Cleaning up the thread a bit. Putting all the firmware update posts I have made for a while into 1 big post.
You can always get the latest at
https://coldcardwallet.com/docs/upgrade <-- Remember don't just trust my links verify for yourself.I just figure having 1 thread with all the updates on it will make it a bit easier for people to know what changed when.
Latest update on the bottom.
Some dates go back to 2019.
2.0.4 came out on May 13th
From ColdCard:
Release Notes (v2.0.3 – 2.0.4)
Transaction signing speed improved by about 3X.
Will warn if miner's fee is over 5% of txn amount (was 1% before). Hard limit remains 10% (configurable, can be disabled completely).
Robustness: Tighten stack-depth checking, increase heap size, shuffle some memory.
Bugfix: Transactions with more than 10 outputs were not summarized correctly.
Bugfix: Consolidating transactions that move UTXO within same wallet are shown better.
Bugfix: Better recovery from too-complex transaction errors.
"Don't forget your PIN" warning message is more bold now.
(in 2.0.4) Bugfix: Clearing duress PIN would lead to a error screen.
(in 2.0.4) Bugfix: Advanced > "Lock Down Seed" command didn't work correctly.
(in 2.0.4) Bugfix: Importing seed words manually didn't work on second try (thanks @duck1123)
-Dave
Firmware v2.1 is out
https://coldcardwallet.com/docs/upgrade2019-06-26T1317-v2.1.0-coldcard.dfu released June 26, 2019.
Major release with Multisig support!
New menu under: Settings > Multisig Wallets
Lists all imported M-of-N wallets already setup
Export, import for air-gapped creation
Related settings and more
Broad change: extended public key finger (XFP) values used to be shown in the wrong endian (byte swapped), and prefixed with 0x to indicate they were a number. In fact, they are a byte string and should be shown in network order. Everywhere you might be used to seeing your XFP value has been switched, so 0x0f056943 becomes 4369050F (all caps, no 0x prefix). Affected areas include:
BIP39 password confirmation screen
Advanced > View Identity screen
Electrum skeleton wallet export (label of wallet)
Dump public data file (text in file header)
xfp command in ckcc CLI helper (can show opposite endian, if needed)
Export skeleton wallets for Wasabi Wallet
https://wasabiwallet.io/ to support air-gapped use.
Summary file (public.txt) has been reworked to include more XPUB values and a warning about using addresses your blockchain-monitoring wallet might not be ready for.
When BIP39 passphrase is given over USB, and approved, the new XFP is shown on-screen for reference.
Use with Electrum will require our updated plugin changes.
-Dave
2.1.1 came out a few weeks ago.
https://coldcardwallet.com/docs/upgrade Major release with Multisig support!
New menu under: Settings > Multisig Wallets
Lists all imported M-of-N wallets already setup
Export, import for air-gapped creation
Related settings and more
Broad change: extended public key finger (XFP) values used to be shown in the wrong endian (byte swapped), and prefixed with 0x to indicate they were a number. In fact, they are a byte string and should be shown in network order. Everywhere you might be used to seeing your XFP value has been switched, so 0x0f056943 becomes 4369050F (all caps, no 0x prefix). Affected areas include:
BIP39 password confirmation screen
Advanced > View Identity screen
Electrum skeleton wallet export (label of wallet)
Dump public data file (text in file header)
xfp command in ckcc CLI helper (can show opposite endian, if needed)
v2.1.1: New feature: Create seed words from D6 dice rolls:
under "Import Existing > Dice Rolls"
just keep pressing 1 - 6 as you roll. At least 99 rolls are required for 256-bit security
seed is sha256(over all rolls, as ascii string)
normal seed words are shown so you can write those down instead of the rolls
can also "mix in" dice rolls: after Coldcard picks the seed words and shows them, press 4 and you can then do some dice rolls (as many or as few as desired) and get a new set of words, which adds those rolls as additional entropy.
Export skeleton wallets for Wasabi Wallet
https://wasabiwallet.io/ to support air-gapped use.
Summary file (public.txt) has been reworked to include more XPUB values and a warning about using addresses your blockchain-monitoring wallet might not be ready for.
When BIP39 passphrase is given over USB, and approved, the new XFP is shown on-screen for reference.
v2.1.1: Wasabi wallet support: remove extra info from skeleton file, change XFP endian, add version field.
Use with Electrum will require our updated plugin changes.
