Pages:
Author

Topic: DIY Bowser Hardware Wallet (Read 603 times)

legendary
Activity: 2212
Merit: 7064
January 03, 2023, 08:49:04 AM
#27
I think the Bowser wallet is a neat project, but should only store small amounts of bitcoin, if any. Have you tried flashing the AWS one? I don't think it works
No I didn't and sadly I don't have AWS M5Stack device to test it out.
Bowser is just a fun little project and there are much better DIY devices that exist today, like SeedSigner, Krux and other stuff made with RapsberryPi Zero devices and Trezor code.
I am following all open source hardware wallets and signing devices that exist in one of my topic, so anything new and interesting that comes out will be posted there:
https://bitcointalksearch.org/topic/list-open-source-hardware-wallets-5288971
newbie
Activity: 11
Merit: 2
January 02, 2023, 10:17:55 PM
#26
I just ordered one and I'll keep yall updated on how the build process goes.  Cool

I hope you opted for M5Stack Core2 ESP32 AWS Development Kit with built in Secure Element.
It costs couple of dollars more than regular M5Stack but it is superior in many ways, with built in encrypted chip ATECC608 that makes it safer, touch screen, almost five stronger and better battery, longer type-C USB cable, and size is almost the same as basic M5STack.
Only problem is they run out of stock very quickly so you need to be fast when ordering Smiley

I think the Bowser wallet is a neat project, but should only store small amounts of bitcoin, if any. Have you tried flashing the AWS one? I don't think it works



That's cool! I wanted to get an M5Stack anyway to play around with. A question about the secure chip: does the firmware actually recognize it is running on a M5 with secure chip & use it or is it not used? I mean, if it's not implemented, then having it on the PCB won't help.. Grin
M5Stacks are a great little devices and sometimes you can find them on discount deals for very cheap.
Secure element is used for sure and it should be recognized, if you watch the video on their product page you will see that it is used for encryption.
Interesting; I had no time yet, just read the README and it says:
Quote from:
the mnemonic is stored in an accessible location on the device
...
the wallet details are only pseudo-secure on the device

Maybe it's old info from before they supported this secure element, or maybe there's another reason that somehow makes the seed accessible, even though it's secured on a secure chip. A clarification would be helpful. Grin

IIRC the code for the Bowser wallet doesn't support the AWS M5stack device - it only supports the M5stack Basic Core+Fire devices

[moderator's note: consecutive posts merged]
hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
February 21, 2022, 12:10:20 PM
#25
That's cool! I wanted to get an M5Stack anyway to play around with. A question about the secure chip: does the firmware actually recognize it is running on a M5 with secure chip & use it or is it not used? I mean, if it's not implemented, then having it on the PCB won't help.. Grin
M5Stacks are a great little devices and sometimes you can find them on discount deals for very cheap.
Secure element is used for sure and it should be recognized, if you watch the video on their product page you will see that it is used for encryption.
Interesting; I had no time yet, just read the README and it says:
Quote from:
the mnemonic is stored in an accessible location on the device
...
the wallet details are only pseudo-secure on the device

Maybe it's old info from before they supported this secure element, or maybe there's another reason that somehow makes the seed accessible, even though it's secured on a secure chip. A clarification would be helpful. Grin
legendary
Activity: 2212
Merit: 7064
February 19, 2022, 08:28:11 AM
#24
That's cool! I wanted to get an M5Stack anyway to play around with. A question about the secure chip: does the firmware actually recognize it is running on a M5 with secure chip & use it or is it not used? I mean, if it's not implemented, then having it on the PCB won't help.. Grin
M5Stacks are a great little devices and sometimes you can find them on discount deals for very cheap.
Secure element is used for sure and it should be recognized, if you watch the video on their product page you will see that it is used for encryption.
I never ordered this exact model so I didn't test it myself how it works in real life or as a hardware wallet, but you can contact their support team for more information.
I know that creator of Bowser wallet and LNURLPoS (arcbtc), is very active so you can also ask him if he can help you with this.




hero member
Activity: 882
Merit: 5834
not your keys, not your coins!
February 19, 2022, 06:59:05 AM
#23

https://m5stack.com/collections/m5-core/products/m5stack-core2-esp32-iot-development-kit-for-aws-iot-edukit?variant=37687799251116

