Signing raw transactions with Trezor (old firmware)

I’ve lost access to my Trezor seed words, thus can’t update to latest firmware which supports overwinter update. Obviously with the current version of firmware installed in my Trezor I can’t move my zcash funds out of my wallet. I’m stuck.

What I’m thinking of is to create a raw transaction with the latest version of zcash-cli and then signing the tx with my Trezor (old firmware) before broadcasting to the network. Can anybody please comment/confirm if this is going to work to move my funds out of Trezor before I can reset the device?

I think you’d need an alternate Trezor supporting application - like a version of Electrum that supported Zcash.

Can you maybe suggest one? Did my research but seems like there isn’t a stable one which officially supports Trezor hardware.

No, I’m not aware of any. You’d have to modify the source from an existing Electrum and compile it yourself. It’s still the wild west of crypto currency out there…

See if Trezor support have any helpful suggestions - I wouldn’t be surprised if their own web wallet interface has a work-around to allow older devices…

Eventually it’s worth trying it with Exodus and their Beta Eden. I had so far one similar turn around and with moving forth and back btw. Exodus and Eden i got it managed.
As well Exodus support is very helpfull.
But than again, you still would need some kind of info/pass of the old trezor zcash wallet to import it somehow into Eden or Exodus.

I think the issue here is you will only be able to sign a pre-Overwinter tx on the Trezor without updating the firmware so you wouldn’t be able to broadcast it to the current network as it wouldn’t be valid? I guess you could construct, sign and send a tx on the legacy chain to a new address (generated on legacy chain) that you know the private key to, but I don’t know how you would perform the actual signing part on the Trezor and it would probably be a bit of an involved process. It would be interesting to hear if Trezor have any suggestions.

Edited to add: I wonder if making a tx on the legacy chain is actually even feasible as I presume you wouldn’t be able to mine a block as the difficulty would probably be crazy?

why do you need your seed words to update the firmware?

1 Like

Updating the firmware resets the device; the seed is then required to recover your account.

that sucks pretty bad.
Ledger doesn’t have this issue. You can upgrade without restting the device…

1 Like

Is there a DIY Trezor firmware that can output your seed?

As far as I know, there is no wat to export seed words or private keys, that wouldn’t make any sense in terms of security. Haven’t had the luck reaching Trezor support yet. Will try again.

@garethtdavies so the overwinter update brought changes to the signature scheme as well?

Yes, see here: it fully details all the changes in Overwinter.

1 Like

You can’t directly create an unsigned Overwinter transaction and then have the TREZOR sign it, because the Overwinter SignatureHash function is different, and the old firmware doesn’t know about it (so would try to sign the transaction with the Sprout SignatureHash function). However, the signing algorithm itself is unchanged, so you may be able to work around this if TREZOR has the ability to sign any arbitrary message hash (i.e. just the signature operation). I suspect you can’t leverage an arbitrary-message-signing feature though, as that likely hashes the message internally regardless of its length, whereas you would want to calculate the Overwinter SignatureHash and then pass that in without further modification.

tl;dr I do not know whether it is possible with the pre-Overwinter version of the TREZOR firmware.

General advice to hardware wallet users: if you lose access to the backup of your seed words, you should transfer your funds out of the hardware wallet immediately (and then reset it with a new seed), because you could lose access to your funds in the same way as above, as well as if e.g. your device broke.