Older releases and their changes are listed here, the source code, and much more be found in our repository on github.
Version 2.1.2 released today.
https://coldcardwallet.com/docs/upgradeAll new firmware since 2.1 have multisig support.
https://coldcardwallet.com/docs/multisigAll changes in 2.1.2
Add extra warning screen added about forgetting your PIN.
Remove warning screen about Testnet vs Mainnet.
Bugfix: Change for XFP endian display introduced in 2.0.0 didn't actually correct endian display and it was still showing values in LE32. Correctly corrected now.
now showing both values in "Advanced > View Identity screen".
some matching changes to ckcc-protocol (CLI tool)
when making multisig wallets in airgap mode, you must use latest firmware on all the units
Bugfix: Error messages would sometimes disappear off the screen quickly. Now they stay up until OK pressed. Text of certain messages also improved.
Bugfix: Show a nicer message when given a PSBT with corrupted UTXO values.
Bugfix: Block access to multisig menu when no seed phrase yet defined.
Bugfix: Any command on multisig menu that used the MicroSD card would crash, if card was not present.
Bugfix: When offline multisig signing sometimes tried to finalize PSBT, but we can't.
Bugfix: For multi-pass-multisig signing, handle filenames better (end in -part, not -signed).
-Dave
Version 2.1.2 released today.
https://coldcardwallet.com/docs/upgradeAll new firmware since 2.1 have multisig support.
https://coldcardwallet.com/docs/multisigAll changes in 2.1.2
Add extra warning screen added about forgetting your PIN.
Remove warning screen about Testnet vs Mainnet.
Bugfix: Change for XFP endian display introduced in 2.0.0 didn't actually correct endian display and it was still showing values in LE32. Correctly corrected now.
now showing both values in "Advanced > View Identity screen".
some matching changes to ckcc-protocol (CLI tool)
when making multisig wallets in airgap mode, you must use latest firmware on all the units
Bugfix: Error messages would sometimes disappear off the screen quickly. Now they stay up until OK pressed. Text of certain messages also improved.
Bugfix: Show a nicer message when given a PSBT with corrupted UTXO values.
Bugfix: Block access to multisig menu when no seed phrase yet defined.
Bugfix: Any command on multisig menu that used the MicroSD card would crash, if card was not present.
Bugfix: When offline multisig signing sometimes tried to finalize PSBT, but we can't.
Bugfix: For multi-pass-multisig signing, handle filenames better (end in -part, not -signed).
-Dave
Version 2.1.3 was released Sep 6, 2019.
This is why I love my ColdCard, they keep working on it, releasing new features and fixes.
Not letting it sit out there like some other wallets.
-Dave
Major release with Multisig support!
New menu under: Settings > Multisig Wallets
Lists all imported M-of-N wallets already setup
Export, import for air-gapped creation
Related settings and more
Broad change: extended public key finger (XFP) values used to be shown in the wrong endian (byte swapped), and prefixed with 0x to indicate they were a number. In fact, they are a byte string and should be shown in network order. Everywhere you might be used to seeing your XFP value has been switched, so 0x0f056943 becomes 4369050F (all caps, no 0x prefix). Affected areas include:
BIP39 password confirmation screen
Advanced > View Identity screen
Electrum skeleton wallet export (label of wallet)
Dump public data file (text in file header)
xfp command in ckcc CLI helper (can show opposite endian, if needed)
New feature: Create seed words from D6 dice rolls (v2.1.1):
under "Import Existing > Dice Rolls"
just keep pressing 1 - 6 as you roll. At least 99 rolls are required for 256-bit security
seed is sha256(over all rolls, as ascii string)
normal seed words are shown so you can write those down instead of the rolls
can also "mix in" dice rolls: after Coldcard picks the seed words and shows them, press 4 and you can then do some dice rolls (as many or as few as desired) and get a new set of words, which adds those rolls as additional entropy.
Export skeleton wallets for Wasabi Wallet https://wasabiwallet.io/ to support air-gapped use.
Summary file (public.txt) has been reworked to include more XPUB values and a warning about using addresses your blockchain-monitoring wallet might not be ready for.
When BIP39 passphrase is given over USB, and approved, the new XFP is shown on-screen for reference.
Use with Electrum will require our updated plugin changes.
