Jade hardware wallet

Related tags

Miscellaneous Jade
Overview

Jade Firmware

To build you can use the docker image (see Dockerfile) or install the esp-idf toolchain and repo following the commands in this readme.

Use docker

Note the supplied docker-compose.yml assumes the Jade device is at dev/ttyUSB0.

(local)$ docker-compose up -d
(local)$ docker-compose exec dev bash
(docker)$ cp configs/sdkconfig_jade.defaults sdkconfig.defaults
(docker)$ idf.py flash

The docker-compose.yml also mounts the local git repo so that it is the origin of the repo in the docker.

Set up the environment

Jade requires the esp-idf sdk.

More information is available in the Espressif official guide.

Get the esp-idf sdk and required tools:

cd ~/esp
git clone -b v4.2 --recursive https://github.com/espressif/esp-idf.git
cd ~/esp/esp-idf && git checkout c40f2590bf759ff60ef122afa79b4ec04e7633d2 && ./install.sh

Set up the environmental variables:

. $HOME/esp/esp-idf/export.sh

Build the firmware

mkdir $HOME/jade
git clone --recursive https://github.com/Blockstream/Jade.git $HOME/jade
cd $HOME/jade
cp configs/sdkconfig_jade.defaults sdkconfig.defaults
idf.py flash monitor

Build configurations

There are various build configurations used by the CI in the configs/ directory, which may be required for specific builds eg. without BLE radio, with the screen enabled (or disabled, as with the CI tests), or for specific hardware (eg. the m5-fire).

The menuconfig tool can also be used to adjust the build settings.

idf.py menuconfig

Note: for any but the simplest CI-like build with no GUI, no camera, no user-interaction etc. it is recommended that PSRAM is available and enabled. ( Component Config -> ESP-32 specific -> Support external SPI connected RAM )

Run the tests

cd $HOME/jade
virtualenv -p python3 venv3
source venv3/bin/activate
pip install -r requirements.txt

python test_jade.py

deactivate

License

The collection is subject to gpl3 but individual source components can be used under their specific licenses.

Issues
  • Jade and normal multisig compatibility

    Jade and normal multisig compatibility

    Are there plans to add support for standard multisig wallets?

    I see that you have support for Green-specific 2-of-2 or 2-of-3 or 2-of-2+csv, but would be nice to be able to use Jade in standard multisig with other hardware wallets.

    For example, software wallet could pass receiving and change descriptors to the HW and it could verify that all scriptpubkeys in inputs and change outputs are derived from these descriptors.

    opened by stepansnigirev 21
  • Jade frequently becomes unresponsive when using the scroll wheel

    Jade frequently becomes unresponsive when using the scroll wheel

    I've had multiple times that I was entering my seed words that it froze and had to restart the process all over because it stayed unresponsive untill a reset.

    opened by MEdGalo 13
  • Missing cbor dependency?

    Missing cbor dependency?

    I tried running the docker image and got this during the idf.py flash step:

    -- Building ESP-IDF components for target esp32
    CMake Error at /root/esp/esp-idf/tools/cmake/build.cmake:185 (message):
      Failed to resolve component 'cbor'.
    
    
    opened by asoltys 12
  • Display a warning if multisig suffix paths don't match

    Display a warning if multisig suffix paths don't match

    Thanks. So with Jade we opted to be quite strict in this regard - in order to use multisig the user first needs to register the setup on Jade - ie. as a separate registration step the user inspects/confirms:

    * all co-signer xpubs (the hw checks that at least one belongs the Jade)
    
    * threshold
    
    * script type
    
    * (and now) whether bip67 key sorting applies
    

    Once that has been confirmed, future requests to get receive addresses or change addresses will use the registered setup - the only additional data passed per request is the bip32 path suffixes. The full key derivation paths are validated against bip45/48/87, and that the final element is within a reasonable range. If this validation fails, a warning is displayed and the user must explicitly check/confirm the path.

