Author Topic: GUIDE: build your custom anonymous wireless multicoin crypto wallet for $50  (Read 1077 times)

0 Members and 1 Guest are viewing this topic.

Offline Y7ASyxC

This guide will initially not be a step by step guide, because the steps are many. It will outline how to build your custom wireless multicoin crypto wallet that cannot be traced, and cannot be proven to belong to you. Only you will have access to it's content, and it can be lost or stolen with no consequence, other than the $50 cost of replacing the device. Your crypto will never be lost. You can use it to exchange between altcoins, send and receive, store crypto all anonymously. So here we go.

This guide will show how to configure a used smartphone to be an encrypted multicoin crypto wallet, that has no SIM card, and no connection to any GSM tower. It will communicate through your actual smartphone via WIFI AP or WIFI direct (TBD). The crypto wallet will only communicate over TOR. So when you shut the phone down and hide it, it basically does not officially exist, because A: it's fully encrypted and only you have the Full Device Encryption password and B: it never talks to the GSM tower and C: all the data looks like it's coming from your other, actual smartphone.

1. Buy a used smartphone with a 4 core CPU. Preferrably a widely used device with good support and availability of alternative, cyanogenmod based roms. In this example i will use the Samsung Galaxy S3, which can be bought used for about $50. Do not buy a new phone from a shop, buy a used one from a friend, or craigslist etc. Also get a microSD memory card, 8 GB will do fine, this is not mandatory but helps later on. DO NOT EVER install a SIM card in your phone. You will never use a SIM card in this phone. Make sure no SIM card you own has ever even gone near this phone.

2. Choose your favourite cyanogen based ROM with a good community and support, and constant developement and bug fixing. In this example we will use the latest LOS/Android Nougat based ROM called Resurrection Remix:

https://forum.xda-developers.com/galaxy-s3/development/rom-ressurrection-remix-m-t3270121

3. Follow the guides on XDA-Developers to install TWRP recovery. This can be a long and tedious process, as you will need a working USB cable to connect your phone to your PC, install samsung USB drivers on the PC, Flash TWRP recovery using ODIN etc.. If someone wants to do it i will assist with exact detail in this thread. For now just understanding the basic process is enough.

4. Once TWRP is installed and working, copy the Resurrection Remix image onto the MicroSD card on your phone, by booting into recovery, enabling MTP in TWRP, and connecting your phone to you PC.

5. Completely factory reset, and wipe the phone from TWRP, removing ALL previous code it has. A full wipe of cache, dalvik, data and system partitions. Again, exact instructions in this thread if needed. Flash resurrection remix as per the instructions. DO NOT INSTALL Gapps. You will never need google apps in this phone, and leaving gapps out will prevent google code from spying on you. The only consequence is you will not be able to access google play, unless you use MicroG with signature spoofing, but this phone should never access google play. Boot the phone. After resurrection Remix has booted, you will need to do a few mandatory settings, like enabling root mode etc..

6. download pwgen for your PC, you will use it to generate a random passphrase, with words and a few special characters which is easy to remember once used daily. Download the latest keepass to your PC, and create a new password database. Again you will use a password generator or another method to come up with a passphrase you can remember easily, but at the same time is long and complex enough to withstand brute force. This passphrase plus the password for your phone will be the only 2 passwords you will have to remember, Everything else will be automated later, so that all other passwords associated with the actual crypto stuff will be so long, complex and random that you can't remember them. You will never use the same passphrase for 2 different things, ever. Again, exact instructions for the ones that ask in the thread.

7. Set a lock passphrase for the phone, not a pin, not a pattern, but a password. You will have to optimize the password so it's quick enough to use daily on the street, but a the same time strong enough to resist brute force. Make sure NOT to enable quick unlock (you will be locked out and will have to wipe and start over)

8. Encrypt the phone. It will require a few reboots to make sure everything went ok, you will also need to test by shutting down the phone, rebooting and seeing that it requires the passphrase to boot, also booting into TWRP it will ask for the password.

9. Disable the phone's GSM radio transceiver chip using the hidden factory code as per this guide:

https://forum.xda-developers.com/galaxy-s2/help/want-to-totally-disable-ril-t3623209

dial *#*#4636#*#* and find the setting that says 'Cellular Radio Power' and disable it. This will prevent your phone from talking to the GSM tower, preventing authorities to track it's location and correlate it to your location. It's also legal whereas modifying the IMEI code is not.

EDIT: I've just discovered this setting does not persist across reboots. So the script in the thread has to be tested, but for now this method will have to suffice, you'll have to do it manually after each reboot. Once the setup is good rebooting will rarely be needed, but still, work in progress.

10. Using your PC download the latest versions of the following APK's: F-Droid, Keepass2Android and Coinomi:

https://f-droid.org/FDroid.apk
https://keepass2android.codeplex.com/releases/view/629934
https://coinomi.com/downloads/

11. Copy the APK's to your phone's MicroSD card using the USB cable. Install the F-Droid APK only.

12. On your current actual smartphone, enable WIFI access point, enable the best security mode and set a password. This should really be wifi direct, or internet tethering over bluetooth, but i haven't got that to work yet, so it's work in progress. The idea is your cryptophone will only talk to the internet over TOR, through your actual phone. In this guide we will still use TOR in normal mode, which means the mobile phone operator will be able to see encrypted TOR traffic coming from your real smartphone. But the software generating the traffic will not be on your actual smartphone. The better way would be to use a TOR Bridge setup, which would result in the operator only seeing encrypted traffic, but would not be able to tell that it is TOR traffic. but i haven't got that far yet.

13. once you have a working internet connection on your SIM-less phone that never talks to the GSM tower, run F-droid, update the repositories, and search for F-droid. It will find a newer version than you are currently using. Install that. F-droid will shut down because it's updating itself, so you need to wait a few seconds and start it again.

14. In F-Droid, search for afwall+ and install it. Once an app needs internet access you will be notified by afwall, use that to give permission to apps that need it. You will also need to give permission to various system programs, this can be abit time consuming etc, you might need to read afwall instructions, and enable logging with notification, until you are at a place where everything that needs internet works. disable ipv6 traffic in afwall. give access to things like browser, f-droid, various system programs, dns, etc.. again, exact instructions for those who ask in this thread.

15. Install the keepass2android APK. Enable things like quickunlock, increase quickunlock required characters from 3 to 5 for ex, tweak and tune various settings, it's a time consuming process to get it to work later so you have good protection coupled with sufficient ease of use. Exact details to those who ask. create a emporary mock database if needed, it's easier to create and maintain the actual password database you will use on your PC keepass, and then copy that database to your phone to use with keepass2android. That way you also always have multiple copies of your database, even if you lose your phone without remembering to take a backup of your database etc..

16. On your PC keepass, create a new entry for coinomi, the password should be a long string of random letters, numbers, and special characters.. at least 50 characters long. Download the database to your cryptophone over the USB cable or via bluetooth transfer, just as long as you don't transfer it over the internet. Using bluetooth you might have to zip it, it depends on many things..

17. Open the database with keepass2android, and tweak settings so you can use the keepass2android keyboard. tweak keepass2android so you can lock the database using quickunlock, and reopen it using the last 5 characters etc, unless you have closed the database and/or restarted your phone..

18. In afwall+ create a custom script that looks like this:

IP6TABLES=/system/bin/ip6tables
IPTABLES=/system/bin/iptables
$IPTABLES -A "afwall" -d 127.0.0.1 -p tcp --dport 9040 -j ACCEPT
$IPTABLES -A "afwall" -d 127.0.0.1 -p udp --dport 5400 -j ACCEPT

This will prevent coinomi from talking to the internet over anything else than TOR. Coinomi only downloads the latest part of the blockchain, your crypto private keys or other sensitive data will never be sent over tor so you don't have to worry about malicious tor exit nodes etc.

19. In F-droid, download and install Orbot. Test it. If you set it to start at bootup remember it uses some battery even in standby mode, better to not have it start automatically and instead start it manually each time you need to use coinomi. It's user preference with lots of testing to get it just right for you.