Changes in version 2.1.3:
Visual change: unknown components of multsig co-signer derivation paths used to be shown as m/?/?/0/1 but will now be shown as m/_/_/0/1. The blank indicates better that we can't prove what is in that spot, not that we don't know what value is claimed.
Bugfix: Some backup files would hit an error during restore (random, less than 6%). Those existing backup files will be read correctly by this new version of firmware.
Bugfix: P2SH-P2WPKH change outputs incorrectly flagged as fraudulent (regression from v1.1.0)
Bugfix: Wanted redeem script, but should be witness script for P2WSH change outputs.
2.1.5 came out the 17-September-2019
There was also a 2.1.4 that was released just after 2.1.3 to fix a small bug
https://coldcardwallet.com/docs/upgradeChanges in version 2.1.5:
Bugfix: Changes to redeem vs. witness script content in PSBTs. Affects multisig change outputs, primarily.
Bugfix: Import of multisig wallet from xpubs in PSBT could fail if attempted from SD Card.
Bugfix: Improved message shown if import of multsig wallet was refused during PSBT signing.
Changes in version 2.1.4:
Bugfix: For multisig change outputs, many cases were incorrected flagged as fraudulent.
This is why everyone should use a coldcard, they keep working on it with regular updates.
It does not just sit there in limbo with no development.
-Dave
New firmware came out yesterday 2.1.6:
https://coldcardwallet.com/docs/upgradeChanges in version 2.1.6:
NEW for 2.1.6: "Address Explorer": view receive addresses on the screen of the Coldcard, so you can be certain your funds are going to the right place. Can also write first 250 addresses onto the SDCard in a simple text (CSV) format. Special thanks go to @hodlwave for creating this feature.
NEW: "Address Explorer" feature (see above)
Bugfix: Improve error message shown when depth of XPUB of multisig cosigner conflicts with path details provided in PSBT or USB 'show address' command.
Bugfix: When we don't know derivation paths for a multisig wallet, or when all do not share a common path-prefix, don't show anything.
Just did a test myself with the write receive address to the SD card and it worked.
So that is a cool new feature. Not really sure how many people will use it.
Was thinking creating jpgs with QR codes might be nice. Not sure if it can be done with the hardware.
-Dave
New firmware out as of 1-Nov-2019
Instructions and link to firmware are at
https://coldcardwallet.com/docs/upgrade as always.
Version 3.0.2 - Nov 1, 2019
New command in Danger Zone menu to view the seed words on-screen, so you can make another on-paper backup as needed.
Robustness: Analyse paths used for change outputs and show a warning if they are not similar in structure to the inputs of that same transaction. These are imperfect heuristics and if you receive a false positive, or are doing weird things that don't suit the rules below, please send an example PSBT to support and we'll see if we can handle it better:
same derivation path length
shared pattern of hardened/not path components
2nd-last position is one or zero (change/not change convention)
last position within 200 units of highest value observed on inputs
Robustness: Improve checking on key path derivations when we encounter them as text.
accept 10h and 10p as if they are 10' (alternative syntax)
define a max depth (12) for all derivations
thanks to @TheCharlatan
Security Improvement: during secure logout, wipe entire contents of serial flash, which might contain PSBT, signed or unsigned (for more privacy, deniability)
-Dave
New firmware out as of 1-Nov-2019
Instructions and link to firmware are at
https://coldcardwallet.com/docs/upgrade as always.
Version 3.0.2 - Nov 1, 2019
New command in Danger Zone menu to view the seed words on-screen, so you can make another on-paper backup as needed.
Robustness: Analyse paths used for change outputs and show a warning if they are not similar in structure to the inputs of that same transaction. These are imperfect heuristics and if you receive a false positive, or are doing weird things that don't suit the rules below, please send an example PSBT to support and we'll see if we can handle it better:
same derivation path length
shared pattern of hardened/not path components
2nd-last position is one or zero (change/not change convention)
last position within 200 units of highest value observed on inputs
Robustness: Improve checking on key path derivations when we encounter them as text.
accept 10h and 10p as if they are 10' (alternative syntax)
define a max depth (12) for all derivations
thanks to @TheCharlatan
Security Improvement: during secure logout, wipe entire contents of serial flash, which might contain PSBT, signed or unsigned (for more privacy, deniability)
-Dave
And another new version yesterday:
Login Countdown looks interesting.