Getting back on this topic with one small update as I recently found a similar M5Stack Core2 ESP32 AWS Development Kit that has built in Secure Element Microchip ATECC608A Trust&GO, and that is same secure chip used in other hardware wallets like ColdCard mk3, Bitbox02 and Passport.
This device also has a touch screen, card slot, built-in 500mAh Lithium and it can be found for nice price around $40
That's cool! I wanted to get an M5Stack anyway to play around with. A question about the secure chip: does the firmware actually recognize it is running on a M5 with secure chip & use it or is it not used? I mean, if it's not implemented, then having it on the PCB won't help.. Grin
newbie
Activity: 21
Merit: 34
February 17, 2022, 04:12:56 PM
#22
That's a nice game wallet !  Grin
jr. member
Activity: 36
Merit: 35
February 04, 2021, 12:31:01 PM
#21
I hope you opted for M5Stack Core2 ESP32 AWS Development Kit with built in Secure Element.
It costs couple of dollars more than regular M5Stack but it is superior in many ways, with built in encrypted chip ATECC608 that makes it safer, touch screen, almost five stronger and better battery, longer type-C USB cable, and size is almost the same as basic M5STack.
Only problem is they run out of stock very quickly so you need to be fast when ordering Smiley
Welp. Time to cancel that order  Embarrassed . Thanks for the heads up though, Ill just wait till they become on the website that you linked instead of settling for any m5Stack. Thanks again.  Smiley
legendary
Activity: 2212
Merit: 7064
February 03, 2021, 04:21:15 AM
#20
I just ordered one and I'll keep yall updated on how the build process goes.  Cool

I hope you opted for M5Stack Core2 ESP32 AWS Development Kit with built in Secure Element.
It costs couple of dollars more than regular M5Stack but it is superior in many ways, with built in encrypted chip ATECC608 that makes it safer, touch screen, almost five stronger and better battery, longer type-C USB cable, and size is almost the same as basic M5STack.
Only problem is they run out of stock very quickly so you need to be fast when ordering Smiley
jr. member
Activity: 36
Merit: 35
February 02, 2021, 01:58:55 PM
#19
I just ordered one and I'll keep yall updated on how the build process goes.  Cool
legendary
Activity: 2212
Merit: 7064
December 29, 2020, 12:08:55 PM
#18

https://m5stack.com/collections/m5-core/products/m5stack-core2-esp32-iot-development-kit-for-aws-iot-edukit?variant=37687799251116

Getting back on this topic with one small update as I recently found a similar M5Stack Core2 ESP32 AWS Development Kit that has built in Secure Element Microchip ATECC608A Trust&GO, and that is same secure chip used in other hardware wallets like ColdCard mk3, Bitbox02 and Passport.
This device also has a touch screen, card slot, built-in 500mAh Lithium and it can be found for nice price around $40
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
November 22, 2020, 12:32:44 PM
#17
I am not aware of any case/vulnerability where the device leaks customer information. What kind of information are you referring to?
The website definitely is horrible, just as most of the websites on the internet. Browsing without ad blocker and a javascript blocker is almost a no-go nowadays.
I think he's referring to the case where someone leaked Ledger's database with the customer's information.

Let's stop with the name-calling and the arguments on the terminology shall we? Hardware wallets are synonymous with the devices specifically used to store Bitcoin priv keys securely so I guess it's reasonable to be more careful with the naming. I don't think the disputes on this would be solved through this anyways.  Appreciate that OP did put a disclaimer at the bottom of the topic.

IMO, it can be considered a HW wallet in a sense since it does provide some level of security against specific attacks and it is specially built for the purpose of storing Bitcoins but other than the risk of side channel attacks and the obvious limitations of DIY, I think it's still fairly safe for newbies to use. They should have some level of competency with Bitcoin if they're planning to embark on such a project. It's a pretty neat project, love to have a closer look at that though, will have to do so when I have some free time next week or so.
legendary
Activity: 1624
Merit: 2481
November 22, 2020, 11:57:38 AM
#16
Again I say - paper is not a hardware, even kids know this, and those definitions are freely available on internet, and I didn't write any of them.

Then, why do you use them if they don't make any sense?
Either way.. i guess that's not that relevant.


I also don't think ledger is secure hardware wallet also, it is closed source and it is proven unsafe device leaking customer information, with website full of ads and trackers, and I have proof for that.

I am not aware of any case/vulnerability where the device leaks customer information. What kind of information are you referring to?
The website definitely is horrible, just as most of the websites on the internet. Browsing without ad blocker and a javascript blocker is almost a no-go nowadays.
legendary
Activity: 2212
Merit: 7064
November 22, 2020, 09:30:43 AM
#15
And one of your "definitions" would mean a paper wallet also is a hardware wallet.

Again I say - paper is not a hardware, even kids know this, and those definitions are freely available on internet, and I didn't write any of them.

I also don't think ledger is secure hardware wallet also, it is closed source and it is proven unsafe device leaking customer information, with website full of ads and trackers, and I have proof for that.

Thank you for your feedback.
legendary
Activity: 1624
Merit: 2481
November 22, 2020, 07:31:58 AM
#14
Don't get me wrong, a hardware wallet is a really nice combo of security and ease of use, but is it the safest way to store your coins? I think not.

Definitely not, i agree with you.

An air-gapped cold wallet always is more secure than a hardware wallet. Given that no blunders are made.
The attack surface of a hardware wallet used with an online PC is always higher.