    We believe this should cover the known attack scenarios - but obviously are happy to hear if you think otherwise! ;-)

    I think I thought of a scenario.

    I noticed that to get an address, the computer sends the following to the Jade:

    INFO:jade:Sending: {'method': 'get_receive_address', 'id': '468131', 'params': {'network': 'mainnet', 'paths': [[0, 2], [0, 2], [0, 2]], 'multisig_name': 'hwi'}} as cbor of size 108
    

    However, I see that the Jade accepts paths that don't match like:

    INFO:jade:Sending: {'method': 'get_receive_address', 'id': '865589', 'params': {'network': 'mainnet', 'paths': [[0, 1], [0, 2], [0, 3]], 'multisig_name': 'hwi'}} as cbor of size 108
    

    which I think is non-standard in most companion wallets.

    Could an attacker pass something like [[0, 2333], [0,3999], [0,4383]] and perform a type of ransomware attack on get_address or sign_tx, where they will only reveal the paths in return for some BTC?

    I saw that there's actually some validation on paths here: https://github.com/Blockstream/Jade/blob/34a1814bbde5486e08600de701619fb7779b5455/main/wallet.c#L343 , but I don't think this case is covered. I think this wouldn't be a problem for 2 of 3 multisig, as the victim could easily brute force the paths because there's a check on MAX_PATH_PTR of 10000, so 10000^3=10^12 combinations to try (for comparison, bitcoin network hashrate is in the order of 10^20 Hashes/second), but this might be a problem for larger multisigs (I see up to 8 signers are supported). Should we be checking that the paths are all equal to each other for multisig wallets?

    Originally posted by @Georgantas in https://github.com/Blockstream/Jade/issues/22#issuecomment-1002841897

    opened by georgantas 5
  • "internal error - restarting" when trying to send to p2pkh addresses

    jade crashes whenever I try to send to a p2pkh address(legacy). Jade will print "internal error - restarting" on its screen and restart as soon as I confirm the transaction info on my android green wallet. Sending to segwit addresses are working fine, however.

    opened by prelude444 5
  • Website OS supports need to be updated

    Website OS supports need to be updated

    From, https://store.blockstream.com/product/blockstream-jade/

    Currently: Blockstream Green for Android (iOS, Windows, macOS, and Linux support coming soon)

    Sound like it's only supported on Android, while I know it is on iOS

    opened by Transisto 4
  • Jade stuck at

    Jade stuck at "Persisting PIN data..."

    was setting up the wallet by scanning an existing seed qr code and entered the new PIN twice.

    It ended up working but there might have been a communication error with BS server that didn't retry in time.

    opened by Transisto 4
  • Does the Jade check the existence of a change address in the output of a transaction?

    Does the Jade check the existence of a change address in the output of a transaction?

    This is a continuation of the thread from: https://github.com/Blockstream/Jade/issues/22#issuecomment-1002091796 . I had referenced this article: https://shiftcrypto.ch/blog/the-pitfalls-of-multisig-when-using-hardware-wallets/

    I see that the Jade checks that the multisig change address in the output of the transaction is registered on the device: https://github.com/Blockstream/Jade/blob/master/main/process/sign_tx.c#L87

    I was wondering though: Does it also check the existence of a change address in the output of a send transaction? I noticed that the Jade will ask the user confirm the change address, but the user has no way of knowing that this address is a "change" address. I'm thinking of the scenario where a malicious computer sends a send-to-many transaction to the Jade, where the second output is not a change address, but an address controlled by the hacker. Can this happen?

    opened by georgantas 3
  • Not possible to use Testnet or Liquid

    Not possible to use Testnet or Liquid

    After setting up the HW Wallet with a 24-seed, I tried to change the network in the Android Green Wallet App to Liquid (same with Testnet). Got the response from the app: "The network chosen in the Green App is not the same as the network chosen on the hardware wallet. Please choose same network on both devices". Also, on the HW device, I did not find an option for changing the network. So, it is effectively not possible to use Liquid or Testnet at the moment?