As always available here:
https://coldcardwallet.com/docs/upgradeVersion 3.0.3 - Nov 6, 2019
Add "Login Countdown" feature: once enabled, you must enter you PIN correctly, and then wait out a forced delay (of minutes/hours/days) while a count down is shown on-screen. Then enter your PIN correctly, a second time, to get in. You must provide continuous power to the Coldcard during this entire period! Go to Settings > "Login Countdown" for the time intervals to pick from. Thanks to @JurrienSaelens for this feature suggestion.
Nickname feature: Enter a short text name for your personal Coldcard. It's displayed at startup time before PIN is entered. Try it out in Settings > "Set Nickname"
Bugfix: Adding a second signature (multisig) onto a PSBT already signed by a different Coldcard could fail with "psbt.py:351" error.
-Dave
Version 3.0.5 out today 25-Nov-2019
As always available here:
https://coldcardwallet.com/docs/upgradeAnother great feature PAPER WALLETS that are
unrelated to your seed wordsThink about that you know you want one.
Going to be playing with that a lot over Thanksgiving.
Address explorer can show QR code for any address (Mk3 only). Press 4 to view. Once shown, press 1 to invert image, and 5/8 for next address. Successful scanning requires the best phone camera, and some patience, due to limited screen size.
Export a command file for Bitcoin Core to create an air-gapped, watch-only wallet. Requires v0.18 or higher of Bitcoin Core. docs/bitcoin-core-usage.md has been updated. Thanks to @Sjors for creating this new feature!
Paper Wallets! Creates random private key (Dice feature available too), unrelated to your seed words, and saves deposit address and private key (WIF format) into a text file on MicroSD. If you have a Mk3, it will also add a QR code inside the text file, and if you provide a special PDF-like template file (example in paperwallet.pdf) then it will superimpose the QR codes into the template, and save the resulting ready-to-print PDF to MicroSD. CAUTION: Paper wallets carry MANY RISKS and should only be used for SMALL AMOUNTS.
Adds a "Format Card" command for erasing MicroSD contents and reformatting (FAT32).
Bugfix: Idle-timeout setting should only take effect after the login countdown. Thanks to @aoeui21 for reporting this.
There is a new firmware out as of the 19th.
https://coldcardwallet.com/docs/upgrade Version 3.0.6
Security Bugfix: Fixed a multisig PSBT-tampering issue, that could allow a MitM to steal funds. Please upgrade ASAP.The usual other changes:
Enhancement: Sign a text file from MicroSD. Input file must have extension .TXT and contain a single line of text. Signing key subpath can also provided on the second line.
Enhancement: Now shows the change outputs of the transaction during signing process. This additional data can be ignored, but it is useful for those who wish to verify all parts of the new transaction.
Enhancement: PSBT files on MicroSD can now be provided in base64 or hex encodings. Resulting (signed) PSBT will be written in same encoding as the input PSBT.
Bugfix: crashed on entry into the Address Explorer (some users, sometimes).
Bugfix: add blank line between addresses shown if sending to multiple destinations.
Bugfix: multisig outputs were not checked to see if they are change (would have been shown as regular outputs), if the PSBT did not have XPUB data in globals section.
-Dave
There is a new firmware out as of 20-Feb
Something they have at the bottom but should be listed 1st:
IMPORTANT: This release is NOT COMPATIBLE with Mk1 hardware. It will brick Mk1 Coldcards.
A few other updates and additions:
HSM (Hardware Security Module) mode: give Coldcard spending rules, including whitelisted addresses, velocity limits, subsets of authorizing users ... and Coldcard can sign with no human present. Requires companion software to setup (ckbunker or ckcc-protocol), and disabled by default, with multi-step on-screen confirmation required to enable. Mk3 only.
Enhancement: New "user management" menu. Advanced > User Management shows a menu with usernames, some details and a 'delete user' command. USB commands must be used to create user accounts and they are only used to authenticate txn approvals in HSM mode.
Dropping support for the 1st gen and adding a feature that only works on the 3rd gen is not cool IMO, but I understand that hardware evolves and sometimes has to be replaced.
On the vert very slight chance there is a security issue in the 1st gens that comes out it's going to be interesting to see their reaction.
Will they fix it or will they just say get a new one?
-Dave
Another update as of today 27-Feb-2020:
Version 3.1.2 - Feb 27, 2020
Enhancement: New setting to enable a scrambled numeric keypad during PIN login.
