Web3 Wallet Security Fundamentals (Linux Command Line)

Honors Dojo.

Web3 Wallet Security Fundamentals: A Linux Command Line Approach

A practical, hands-on module focused on Web3/Crypto wallet security, using only the Linux command-line utilities you have learned in class(CSE365).

Objective: Learn fundamental and advanced wallet security concepts by using core Linux commands to simulate real-world security failures and forensic analysis.
Commands Used: cat, grep, diff, touch, tr, chmod, Pipelining, Shell Scripting with Conditionals (if/then/else), and Environment Variable usage.

Challenge Progression

1. Securing the Seed Phrase

Core Concept: Cold Storage Simulation, File Permissions, Simple Obfuscation
Key Commands Used: touch, cat, tr (Translating chars), chmod (Changing Permissions)

2. The Hot Wallet Exposure

Core Concept: Environment Variable Attacks, Private Key Leakage
Key Commands Used: grep (on Exported Variables)

3. Phishing Content Analysis

Core Concept: Content Forensics, Identifying Subtle Fraud
Key Commands Used: diff (comparing files), grep

4. API Key Log Forensics

Core Concept: Multi-Stage Log Filtering, Data Pipelining
Key Commands Used: grep (Pipelining/Grepping live output), Text Extraction

5. Basic Signature Validation

Core Concept: Integrity Check Simulation, Scripting Logic
Key Commands Used: Scripting with Conditionals (if/then/else), cat

It is recommended to have a solid understanding of the commands listed above to successfully complete this module.

This module was created by Jacob Blemaster.

Challenges

Securing the Seed Phrase

Introduction to Seed Phrases

In the world of cryptocurrency and Web3, a seed phrase (also called a recovery phrase) is a series of 12-24 words that gives you access to your crypto wallet. It's essentially the master key to all your funds.

Critical Security Concept: If someone gets your seed phrase, they own your wallet. Forever.

This is why seed phrases should NEVER be:

Stored in plain text on your computer
Saved in cloud storage
Shared with anyone
Left with default file permissions that anyone can read

Cold Storage Best Practice

One approach to securing seed phrases is cold storage - keeping them completely offline and protected. In this challenge, you'll simulate cold storage security using Linux commands:

Obfuscation with tr: Transform the text so it's not immediately readable
File Permissions with chmod: Restrict access to owner-only

The Challenge

In this challenge, you need to:

Create a file containing a dummy seed phrase
Obfuscate it using the tr command (ROT13 cipher)
Set proper file permissions so only YOU (the owner) can read/write it

Commands You'll Use

tr (translate characters):

hacker@dojo:~$ echo "hello" | tr 'a-z' 'n-za-m'
uryyb

The tr command translates characters. The format A-Za-z to N-ZA-Mn-za-m performs ROT13 encryption.

chmod (change mode/permissions):

hacker@dojo:~$ chmod 600 myfile.txt

This sets permissions to rw------- (read/write for owner only).

File permission format:

6 = read(4) + write(2) for owner
0 = no permissions for group
0 = no permissions for others

Your Task

Run the seedPhrase command to validate your solution. This script will check:

Whether you created the obfuscated seed phrase file correctly
Whether file permissions are set to 600 (owner read/write only)

If successful, you'll receive the flag!

Hint

The tr command can read from a file and output to another file using:

cat input.txt | tr 'A-Za-z' 'N-ZA-Mn-za-m' > output.txt

Good luck, and remember: In the real world, proper seed phrase security can mean the difference between keeping your crypto safe and losing everything!