Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Project Development
Merits 7 from 3 users
Re: SeedClicker - Writing seed phrases without keyboard [Script Python]
by
PaulBf1
on 20/02/2025, 15:02:29 UTC
⭐ Merited by ABCbits (3) ,Joel_Jantsen (3) ,joker_josue (1)
I have some experience with python so I wanted to share my take on this. This is NOT a good way to fill in your seed pharse, the best approach is to always use the wallet's built-in recovery process. For a couple of reasons:

1- The main problem is that the script doesn’t actually protect you from the threats you’re trying to guard against (mainly keyloggers). The script uses pyautogui.typewrite() to enter the seed phrase, this method simulates keyboard input, which means:

  • It's vulnerable to keyloggers
  • The words are sent as plain keystrokes through the operating system
  • Any malware monitoring keyboard input can capture these keystrokes

2- The selected words are stored in plain text in the selected_words list in memory. This is a big NO NO, even when the display is "hidden" (showing asterisks), the actual words are still stored in memory unencrypted.

3- I understand how this can go under the radar, but Memory dumps could potentially reveal the seed phrase as the script doesn't properly remove the data. The script uses selected_words.clear() inside the clear_all function to remove the words after each run, but in python this simply only removes the references to the strings, the actual string data remains in memory until garbage collected.

There are other risks of course but these are the main ones. Another one thats worth noting is the protection against screenloggers, the asterisk masking only applies to the final display meaining that the actual word selection process remains completely visible.

Would love to hear some counter arguments regarding the points mentioned by OP.