File-Wallet.com - Deterministic Wallet Generator from Any File (Hidden in Plain Sight)

Project Name: File-Wallet.com
Project Track: Integration.
Team Name: AmphibianDev
Team Member(s): 1, @AmphibianDev
HackerEarth Project Link: https://devpost.com/software/file-wallet-com-deterministic-wallet-generator

Project Goal:
A simple and easy-to-use, fully open-sourced website for generating cryptocurrency wallets for any kind, in a new unique and deterministic way that has a lot of advantages.
The user can use any file from any of his devices together with an optional but recommended password for generating his wallet. This way, you can “store” the wallet hidden in plain sight but in a secure way and with the property of having plausible deniability (impossible to tell if a file has or not any wallet generated from them).

Introductory video:

Project Value:
Made fully for the cryptocurrency community in general, the idea has come to me from a personal problem: “How and where to store my wallet seed?” At first, I made an easy Python script for this, but I wanted to help the cryptocurrency community because I believe this is the future, and I wanted to be part of it, even if it’s in a small way. So, I made this website for everyone. This is my only way with my current skill of helping the community. I hope you check it out, and it’s useful for some of you, like it is for me.

Project Info:
The basic premise of this website is that it takes any file and converts it into a Data URL string and together with the optional password, it’s then hashed using (SHA256), and the resulting output is used as the entropy for the Mnemonic Seed. It’s quite simple, but I didn’t see this done anywhere.

Project Website:

Project Test Instructions:
Honestly, I put a lot of effort into making the website as intuitive as possible, with people with different technical abilities testing it. I believe in the principle that if the software needs instruction, it’s not well done. But here they are anyway:

  1. The website has 4 sections: Header, Warning Info, Main Content, Footer. The only important one is the Main Content that is in the middle.
  2. The Main Content is separated into sections, the left, the input side, and the right, the output side.
  3. There are 2 tabs for the input side, File, and Seed. The most important one is File; the Seed tab is for generating a random wallet or from another mnemonic seed.
  4. In the File tab, that is the default one, you only have 3 inputs: the cryptocurrency for which you want to make the wallet, the optional password, and the most important one, the file you chose from which the wallet is generated from.
  5. Now you have an output on the right side; you can scroll down for more info, but the most important one there is the mnemonic seed, which you can copy or view the QR code by pressing the button on its right side.

Project Milestones:
The only thing that really needs to be done is compiling the entire website into a single .html file, for really easy downloading, storing, and running the website offline. If I win something, I put all the money in buying more time on the domain name and in this feature. I will work tirelessly until I get this done. Of course, if somebody knows how to, I am happy for contributions, even more than winning a prize here. Other things that I want to do:

  • Add tests.
  • Add a loading indicator during wallet generation.
  • Making the integration of JS code from iancoleman bip39, more Typescript safe.
7 Likes

Welcome to Grand hackathon season 6,
You mean I can build a wallet through your platform or do you mean I can store my mnemonic phrase through your platform?

2 Likes

Hi, thanks for the welcome.

The platform, meaning the website, builds/generates the wallet seed that then can be used in your software wallet of your choosing. The website doesn’t store the wallet seed or any information about the user; it’s just a tool for generating a wallet seed from a given input. This can be confusing because I said that you can use this for “storing” your wallet. What I mean there was the fact that using the same input: Any File + Optional Password, results in the same output => wallet seed, meaning that if you store the file and the password you used, you will have the capability to regenerate the same wallet seed every time.

No need to store the wallet seed itself when you can store the precursor (file + password). What is nice about that is the fact that the file for anyone else is just a normal file, and it’s impossible to tell if a wallet was generated from it!

1 Like

Please add your site to the post so that forum members can test it. I am interested to know how I can generate a wallet of any kind with just a file I have on my phone :eyes:

1 Like

I think I did, together with the GitHub link? Anyway here it is https://file-wallet.com Super excited to hear your opinion!

1 Like

Ohh! I just noticed that now. Upon getting your site, I quickly rushed into testing it and as soon as I access your platform, below image was the first thing that caught my attention; a system warning that I am using it at my own risk :exploding_head: and I’m questioning why it should be so. Since this is an issue of funds which possibly took users their lifetime to save, don’t you think that such warning could scare people from using your platform?

2 Likes

Well, I think I am just being truthful. Being new at making websites, I can’t guarantee that I didn’t make a mistake. But the generating code is from a well-known website, Ian Coleman’s BIP39, and I tried to import it without changing too much. And I fully open sourced the code for anyone to view.

And I warry about a user error: when the user uses an image to generate a wallet, all is good until they send it on Messenger, for example, and then they try to download it from there in the future to regenerate the wallet. Well, oh no, the wallet is not the same because some messaging apps like Messenger compress images, and for this tool, file-wallet.com, even when a byte/pixel changes, the output wallet is completely different. (I recommend to do a test with your storage of choice, play for a bit)

One thing that I need to do also is to make this as clear as possible because I think it’s quite an easy mistake to make. I regret not mentioning this at least in the video; I will add a better explanation of this on the website FAQ.

And one last thing I want to mention is that I use it myself for my personal wallets. In my opinion, it’s okay, but I still will feel a lot better with more people looking at it (the code).