    opened by svanstaa 3
  • Marketing Material and Reviews Refer to Storage if Liquid Assets Out of the box

    Marketing Material and Reviews Refer to Storage if Liquid Assets Out of the box

    Marketing Material and Reviews Refer to Storage if Liquid Assets Out of the box, Including Liquid Tether. I find this to be not true. Not sure if this is the place to share that information. Liquid Bitcoin Seems to be the only Green Wallet supported liquid asset.

    opened by jadenewbie 2
  • Button A (previous) not responding on M5 stack

    Button A (previous) not responding on M5 stack

    I set the environment, compiled and flashed Jade on a standard M5 stack and soon noticed Button A was not responding. I tried to debug input.c and tinker with the code but didn't manage to find out why "btn_handle_prev" was not responding and "button_A" was not being called. Log warned about "handler already registered, overwriting" but I wasn't able to find out if it has to do with this issue

    opened by odudex 2
  • How to obtain the bootloader? How to sign files?

    How to obtain the bootloader? How to sign files?

    I followed all the steps to build the firmware, and successfully created a build directory. After moving the build directory to /tmp/jade, I attempted to flash:

    $ DEVNAME=/dev/ttyACM0 ./flash.sh
    
    Device /dev/ttyACM0 can now be flashed
    esptool.py v3.0
    Serial port /dev/ttyACM0
    Connecting......
    Detecting chip type... ESP32
    Chip is ESP32-D0WDQ6-V3 (revision 3)
    Features: WiFi, BT, Dual Core, 240MHz, VRef calibration in efuse, Coding Scheme None
    Crystal is 40MHz
    MAC: 30:c6:f7:1f:6b:84
    Uploading stub...
    Running stub...
    Stub running...
    MAC: 30:c6:f7:1f:6b:84
    Hard resetting via RTS pin...
    esptool.py v3.0
    Serial port /dev/ttyACM0
    Connecting.....
    Detecting chip type... ESP32
    Chip is ESP32-D0WDQ6-V3 (revision 3)
    Features: WiFi, BT, Dual Core, 240MHz, VRef calibration in efuse, Coding Scheme None
    Crystal is 40MHz
    MAC: 30:c6:f7:1f:6b:84
    Uploading stub...
    Running stub...
    Stub running...
    Manufacturer: 20
    Device: 4016
    Detected flash size: 4MB
    Hard resetting via RTS pin...
    usage: esptool write_flash [-h] [--erase-all]
                               [--flash_freq {keep,40m,26m,20m,80m}]
                               [--flash_mode {keep,qio,qout,dio,dout}]
                               [--flash_size FLASH_SIZE]
                               [--spi-connection SPI_CONNECTION] [--no-progress]
                               [--verify] [--encrypt]
                               [--ignore-flash-encryption-efuse-setting]
                               [--compress | --no-compress]
                               <address> <filename> [<address> <filename> ...]
    esptool write_flash: error: argument <address> <filename>: [Errno 2] No such file or directory: '/tmp/jade/build/bootloader/bootloader_signed.bin'
    

    But there is no bootloader? I dont see it mentioned in the docs, and therefore I'd assume it should be built, but I am not really sure.

    I am running the latest tagged version.

    Later on...

    I was able to build using this command, which DID build the bootloader: idf.py build

    I had to update the flash_jade.sh script, since the generated outputs arent "signed"

    esptool.py ${COMMON_ESPTOOL_OPTIONS} --flash_size 4MB \
    -u 0x1000 ${FLASHROOT}/build/bootloader/bootloader.bin \
    0x9000 ${FLASHROOT}/build/partition_table/partition-table.bin 0xE000 \
    ${FLASHROOT}/build/ota_data_initial.bin 0x10000 ${FLASHROOT}/build/jade.bin | tee -a ${OUTPUTLOG}
    

    (notice bootloader.bin vs bootloader_signed.bin and jade.bin vs jade_signed.bin)

    I was able to successfully flash, but now the device doesn't turn on. I still see the device connecting to the serial port, but the display doesnt turn on, and Sparrow wallet is telling me the device is responding with an EOF.

    opened by kornpow 17
  • Unusual multisig change path warning using Jade with Sparrow wallet

    Unusual multisig change path warning using Jade with Sparrow wallet

    I've set up a 2-of-3 multisig using 3 Jades and Sparrow wallet. When I try to sign a transaction to spend from the wallet, I get a warning message: Unusual multisig change path.

