Author

Topic: BitHD Razor - Hardware wallet Step by Step Guide and Review (Read 296 times)

legendary
Activity: 2268
Merit: 18771
I don't like to authorize my browser to install APKs, as it is not recommended by android.
It's only not recommended by Android because the vast majority of people go around willy nilly installing anything that looks pretty and clicking on random links and would end up with a phone full of malware. Since you know what you are doing, the risk of installing from "unauthorized" sources is minimal. Further, you can simply enable the functionality to install that single app, and then immediately disable it again once the app is installed.

they do not provide signature to verify the download neither
The page you linked to does provide a hash of the file, though. The same hash can be found on their GitHub page here: https://github.com/bitpiedotcom/bitpiedotcom.github.com/blob/master/android/SHA256SUMS. I've not downloaded the app to confirm the hash is correct, though.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
I'm curious why you think the Google Play Store is safer than downloading direct from the developer? Google do pretty much nothing in terms of reviewing uploaded apps to ensure they are legitimate, not malware, not fake copies, etc. An app being available on the Play Store says absolutely nothing about it being genuine.

I agree. Indeed there are a lot of fake apps there.

But as they are creating an app for an android device, I think they could provide a link in their website to the Google Play store app. I don't like to authorize my browser to install APKs, as it is not recommended by android. This is the most common practice and I feel safer. I know there isn't much difference... they do not provide signature to verify the download neither
legendary
Activity: 2268
Merit: 18771
I was talking about ledger nano s. It doesn't have bluetooth, but it generates my seed, send coins, receive coins, etc, just like razor.
It doesn't ask for your location because it doesn't use Bluetooth. The Ledger Nano X also asks for your location because it requires it to properly use Bluetooth. I share your concerns regarding this, which is part of the reason I don't use these Bluetooth devices.

Recently, I was chatting with o_e_l_e_o and he said he would rather carry bed on his back or his car or whatever method than to give his address to walmart when buying a new bed there.
Maybe not quite on my back. Grin But yes, I'd rather just put it in a truck myself and take it home than hand over my personal details and then have a couple of strangers waltz in to my house.

Personally I don't really like this procedure, as I prefer to download it straight from google play store, as it is safer.
I'm curious why you think the Google Play Store is safer than downloading direct from the developer? Google do pretty much nothing in terms of reviewing uploaded apps to ensure they are legitimate, not malware, not fake copies, etc. An app being available on the Play Store says absolutely nothing about it being genuine, and indeed, there are so many fakes on the Play Store that people get scammed by them frequently. I would much rather download an app direct from the developer, which I can then verify using the signatures provided, before I install it.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
I understand that this BLE thing may ask for location. However, I use many much more sophisticated Bluetooth devices that doesn't require my location: i.e, Dualshock 4, JBL speakers, bose speakers, and so on. Those are new tech gadgets from 2018,2019 and they do not request my location to work.

Trezor devices do not have a built-in Bluetooth so Trezor Manager app does not require the location permission. Which Ledger Nano are you referring to? The S or the X model?
I was talking about ledger nano s. It doesn't have bluetooth, but it generates my seed, send coins, receive coins, etc, just like razor.

Imo, built-in Bluetooth is irrelevant. I just want to create a wallet. My address is not directly necessary for that action so it should not be revealed, simple as that.

Recently, I was chatting with o_e_l_e_o and he said he would rather carry bed on his back or his car or whatever method than to give his address to walmart when buying a new bed there. I am not that paranoid. I can give my address to walmart so they can deliver my bed at my house.

However, I do not want to reveal my address to connect a bluetooth device. I think a seed should be generated without my address (which is what my location is after all).

Edit: One could argue that bitpie is not collecting and storing my address (and that is probably true). However, I do not want to reveal it and trust that they are not going to store it.
legendary
Activity: 1876
Merit: 3139
They could generate the PIN based in something else, not my location.

Why do you assume that they need your location to 'generate the PIN'? You are supposed to come up with a PIN by yourself. The dialog box states that it needs those permissions to connect to the device.

They speciafically ask for GPS permission. [...] While you are saying they do not use GPS data (although they ask for it), they do have access to my location

There is no such a thing as GPS permission; there's only location permission. The way they phrased it could be simply a mistake on their end. Location uses not only GPS but also Wi-Fi, mobile networks and other sensors. You cannot turn them off individually (except for Wi-Fi) thus there is no point in differentiating location and GPS. My OnePlus phone allows me to see recent locations requests in the settings and I can't see BitPie there even though I have used it for a while. This means that their app accessed only information necessary to establish a BLE connection.

