Malvarma is a Raspberry Pi Zero image which lets you generate a Monero cold wallet securely and easily.
Malvarma is currently in an alpha release stage and has not been vetted for security. Use at your own risk.
Do not run Malvarma on a Raspberry Pi Zero W because it has wireless connectivity and is therefore not an airgapped device.
Do not run Malvarma on an Internet-enabled TV or any display device connected to a network for the same reason.
Here is Malvarma running on a Raspberry Pi Zero connected to a HDMI television set (click for a video): <img src="https://raw.githubusercontent.com/weijiekoh/malvarma/master/readme_imgs/malvarma.png" height=250 />
It has been tested on a non-wireless Pi Zero v1.3 and Pi 3 Model B v1.2, but should ideally only be run on the non-wireless Pi Zero as it is airgapped by default.
This guide is for Linux users, but savvy Windows or macOS users should be able to perform equivalent steps on their machines.
Use any of these links to download the Malvarma image (300+ MB):
tar xf malvarma-0.1.1-alpha.tar.bz2 && \
cd malvarma-0.1.1-alpha && \
gpg --keyserver pgp.mit.edu --recv-keys 0x90DB43617CCC1632 && \
gpg --verify malvarma-0.1.1-alpha.img.sig malvarma-0.1.1-alpha.img && \
sha256sum -c malvarma-0.1.1-alpha.img.sha256Do not continue if the SHA256 or GPG verification fails.
The following command burn the image to a microSD card assumes that the microSD
device is at /dev/mmcblk0:
sudo dd bs=4M if=malvarma-0.1.1-alpha.img of=/dev/mmcblk0 conv=fsyncAlternatively, use Etcher to burn the image.
Insert the card into a non-wireless Raspberry Pi Zero, plug it into a HDMI screen, and then plug it into a USB power source. You should plug in the HDMI cable before the micro USB cable because doing the reverse could prevent the Raspberry Pi from correctly detecting your screen resolution and thereby hide characters at the edges of the screen.
Note: this is a screenshot from QEMU, and does not precisely reflect the output of an actual Raspberry Pi running Malvarma.
<img src="https://raw.githubusercontent.com/weijiekoh/malvarma/master/readme_imgs/loading.png" height=300 />
After a few minutes, a mnemonic seed, private spend/view keys, and public address should automatically show up on the screen. Write down multiple copies of this information and store them safely.
Do not take a picture of the screen with a camera or store the private keys on any electronic device.
<img src="https://raw.githubusercontent.com/weijiekoh/malvarma/master/readme_imgs/final.png" height=250 />
Following this visual guide, destroy particular components of the Raspberry Pi Zero using sharp hand tools. Specifically, destroy the microSD card and the Raspberry Pi's BCM2835 processor. According to Adafruit, the Pi Zero's RAM sits on top of its processor, so be sure to destroy both. Wear eye protection and use a hammer and screwdriver or nail to break through their plastic coatings and pulverise their silicon innards.
For inspiration, refer to this article from The Guardian: Footage released of Guardian editors destroying Snowden hard drives
<img src="https://raw.githubusercontent.com/weijiekoh/malvarma/master/readme_imgs/destroy.png" height=250 />
While this is a little extreme, the device is inexpensive and small, and some users may wish to maximise their peace of mind. If you don't want to destroy the device, at least store it in a safe place and do not use it until you you empty your cold wallet of all funds and no longer use that address.
Please send XMR to
4B4CBHf9qu8e67JWRYASFKTLT42fQCLHsDNDxzW71CjqRNtw8ZBN5rU1pPiVZEDPgv9rHfs23VpE9jpSrLpkWqmEQsbfj6i
to support the author - thank you!
If you wish to store moneroj [1] for a long period of time without spending them, it is a good idea to put them in a cold wallet, also known as cold storage. Cold wallets are created and stored in a such a way that the only way to spend the funds in them is to have physical access. As such, they should only be kept offline, and should be generated by devices which have never and will never be connected to the Internet.
There is nothing intrinsically wrong with existing solutions, such as moneromooo's offline wallet generator. It is absolutely possible to use such tools securely. Malvarma only seeks to go one step further to provide a solution which accounts for both hardware and software security, while making the entire process as foolproof as possible.
Unfortunately, it is not easy to create a cold wallet securely. Several problems stand in the way, so Malvarma seeks to mitigate them.
Problem: A cold wallet should be generated using processes and devices which have as few attack surfaces as possible. Network connectivity is one such attack surface though which an attacker may (hypothetically) leverage to extract private keys.