Enhancement: Press 4 when viewing a payment address (triggered by USB command) to see the QR code on-screen (Mk3 only).
Enhancement: Can enter non-zero account numbers when exporting wallet files for Electrum and Bitcoin Core. This makes importing seeds from other systems easier and safer.
Enhancement: Dims the display when entering HSM Mode.
Bugfix: Trust PSBT setting (for multisig wallets) was being ignored. Thanks to @CasaHODL for reporting this.
Bugfix: XPUB values volunteered in the global section of a PSBT for single-signer files would cause errors (but ok in multisig). Coldcard will now handle this, although it doesn't need them.
Bugfix: 3.1.1 had a bug which broke the new "non-zero account export" feature.
Since the Mk1 are no longer supported if you contact them at
[email protected] with your original Coinkite order ID they are offering 25% off a new one.
I feel it should be more but that's just me.
-Dave
The I am talking to myself in this thread post about new firmware.
Version 3.1.3 is now out.
https://coldcardwallet.com/docs/upgrade <-- Remember don't just trust my links verify for yourself.
Version 3.1.3 - April 30, 2020
Enhancement: Save your BIP39 passphrases, encrypted, onto a specific SDCard, if desired. Passphrases are encrypted with AES-256 (CTR mode) using a key derived from the master secret and hash of the serial number of the SDCard. You cannot copy the file to another card. To use this feature, press (1) after you've successfully entered your passphrase. 'Restore Saved' menu item will appear at top of passphrase-entry menu, when correctly-encrypted file is detected.
Enhancement: Export a generic JSON skeleton file, not aligned with any particular desktop/mobile wallet, but useful for any such integrations. Includes XPUB (and associated data) needed for P2PKH, P2WPKH (segwit) and P2WPKH-P2SH wallets, which conform to BIP44, BIP84, and BIP49 respectively. Thanks to @craigraw the idea.
Enhancement: when signing a text file from MicroSD card, if you specify a derivation path that starts with m/84'/... indicating that you are following BIP84 for segwit addresses, the resulting signature will be formatted as P2WPKH in Bech32.
Minor code cleanups and optimizations.
Looks like some minor stuff, but they keep developing and updating unlike some other hardware wallet people.
And remember V1 hardware is no longer supported
Stay safe.
-Dave
And the latest one:
Current Version of Coldcard Firmware — Version 3.1.5
2020-06-13T1928-v3.1.5-coldcard.dfu released June 13, 2020.
NOTE: Releases 3.1.0 and later are NOT COMPATIBLE with Mk1 hardware. They will brick Mk1 Coldcards.
https://coldcardwallet.com/docs/upgrade <-- Remember don't just trust my links verify for yourself.
Version 3.1.5 - June 13, 2020
Enhancement: Detect, report and block the recently reported type of attack against BIP-143 (replay of segwit inputs) with an error message. No changes needed to your input PBST files. Will show errors similar to: "Input#0: Expected 15 but PSBT claims 5.00001 BTC"
Enhancement: When the Coldcard is finalizing the transaction, we show the TXID (hex transaction ID) of the transaction on the screen.
Enhancement: Export deterministically-derived entropy in the form of seed phrases (BIP39), XPRV, private key (WIF), or hex digits using new BIP-85 standard. Useful for seeding other wallets from your Coldcard, so you don't need to backup "yet another" seed phrase. Derived values (all types) can be easly recreated from Coldcard later, or the backup of the Coldcard. Does not expose the Coldcard's master secret, should new wallet be compromised.
Bugfix: When scrambled keypad used with the login delay feature, the PIN-entry sequence was not scrambled after the forced delay was complete. Thanks to an anon customer for reporting this.
Bugfix: Scrambled keypad didn't change between PIN prefix and suffix.
Enhancement: QR Code rendering improved. Should be more readable in more cases. Faster.
Enhancement: View percent consumed of the settings flash space (just for debug)
Enhancement: New command to clear the UTXO history, in rare case of false positive.
(v3.1.5) Bugfix: Signing PSBT with finalization from MicroSD card, did not work. Error about "HexWriter" was shown.
Surely it doesn't actually increase security in anyway? I mean, if someone has your PIN, they have your PIN... making them wait an extra few minutes doesn't change that fact... Is it meant to allow you time to restore your wallet/move the funds in the case that the device is stolen? Surely, a (decent) BIP39 passphrase achieves the same thing? 