    Sparrow wallet uses path ../1/0 for the change, which I believe is standard. It also uses m/48'/0'/0'/2' as derivation paths.

    opened by georgantas 14
  • [Feature] Allow restore via QR scanning of seeds with just first 4 letters per word.

    [Feature] Allow restore via QR scanning of seeds with just first 4 letters per word.

    This is what coldcard BIP-85 QR export use.

    It makes sense since there's already error correction in the QR and that too many letters create too dense QR to scan on lower res cameras.

    opened by Transisto 3
  • Register CSV accounts on the Jade

    Register CSV accounts on the Jade

    It would be nice to be able to register CSV accounts on the Jade similar to the multisig implementation. If an account is registered with an xPub that isn't Blockstream's, a warning could be displayed during registration.

    I think this would make Jade's interface more consistent as well. For sending a txn, the change parameter would be only the path (no more csv_blocks parameter). I think it would also be more secure because an attacker could pass a non-standard csv_blocks parameter, and ask for ransom (not sure if this would trigger a warning currently).

    opened by georgantas 1
  • Derivation path for Jade with Passphrase

    Derivation path for Jade with Passphrase

    I have a wallet (single sig, with passphrase) created on a Jade hardware wallet and I would like to recover the wallet in Electrum. After all it should be BIP39 compatible.

    I entered the seed, checked the BIP39 marks, typed in my password as "additional words" (which works fine for ledger or trezor for example), and then chose the right derivation path (which should be p2sh-segwit, since my addresses all start with 3), but I dont get the same addresses as in the green software.

    I tried changing the account number of the derivation path (so m/49'/0'/1' instead of m/49'/0'/0') but it is also not working.

    Does anyone know why this is incompatible and what could be done to fix it?

    opened by rc-fire 2
Owner
Blockstream
Blockstream
Mystikos is a set of tools for running applications in a hardware trusted execution environment (TEE)

Mystikos is a set of tools for running applications in a hardware trusted execution environment (TEE). The current release supports Intel ® SGX while other TEEs may be supported in future releases. Linux is also a supported target, though only suitable for testing purposes as it provides no additional protection.

null 97 Jul 30, 2022
I2C hardware test terminal/master mode emulator.

I2C Master Mode Emulator The I2C master mode emulator allows communication with I2C devices by sending or receiving data to/from the I2C bus. To issue

Dilshan R Jayakody 17 Jan 26, 2022
WIP: ESP32 powered robot dog, quadruped robot. This is just code, hardware in the other repositories

Small Robot dog (quadruped) Hardware ESP32 IMU (not implemented) 12 servos TowerPro mg90d (hope it will work) Two 18650 Software Arduino IDE compatibl

Gleb Devyatkin 62 Jul 31, 2022
Open-source and open-hardware scientific RPN calculator

OpenRPNCalc Open-source and open-hardware scientific RPN calculator Introduction OpenRPNCalc is a scientific calculator based on STM32 microcontroller

Anton Poluektov 139 Jul 20, 2022
J2534 drivers for various Macchina hardware

Macchina-J2534 J2534 drivers for various Macchina hardware This is a experimental driver which is built in Rust, and is unofficially ported to Linux a

Ashcon Mohseninia 36 Aug 10, 2022
Simulation of VT100 terminal hardware

Simulation of the VT100 hardware About This is a software simulation of the VT100 hardware. The original firmware ROM is built in and executed by an 8

Lars Brinkhoff 53 Aug 6, 2022
Isaac ROS image_pipeline package for hardware-accelerated image processing in ROS2.

isaac_ros_image_pipeline Overview This metapackage offers similar functionality as the standard, CPU-based image_pipeline metapackage, but does so by

NVIDIA AI IOT 31 Jul 18, 2022
Prometheus exporter for ARM® Hardware components using HWCPipe.

ARM® HWCPipe Exporter ARM® HWCPipe Exporter is a Prometheus exporter written in Java and C++ that retrieves metrics from Android devices running on AR

Jinesi Yelizati 3 Mar 18, 2022
A software serial driver package by using the hardware timer capture / comparison functionality.

Soft serial 1.简介 Soft serial 是利用硬件定时器捕获/比较功能实现软件模拟串口的软件包。 1.1目录结构 Soft serial 软件包目录结构如下所示: soft_serial ├───inc // 头文件目录 │

齐永忠 2 Jul 14, 2022
Hardware Spoofer for Windows

Hardware Spoofer Hardware Spoofer for Windows DiskDrive(s), Volume ID(s), NIC (+ARP), SMBIOS, GPU, BOOT Built With btbd\hwid Xiloe\NULL-CPP-SPOOFER Au

Majdev 11 Jun 20, 2022
Ignition hardware interface

Currently there is no ros control (hardware interface) plugin for ignition. Other approaches uses trajectory plugins to send trajectories without using ros control natively.

Panagiotis Angelakis 2 Mar 9, 2022
TelloTalent Robomaster TT hardware package for programming the esp32 included with it

TelloTalent esp32 for arduino IDE TelloTalent Robomaster TT hardware package for programming the esp32 included with it Notes All this files are extra

MCTRACO 3 Jun 30, 2022
Is this hardware solution the ultimate in switch bounce elimination? Simple PCB, cheap components = final solution!

#230 Ultimate Switch Bounce Eliminator Direct link to video: https://youtu.be/b2uUYiGrS5Y It's time to try a final, alternative approach to the ubiqui

Ralph Bacon 5 Mar 25, 2022
A hardware device for visualizing music in a spiral

SpiralMusic_Teensy A hardware device for visualizing music in a spiral. Uses a teensy with audio sheild, and WS2812 pixels for display. For a python o

Gavin 4 Jan 9, 2022
This is an upgrade to the initial TerminalOS source, supporting real hardware other than just QEMU, using GRUB as a bootloader instead of the crappy one i wrote

Terminal OS Author: Maheswaran Date: 20th Nov 2021 PROGRESS Multiboot compilance achieved VGA driver from complete with print_hex, print_dec, printf f

Maheswaran Parameswaran 1 Nov 28, 2021
A customizable hardware prefetching framework using online reinforcement learning as described in the MICRO 2021 paper by Bera and Kanellopoulos et al.

A Customizable Hardware Prefetching Framework Using Online Reinforcement Learning Table of Contents What is Pythia? About the Framework Prerequisites

SAFARI Research Group at ETH Zurich and Carnegie Mellon University 41 Jul 26, 2022
Hardware ID Resetter for D2R bans.

Anti-Flag for D2R Anti-Flag is a simply Console Application written in modern C++. It prevents Chainban's by clearing common Directories and Registry

null 16 Mar 8, 2022
Universal fix for Google SafetyNet on Android devices with hardware attestation and unlocked bootloaders.

Universal SafetyNet Fix This is a universal fix for SafetyNet on devices with hardware-backed attestation and unlocked bootloaders (or custom verified

Danny Lin 3.6k Aug 7, 2022
Linux kernel platform driver for ASUSTOR NAS hardware (leds, buttons)

asustor-platform-driver Linux kernel platform driver for ASUSTOR NAS hardware (leds, buttons). On many systems, ASUSTOR uses a mix of IT87 and CPU GPI

Mathias Fredriksson 10 Jul 28, 2022