1 Like

Hehe alright I was wondering on the first place, thanks for clarification

1 Like

OK so if you generate your seedphrase with your tool and save it with a certain password, you can always use the platform and generate same seedphrase… is there an option for that?

1 Like

Let me use this as an example, after generating this, how will I save it with a password

1 Like

What can be considered as the advantage of using files from any device for generating wallets?

1 Like

For Prince-Onscolo, here is a example. When you use the same image and the same password you will get the same wallet seed every time. You don’t save the wallet you keep the image you used, and remember the password.
Screen_Recording_20240510_164913_Brave-ezgif.com-video-to-gif-converter

What can be considered as the advantage of using files from any device for generating wallets?

Easier to store than a paper wallet. More hidden than a encrypted file. Easier to send a wallet with money to another party without anyone knowing it. Etc.

Hidden in plain sight, you can “store” your wallet, and nobody knows about it, even if the device where you have your file from which you generated a wallet, got hacked, they don’t know about it, and it’s impossible to tell that something is hidden, unlike an encrypted file which they know for sure something is hidden there, and they can brute force it.

Not only that, but you can have bait wallets from the same file. Let’s say your real password is 123 where you have a wallet with 100 Tron. When you are forced to give your crypto by a $5 wrench attack, you put 12 as the password where you have 10 Tron, and it’s impossible to tell from the file alone that there is another wallet, unlike other encryption methods.

ok so the user select any image he wants to use

1 Like

Welcome to Hackathon Season 6, your project File-Wallet.com 2 seems to address a pertinent issue within the cryptocurrency community, offering a unique approach to wallet generation.

Have you considered implementing additional layers of security, such as multi-factor authentication or biometric authentication, to further enhance wallet security?

1 Like

Welcome to the Season 6, a crypto wallet generator is really good

1 Like

Your method of hiding cryptocurrency wallets offers a unique blend of security and discretion, making it a compelling option for users concerned about safeguarding their assets. What strategies do you have in place to support users in cases of emergency or loss, such as forgotten passwords or accidental deletion of hidden wallets?

1 Like

Hello File Wallet team! Welcome to the TRON/BTTC community!
Thanks for joining the hackathon!

I tested your app and have to say it’s a very innovative way to generate a wallet!
We oftenly rely on random generated wallets which have proven to cause critical security problems if the randomness generator is not as random as expected.

I have some questions and recommendations:

  1. Is it possible to create an npm package so other projects like wallet software can use it for their projects? This could be done instead of your proposed html for others to integrate your solution, we have some community wallet projects from @tronsave.io and @TronNinjas that could use this wallet generation option on their own apps. By creating this package you can increase trust and reduce security concerns from users.

  2. We’d love to see a BTT and TRON addresses as well for donation in your website :slight_smile:

  3. Which security measures are you taking to prevent private key/seed leakage in your website? How can users confirm the website/package is not storing any sensitive information ?

  4. It will be great to include BTTC network as well in your wallet generator menu, is it possible for you to include that as part of your submission for this hackathon? I assume should not be too difficult as it is an EVM chain and uses same encryption as others.

  5. Based on your past experience within the monero community which are the main security related concerns / disadvantages of a determinist wallet generation vs a random approach?

Please elaborate a bit more on current hackathon milestones and dates for judges to review

Thank you again and let’s keep on building on TRON/BTTC :slight_smile:

4 Likes

Hi, thanks a lot!

  1. Yes, it is possible to make an npm package, and it’s a very nice idea, but that will be another project itself. The generating code was not made by me; I myself took it and adapted it from Iancoleman BIP39, and I tried to change it as little as possible to not add any mistakes in there. When I was making the project, I was hoping to find an npm package like that.

  2. Sure, I can do that.

  3. I don’t know if there is a possible leakage problem; I don’t have any knowledge in that domain. The website doesn’t store any sensitive information or any information of any kind. And the only method to check any of those, is by checking the code. That is why from the start I tried to be as transparent as possible by fully open-sourcing the code, using GitHub pages for hosting, and not even minifying the production code. And as with any open-source projects (even cryptocurrencies), if a user doesn’t have the capabilities to inspect the code, they need to trust the ones that did. I don’t think I can do better in that department.

  4. Honestly, I’m not entirely sure. Is BTTC a token on Tron and Ethereum? I was considering adding it as an option in the menu, but then I wondered about other tokens or a token on multiple networks. So, if a user wants to use a token, they need to choose the main network in the menu, like Ethereum or Tron.

  5. Sure, I will try to be “devil’s advocate”:

  • You can easily make a mistake with an image that modifies it, by compressing it or by opening it in Microsoft Paint and saving it, etc, losing the wallet if you don’t have other backups. (Best not to use paint, messaging apps for storage and try to use other types of files that are not commonly lossy compressed.)
  • If you download a very common image from somewhere and didn’t change it, there is a big chance someone will do the same and get the same wallet, only if you didn’t use a password, a good password. (I recommend making an image yourself, don’t download it, or at least modify it a bit, and add a good password, a phrase.)
  • When you generate a wallet and your device is compromised with a virus, the hacker will have your wallet. (Storing the generating file on an infected device is not necessarily bad, as long as you used a password, but when you use it and generate the wallet, you lost it. Make sure the device you use is not infected.)
    I can’t think of anything else at the moment.

Thanks for the good question and sugestions.

1 Like

@AmphibianDev is there a reason why you skipped my question?

1 Like