20. Install coinomi APK, and at this point write down the recovery passphrase on multiple pieces of paper which you then store separately in locations of your choice. This will enable you to revover from loss of phone or any other event. If it falls into the wrong hands, you're toast. Afwall will notify coinomi is trying to access the internet, DO NOT GRANT IT ACCESS. In afwall+ settings make sure coinomi remains unchecked. Go to Orbot settings set Transparent Proxying and select apps, check Coinomi.
Set coinomi to use the password from your keepass database, test to make sure you can apply it using keepass keyboard.. a long and tedious process with lots of testing..

21. Now is the time to acquire some BTC. Best way would be to somehow buy a bitcoin paper wallet with cash, and use coinomi to sweep that wallet. Or find a bitcoin ATM where you can buy BTC with cash money and send it to coinomi. Coinomi generates a new random address for every receive, you use QR codes wit the ATM's etc.. Ofcourse if you buy BTC with your cc for example, that's traceable. but life is not perfect.. a small amount of BTC going to one address is unlikely to gather massive attention by the authorities at this point.. When you buy something online with BTC and have it shipped to your address that's traceable. The point is once you have some BTC in your coinomi wallet, you can add another coin, for ex. Ethereum, and convert some BTC to ETH via built-in shapeshift exchange.

22. Test that everything works, then reboot to TWRP recovery and take a full backup of your system onto your microSD card. Remember to take an encrypted backup. For that create another keepass entry on the PC, make it a passphrase that is easy enough to type because you will need to manually type it each time you take a backup. Copy that backup to your PC or USB stick etc.. multiple copies. Using this backup you can easily recover from lost or stolen devices by simpy buying another used Galaxy S3, zap it, and restore the backup onto that. Ofcourse the only really important thing is your coinomi recovery mnemonic passphrase. That passphrase holds all your crypto. Everything else can be redone.

23. You're done! Remember i typed this largely from memory, each step may require additional info and work to get done right. Feel free to post questions and i will attempt to help out with any step. But this is one example how to do it.
« Last Edit: 2017 Aug 15, 08:46:35 AM by Y7ASyxC »
  • never argue with idiots
 

Offline badon

I posted this on reddit:

GUIDE: build your custom anonymous wireless multicoin crypto wallet for $50 : /r/Investments

Maybe you can use the Blog article photos subforum to store some screenshots and images, so you can intersperse your "wall of text" article with some comforting visual references?
 

Offline Y7ASyxC

Well, the fact is each of these steps is actually more intricate than explained, you probably could not do this using this guide alone unless you had experience in android systems etc.. In addition, most steps can be done in many different ways as well.. I've played with custom android systems for years, and this setup has emerged from all that experience..

Furthermore there is still room for improvement, but then again, i do use this setup every day and could not live without it. An alternative is ofcourse is buying a hardware crypto wallet like the ledger nano or ledger blue, or trezor.. In that case you would get going more easily..

The idea with this setup is you have the phone with all the camera enabling you to scan QR codes and you can run additional stuff like trading clients, separate custom wallets for specific altcoins, you can update coinomi when it evolves etc etc..

So you should first decide if you want to take the easy, safe way and get a well done nano or trezor, or if you want to go 'pro', and tweak a setup like this yourself.

Coinomi itself is popular and widely used, and i can guide you through the whole setup process step by step, but it's a long tedious task if you have no experience, and there can always be bugs etc.. to use this system you would always have to be very precise in what you do so not to make a mistake, but then again, the same is true for all crypto. It's NOT user friendly, and it's very easy to 'accidentally' send say 2 btc or $8000 to the wrong address and kiss your money goodbye. Only time and experience helps with that.