If Trezor does that as well, it is a weak point in their app as well, as Ledger Nano doesn't require my location access to create a new wallet. This certainly isn't a big problem, as I would still recommend this wallet to anyone. However, if it is someone super paranoid with privacy I would point out this information.

Trezor devices do not have a built-in Bluetooth so Trezor Manager app does not require the location permission. Which Ledger Nano are you referring to? The S or the X model?
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
While the location permission needs to be granted, the Razor does not ask for the user's position via GPS. If any app is using GPS, an icon is shown in the notification bar. Also, you can turn off location in your phone's settings and you will still be able to connect to your Razor. The permission needs to be granted to access the information needed for the Bluetooth scan.

Permission needs to be granted to generate the PIN, according to BitPie app.

They speciafically ask for GPS permission.



While you are saying they do not use GPS data (although they ask for it), they do have access to my location. I don't wanna share this information with them, as this information isn't necessary for my relationship with this wallet. They could generate the PIN based in something else, not my location.

I want to reveal little as possible information to any application, only what is directly necessary for that transaction.

If I cannot selective reveal myself, as I am forced to reveal personal information which are not relevant to the transaction, I have no privacy.

I always like to remember Eric Hughes, cypher punk manifesto:

Quote
https://www.activism.net/cypherpunk/manifesto.html
Since we desire privacy, we must ensure that each party to a transaction have knowledge only of that which is directly necessary for that transaction. Since any information can be spoken of, we must ensure that we reveal as little as possible. In most cases personal identity is not salient.
...
When I ask my electronic mail provider to send and receive messages, my provider need not know to whom I am speaking or what I am saying or what others are saying to me; my provider only need know how to get the message there and how much I owe them in fees. When my identity is revealed by the underlying mechanism of the transaction, I have no privacy. I cannot here selectively reveal myself; I must always reveal myself.


Edit: If Trezor does that as well, it is a weak point in their app as well, as Ledger Nano doesn't require my location access to create a new wallet. This certainly isn't a big problem, as I would still recommend this wallet to anyone. However, if it is someone super paranoid with privacy I would point out this information.
legendary
Activity: 1876
Merit: 3139
I think you are right, instructions could be better, and there should be no need for location access.
  • No need for location access. There should be an option to make the application work without location access, even if it consumes more battery.

While the location permission needs to be granted, the Razor does not ask for the user's position via GPS. If any app is using GPS, an icon is shown in the notification bar. Also, you can turn off location in your phone's settings and you will still be able to connect to your Razor. The permission needs to be granted to access the information needed for the Bluetooth scan.

One thing people can do is to use vpn before installing wallet.

A VPN won't protect one from a GPS based location request.

Honestly, I haven't  understand such thing as the channels trough which that Razer wallet communicates with computer. Is it capable to communicate via optical channel using QR codes? If such channel exists  what kind is it, one-sided or dual way?

No, it isn't. The Razor can only communicate via Bluetooth with the dedicated app available only for Android and iOS.
legendary
Activity: 2212
Merit: 7064
I am glad you are finally able to complete installation and setting up your wallet Smiley

Points that could be improved:

  • Instructions. The lack of instructions almost made me gave up. If it was not for Bitcryptex suggestions, I would have.
  • No need for location access. There should be an option to make the application work without location access, even if it consumes more battery.
  • Lack of Desktop App. Should really have one. I would really want ELECTRUM compatibility. If it already has, please put a BIG note in the website/instructions.

I think you are right, instructions could be better, and there should be no need for location access.
One thing people can do is to use vpn before installing wallet.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
OP was updated with the step by step guide.

Overall nice wallet and I would certainly recommend it.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
When you are asked to enter the PIN second time, the order of numbers changes. You have to enter exactly the same PIN. Don't worry about the different order of numbers on the device. In case you still don't get it, watch this video.

I really had no idea I should do what this guy said in the video lol

I am impressed.... How am I suppose to guess that I should do all that? Thank you so much. I will update OP soon with the correct information and a step by step on how to set up Razor wallet.
legendary
Activity: 1876
Merit: 3139
I use many bluetooth devices: Playstation controllers, JBL sound docks, and so on. Never saw any request access.

That's because those devices do not use BLE (Bluetooth Low Energy). See this explanation. For example, Ledger Nano X uses BLE thus Ledger Live asks for location permission.

I will try again later, but I am really stuck. I tried everything but I couldn't make the second PIN match. How did you do?