Solution: A cold wallet should be generated in an air-gapped device. While it is possible to disable wireless adapters on most PCs or laptops, the non-wireless version of the Raspberry Pi Zero is always air-gapped, so it avoids this entire class of vulnerabilities.
Note that this only matters if you don't want to have to trust that your device can indeed turn its wireless adapter off. Again, this is a guide for the highly security-conscious, and assumes an extremely low risk appitite.
Problem: A device may be infected with malware without the user knowing. Even if a cold wallet is generated offline, sufficiently sophisticated malware may transmit it to an adversary if the device gets online.
Solution: A legitimate copy of Malvarma will not contain malware, and it will be possible to ensure that this is so. Each Malvarma image will be cryptographically signed and users should verify it before use. More advanced users will be able to inspect, reproduce, and verify that the published Malvarma image is exactly as advertised.
Problem: Traces of private keys may remain on one's device even if they are deleted or after it is shut down. [2] [3] The only way to be absolutely sure is device to generate your keys and physically destroy the device after use. Although this is prudent, it is wasteful to destroy electronics, and disposing electronic waste can harm the environment.
Solution: A Raspberry Pi Zero only costs USD$5 and is very small. It is therefore more economical and relatively less harmful to the environment to destroy after use.
Problem: It is not trivial to set up a secure computing environment. Rather than go through the hassle of setting up a USB-bootable Linux distribution on an airgapped device just to create a cold wallet, a less-determined user may opt to do so on the system they regularly use, and thereby defeat the purpose of the entire exercise.
Solution: Each Raspberry Pi Zero is the same as the next. By encapsulating a wallet generator into a microSD image, Malvarma eliminates the problem of installing software on an airgapped device. The goal is to make it plug-and-play.
Some users find hardware wallets an acceptable alternative to cold wallets as they strike a balance between usability and security. [4] Yet at the time of writing (early January 2018), there are no commercially available hardware wallets for Monero, although Ledger support is reportedly in the works.
Note: Malvarma is neither a hardware wallet, nor will it store any generated wallets. You must write down the private keys and mnemonic seed before sending any funds to your cold wallet.
Completed:
0.1.1-alpha relased for testingFuture plans:
If you want to make a copy of Malvarma yourself, follow these instructions. They have been tested on Ubuntu 17.10.
sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc) universe" && \
sudo apt update && \
sudo apt -y install libguestfs-tools git python3 coreutils wget axelgit clone https://github.com/weijiekoh/malvarma.git && \
cd malvarma && \
git clone https://github.com/weijiekoh/py2-monero-wallet-generator.git && \
sh download_raspbian.shIf the download_raspbian.sh command fails, do not continue as the
Raspbian image may have been tampered with, and should be considered
unsafe.
sudo python3 build.pyNote: build.py requires root permissions through sudo because
guestmount does not work for
non-root users.
build.py doesbuild.py configures the Raspberry Pi image as follows:
rng-tools and check for sufficiently high entropy using rngtestrngtest passes with a maximum of 5 out of 1000 FIPS-140-2 failures, run
py2-monero-wallet-generator
to generate and display the keys to a cold wallet Note that build.py is not deterministic. The output file
(raspberry/malvarma-<version>.img) is likely to differ over multiple runs,
even if it uses the same original Raspbian image and Malvarma code. This is
probably because libguestfs is also non-deterministic. If anyone has
suggestions on how to deterministically modify raw disk images, please contact
the author. In the meantime, please audit the code yourself if you want to
fully trust it.
Malvarma uses the rng-tools package:
raspberry/rng-tools_2-unofficial-mt.14-1_armhf.deb. To verify the
authenticity of this file, refer to
verify_rng-tools.md.
.img fileThe built .img file will be in the build/ directory, and is ready to be
burned to a microSD card.
You may choose to emulate the image using QEMU, but since QEMU will modify the image, remember to delete and rebuild it when you are done.
sudo apt -y install qemu-system-arm
python3 qemulate_malvarma.py build/malvarma-<version>.img
rm -rf build/malvarma-<version>.imgMalvarma is Espernanto for cold.
[1] In Espernanto, moneroj is the plural of monero, or coin.
[2] A cold boot attack, for instance, may retrieve data computer memory even if it has been rebooted, albeit within a timeframe of seconds to minutes.
[3] Some operating systems use on-disk swap files as temporary working memory storage. Sensitive data, including private keys, may find their way into swap files, and a determined adversary may be able to extract them.
[4] The Ledger, for instance, uses a secure element to store private keys, which makes it easy to spend coins without exposing any private keys.