On the other hand, using this system to store, send and receive bitcoin only is pretty easy and safe once you figure out everything. But everything including password mangement using keepass etc.. it's a long process before you go from noob to comfortable.
  • never argue with idiots
 

Offline Y7ASyxC

To be clear, you don't *need* this kind of system. If you just want bitcoin then you can go and install electrum client on your PC for ex and be setup in 5 minutes from now. There are a thousand ways to do everything. Only with time would you find out how incredibly versatile crypto is, someone that hasn't been in the game for years and is used to fiat banking cannot possibly fathom how incredibly many ways there are to do everything.. It's truly crazyland :)
  • never argue with idiots
 

Offline Y7ASyxC

Infact, i would not recommend a beginner to start with this setup. To get started you can create a wallet in blockchain.info, or download any bitcoin wallet.. Be aware that using the original full bitcoin client is not very nice anymore since the blockchain must be like 200GB alone by now.. electrum client for example does not need to store the blockchain locally..

Then you just set up an account on bittrex, cryptopia and poloniex for ex and off you go..

I wish i could give you my crypto twitter feed, so you could get a sense of what crazyland really means hehe..
  • never argue with idiots
 

Offline Y7ASyxC

I took a few screenshots of the last few hours of my feed:

https://forum.coincompendium.com/index.php?topic=6422.0
  • never argue with idiots
 

Offline Y7ASyxC

Infact, i would not recommend my setup for any beginner. You need to start small and simple:

- Create a online wallet on blockchain.info
- Install Electrum and create another wallet
- You MUST have password and key management, This means you need a professional password manager. Do NOT use crap like lastpass or any of that stuff, You need keepass.

- The ONLY passphrase you can remember in your head should be the passphrase to your password manager. All other passwords must be long, random, and include special characters, atleast 50 characters for any wallet. ALL passwords must be different, you can never use the same password for 2 places. This also includes your email passwords, and exchange passwords.

- You MUST use 2FA on ALL exchanges, and preferably on email too, unless you use imap push clients etc. Never keep your 2FA client on the same device you use to login, this means use a 2FA app on your mobile phone, as you use your desktop pc to login to exchanges. You must be sure to have your 2FA secret codes stored and backed up in another place incase you lose your phone..

- Do not be buying alot of bitcoin at these levels, never buy the top. If you must have some BTC right now then buy 0.1 or 0.05 to get started..

- You are about to enter a world so fast paced and information rich that you need to start thinking about your health. You must remember to sleep. You must remember to eat healthy, drink water, work out lightly, take long walks.. Your brain will constantly be on overload.

- Learning to trade these markets is a lifelong process. In the beginning you will make huge mistakes. You must have risk management, You must with time learn to control your emotions.. when you buy some alt and it's up 27000 percent in 2 weeks, your emotions will be running wild at first. This is when you make mistakes.

- When everyone else is buying you should be selling. If you have nothing to sell, that's no reason to start buying the top. Never sell everything. Never go all in. place LOW bids. if you have 0.1 btc you don't invest 0.05 btc in any single coin, you play with 0.0025 btc for example that's called risk management

- You need to be prepared to soak up massive amounts of information, while at the same time remembering to breathe, eat and sleep.. This requires the skill to let go.. So that coin is up 5000%, i should have bought!.. Those are the emotions that will make you start making mistakes..

- If you insist on hoarding lots of coins in personal wallets, you're going to need virtual operating systems to manage all the wallets.. this is becoming less of an issue though as blockchains are increasingly merging, and various multicoin wallet solutions are becoming more common.. It used to be a huge task to manage all the different wallet binaries and chains..

- Those are just a few thoughts.. but just start with a simple btc wallet, and with creating accounts on say bittrex, cryptopia and maybe poloniex (altough poloniex might be going down as they are in the government's crosshair now)

- You're going to need a telegram client on your desktop..

- Some links to get you started:

https://coinmarketcap.com/
https://cryptowat.ch/bitfinex/btcusd
https://bitcointalk.org/index.php?board=159.0
https://www.coindesk.com/
http://themerkle.com/
https://www.reddit.com/r/icocrypto/
https://icostats.com/vs-btc
https://satoshiwatch.com/
https://www.coinigy.com/
« Last Edit: 2017 Aug 16, 12:22:45 AM by Y7ASyxC »
  • never argue with idiots
 

Offline Y7ASyxC

cypto market cap approaching $150B
  • never argue with idiots