When you are asked to enter the PIN second time, the order of numbers changes. You have to enter exactly the same PIN. Don't worry about the different order of numbers on the device. In case you still don't get it, watch this video.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science

I might be wrong here, but I think that every Bluetooth device asks for the location access permission. As far as I remember, that's what my Galaxy Watch and Mi Band behaved like.

No, you don't need a location access to conect devices.

I use many bluetooth devices: Playstation controllers, JBL sound docks, and so on. Never saw any request access.

Bitpie wallet requires location access because they use the location to generate PIN.


What about the Razor Wallet? You should have been looking at it since it was displaying numbers in a random order known only to the device. You can even see the instructions above "Please Enter New Pin". They are really small, though.

I will try again later, but I am really stuck. I tried everything but I couldn't make the second PIN match. How did you do?
I was looking at the device all the time. But the second pin doesn't match neither the first pin neither the second one I see on the device.
legendary
Activity: 1876
Merit: 3139
Once device was connected to my phone and I run the Bitpie wallet app I received an unexpected request: Bitpie wallet needs to access my location to work, as you can see in the image below:

I might be wrong here, but I think that every Bluetooth device asks for the location access permission. As far as I remember, that's what my Galaxy Watch and Mi Band behaved like.

I really miss some ELI5 (explain like I was 5) instructions now regarding how to create a new wallet. [...] Anyone experienced the same? @HCP? @BitCryptex?

Apparently, I didn't have any problems with the setup because the Razor's software is based on Trezor One which I used for some time.

The keyboard is all "*****" and i couldn't decypher what are the numbers really....

What about the Razor Wallet? You should have been looking at it since it was displaying numbers in a random order known only to the device. You can even see the instructions above "Please Enter New Pin". They are really small, though.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
In January, Bitpie contacted me in this forum, offering me a Razor HD Wallet for free if I made an honest review. I liked the design a lot and I gladly asked for the device.
Due to corona virus crisis, I was able to get my hands on my Razor wallet just a few days ago.

The design is really amazing. I liked to see a seal  in the box, so I was sure nobody opened it in the post office (I really missed that seal in my Ledger Nano).



I really missed step by step instructions to create a new wallet, which can be tricky, so I made this guide.


Step by Step Guide



1 - Download the App
The first thing that you need to do in order to setup your Razor is to download the smartphone app. To download the software I was instructed to go to https://bitpie.com/android where I downloaded the APK file.

Personally I don't really like this procedure, as I prefer to download it straight from google play store, as it is safer.

Once installed, I connected Razor to my mobile phone with Bluetooth.

2 - Plug Razor
Plug your Razor wallet in your laptop (so it could lit up and charge the battery) and then connect it to the smartphone using bluetooth. The cables that came with the device are not compatible with my Samsung A30, so that was the only as far as I know.

3 - Location access
Once device was connected to my phone and I run the Bitpie wallet app I received an unexpected request: Bitpie wallet needs to access my location to work, as you can see in the image below.
After conceding location access you will see Razor wallet in the Bitpie App screen.



4 - Set a PIN
Then, once I authorized the device to access my location I was requested a PIN. I could see the pin on the device screen, but I couldn't type it. The keyboard is all "*****" and i couldn't decypher what are the numbers really.... I really miss some ELI5 (explain like I was 5) instructions now regarding how to create a new wallet.

After a lot of tries, I gave up in about 30 minutes. Thanks to a video BitCryptex showed me, I was able to successful create a new PIN.

As you can see in the image below, you cannot see the numbers in the app. What you have to do is "decypher" the keyboard in the wallet using the keyboard in your Razor, like in the image below. Then you choose a PIN with at least 6 digits. The keyboard will scramble again, when you are asked to repeat the PIN.



5 - Write down the seed words
After you have successfully choose a PIN you will have to note down the seed words in the sheet paper provided. Easy step, just note down the 12, 18 or 24 words.

6 - Sign the message to complete device sync
To complete the sync, just click "O" in the device to sign the message and complete synchronization process.





Strong points:
  • Device design is amazing. The most beautiful Hardware wallet I have ever seen
  • Good mobile App
  • Box came sealed, which is amazing and gives a nice comfort for new users.


Points that could be improved:

  • Instructions. The lack of instructions almost made me gave up. If it was not for Bitcryptex suggestions, I would have.
  • No need for location access. There should be an option to make the application work without location access, even if it consumes more battery.
  • Lack of Desktop App. Should really have one. I would really want ELECTRUM compatibility. If it already has, please put a BIG note in the website/instructions.


Review:
Overall a nice hardware wallet which I would certainly recommend.
Jump to: