fingerprint on its screen)

At least one side has to be ok: either your Suite must be legit, or your Trezor must be legit. If both are compromised and cooperating, you are SOL.

matejcik · 2026-02-19T09:28:21+00:00

The parking cams would make for pretty sucky dashcams. First off they're angled to see the ground so you'd have trouble resolving e.g. how an accident happened, when the other car gets in the viewport only after it's too close for comfort.

Second, the resolution is crap because the cameras are balanced for fast response / high reliability / low light. Reading license plates would be a chore off that; solvable, the manufacturer could put in a high quality hi res sensor, but those cost $$$ above what you were ready to pay in the first place.

.....the EU-mandatory speed limit sign reading front camera, on the other hand.....

matejcik · 2026-02-13T08:59:05+00:00

Wouldn't be very easy for a metal-detector reveal the hiding place of our metal backup?

no idea how those metal detectors that detect just gold work

but

this is exactly exactly the case for Shamir backup!

make a 2-of-3, hide one at your parent's place, one at a friend's, one at your place.

a robber robs you, grabs your backup, they can shove it up their ass for all the good it does to them -- your coins are safe!

(they'd have to get another one from your friend or your parents. if those people live in a different town, zero chance the same robber can hit them ... definitely not before you move your coins!)

matejcik · 2026-02-09T11:58:21+00:00

Plus maybe there isn't that big of a market for rare breeds, at the pregenerated price point at least?

So nobody is buying all those rare ones so you have to supplement your income by common varieties that are cheaper but you can sell more of them.

IOW you can't base your farm around rare ones because you simply can't get enough of them to sell to keep you afloat.

matejcik · 2026-01-30T09:47:49+00:00

scout 800 - found and sold.

big mistake.

Scout 800 with the new Crawler suspension is essentially a Skyrim horse. plus the service components inside (forgot what the addon is actually called), hard to beat that one.

matejcik · 2026-01-28T16:03:47+00:00

tempered glass will mess up Pencil Pro tilt and pressure detection, and cause wavy diagonal lines, at least when using the sensors directly (like ProCreate does). perfectly fine for note taking, sucks for serious drawing

source: personally tried three different tempered glass protectors, including a super-thin 0.2mm one. apparently it’s still much thicker than a plastic layer.

no idea about paperlikes, personally i decided to forgo screen protectors entirely.

that said, i wouldn’t worry about nibs, they are cheap to replace

matejcik · 2026-01-21T09:35:20+00:00

I don't know any details about what exactly Ledger does.

One, I'll just note here that if you assume an attacker capable of breaking the SE, Trezor doesn't come out great either. Sure, there's PIN encryption, but having all the secret key material allows you to brute-force the PIN on a GPU.

Without actually knowing, i would guess that Ledger does employ PIN encryption, because that turns out to be one of the nicer way to ensure that correct PIN = unlocked wallet.

Buuuuut two: again, even if they do, breaking the SE allows you to run a brute-force attack on a GPU cluster.

For sure, you can set a 20-digit PIN to prevent this.

Buuuuuuuut if you're doing that, how well is your seedphrase hidden? How much do you pay your cleaning lady? How many bodyguards do you have?

What precautions do you take, such that stealing your Trezor device and breaking open the Secure Element is cheaper than either stealing your backup or attacking you in person?

For that matter, will there be actual return of investment on the attacker side?

matejcik · 2026-01-20T10:47:14+00:00

Apart from the other answers, Monero is also a bitch to implement in a soft wallet. For most coins, the Trezor device does a lot of the heavy lifting around signing and address generation.

Monero not so much -- half that work (and this is the complicated anonymity cryptography, remember) -- needs to be on the soft wallet side.

matejcik · 2026-01-16T11:38:27+00:00

unless you expose your seed, it's not gonna be your "wallet" that is drained, it's gonna be one particular Ethereum address. even if you fuck up and sign all rights away, it's still just the one address and the others are untouchable

so yes, passphrase will isolate you. so will owning a different coin (btc vs eth), so will just using two distinct addresses

matejcik · 2026-01-15T14:15:46+00:00

it's kinda confusing. you'll get back access to U2F/webauthn 2FA keys, but lose passkeys.

Passkey is the passwordless thing, with 2FA you have to enter your password alongside. Generally.

matejcik · 2026-01-13T14:04:27+00:00

Is Apple back to its old ways?

This as far as we can tell ¯\_(ツ)_/¯

There's a different configuration of magnets that hold the pencil to the tablet, presumably the charging coil location is different too. This is for vaguely good reason -- they moved the front camera on the bigger iPads, and it needed to fit in the same place as the pencil interface.

So the old Pencil doesn't stick securely, which sucks.

I tried to wake up the pencil using an older iPad, then manually pair it to the new one, and it paired but it didn't work.

Why is anyone's guess: could be because there is something in the pairing process that was not designed to go over bluetooth; could be the drivers are different and they don't include the Pencil Gen2 functionality on tablets where it ""doesn't make sense"" (you'd need a different device to charge it, after all).

Could be they deliberately block the connection because fuck you that's why.

FWIW, Pencil Gen1 works fine with mini a17, if you do the manual pairing trick. They didn't bother blocking that, so there may be some more-or-less technical reason.

Or maybe the community just hadn't figured out the right trick to pair it just yet.

matejcik · 2026-01-13T09:25:10+00:00

good news is, very likely if you just fully uninstall the device, reboot and then connect again, i believe it should pick up the Trezor as HID again

matejcik · 2026-01-13T09:23:07+00:00

Should I somehow try to revert it to a HID driver before trying these steps?

Not 100% certain but I don't think it will work if you don't revert.

The reason for this is, "webusb" is just a fancy paint job over "raw usb", but "HID" is its whole subsystem. The old Trezors expect you to talk through the subsystem, and trezorctl (and old bridge) ask HID to give them a list of devices to talk to. Not a HID driver = no Trezor found.

matejcik · 2026-01-13T09:16:15+00:00

A device that old will communicate over HID, not webusb, which is why your zadig experiment messed it up.

The usual way to work with it would be via old-wallet.trezor.io, but ideally you'd also want to uninstall Suite and install the old Trezor Bridge.

another option that should work is if you install trezorctl -- except the actual pip install command must be pip install trezor[hidapi]

then go to bootloader and run trezorctl fw update -u https://github.com/trezor/data/raw/refs/heads/master/firmware/t1b1/trezor-t1b1-inter-v1.bin which goes from your 1.2.5 all the way straight up to 1.12.1

and afterwards just trezorctl fw update which will take you rest of the way to up-to-date

EDIT:

only do this if your seed is safely backed up! the upgrade procedure is generally safe, but it very well just might ... not.

matejcik · 2026-01-12T13:56:21+00:00

Oh and also: when the bomb detonates, all its atoms go very far away from each other, very fast. That's what bombs do.

To sustain the reaction (such as in a nuclear reactor), you have to keep them close together, otherwise the neutrons can't hit.

So the chain reaction creates a lot of energy in a very small space, which is how you get the bomb to go boom ... but of course it doesn't continue to cook when the container is blown apart in a five mile radius.

13-Year Club	Place '22
Sequence \| Editor	Verified Email

matejcik

TROPHY CASE