A hardware wallet also isn't mean for most secure storage. It should be seen as a convenient way to store coins securely. Like a trade-off between security and usability.
These are a good alternative for people either 1) not techy enough to properly generate and maintain a cold storage or 2) don't have time / want more easy of use when using BTC.
legendary
Activity: 1526
Merit: 1359
November 21, 2020, 02:39:44 PM
#13
...
Either way, this project simply is an air-gapped wallet on a small device. No hardware security. Take it or leave it.

In part I agree with you. But also because I have some background in corporate information security, I think a properly airgapped and encrypted cold storage device is safer than any hardware wallet. I'm not talking explicitly about this device here (I haven't had a chance to explore all of its technical data in detail yet) but in general. Don't get me wrong, a hardware wallet is a really nice combo of security and ease of use, but is it the safest way to store your coins? I think not.
legendary
Activity: 1624
Merit: 2481
November 21, 2020, 10:26:16 AM
#12
I think we're stuck with semantics here. How do you define what the 'hardware wallet' is? Does every hardware wallet have a secure element? I don't think so.

Each hardware wallet does have hardware security to protect private keys.
Some have a secure element, others a crypto co-processor. But some hardware security is required.



In my humble opinion, this DIY project can be described as a hardware which can be used as a wallet.

That's absolutely true.
But this also applies to my online mobile wallet. It is a hardware used as a wallet.

Obviously, it is all the time online. But even if it would stay completely air-gapped, it would be an air-gapped (cold) wallet, but still not a hardware wallet even tho it "is hardware" (every software runs on hardware).



I showed you multiple definitions of Hardware Wallets [...]

Yes.
And one of your "definitions" would mean a paper wallet also is a hardware wallet.
And another of your "definitions" would automatically deem that project to not be a hardware wallet. Both of them are wrong, to say at least.

Either way, this project simply is an air-gapped wallet on a small device. No hardware security. Take it or leave it.

I appreciate that you try to find new forms of storage, but you obviously do not possess the technical competence to estimate how secure a given storage method is.
legendary
Activity: 2212
Merit: 7064
November 21, 2020, 06:41:33 AM
#11
But this, by definition, is not a hardware wallet.

I showed you multiple definitions of Hardware Wallets and there is not a single word about secure element to define Hardware Wallet, but you can write your own or propose change on Wikipedia and see how it goes.
None of the first hardware wallet prototypes had any secure elements, and you should think how secure exactly are those closed source secure elements with closed source wallets.
If some random person say shit is safe.... it is still shit.

I think we're stuck with semantics here. How do you define what the 'hardware wallet' is? Does every hardware wallet have a secure element? I don't think so.
In my humble opinion, this DIY project can be described as a hardware which can be used as a wallet. Is it a safer than the real hardware wallet? Of course it's not.
Yeah, I think spongebob just needs to write something, and he is very stubborn bur smart person so he created his own definition of hardware wallet  Cheesy

I even said myself that DIY Bowser Hardware Wallet is less secure than regular hardware wallets, and it is not for everyone.
legendary
Activity: 1526
Merit: 1359
November 21, 2020, 06:36:35 AM
#10
This project simply is an offline storage on a small dedicated device. One could achieve the same on an old mobile, a laptop or any mini computer.
Not saying this is bad. But this, by definition, is not a hardware wallet.

I think we're stuck with semantics here. How do you define what the 'hardware wallet' is? Does every hardware wallet have a secure element? I don't think so.
In my humble opinion, this DIY project can be described as a hardware which can be used as a wallet. Is it a safer than the real hardware wallet? Of course it's not.
legendary
Activity: 1624
Merit: 2481
November 21, 2020, 05:47:07 AM
#9
Creators of Bowser are calling it diy hardware wallet, so it is diy hardware wallet,

Just because some random person is claiming some shit is gold.. it still stays shit.



What about Ledger HW1 is that Hardware Wallet or piece of shit USB and why they called it Hardware wallet?

The HW1 is a relatively bad hardware wallet, but it utilizes hardware security mechanisms by using a secure element.



One more definition for hardware wallet from 2019:

Quote
[...] Your all-important private keys are maintained in a secure offline environment on the hardware wallet, fully protected even should the device be plugged into a malware-infected computer.

And this already does not apply to your so-called "diy hardware wallet".
If you plug in that device into an malware infected computer, it becomes compromised. This is not the case with real hardware wallets.

This project simply is an offline storage on a small dedicated device. One could achieve the same on an old mobile, a laptop or any mini computer.
Not saying this is bad. But this, by definition, is not a hardware wallet.
legendary
Activity: 1526
Merit: 1359
November 20, 2020, 04:11:45 PM
#8
I don't know, I kinda like this idea. Of course, this is a DIY project for enthusiasts and not a competition to stock hardware wallets. I am sure that this wallet won't win the beauty contest nor will it be the safest wallet on the market. But anyone who has spent significant time creating something with their hands will appreciate this.
If we all felt that if a ready-made product could be purchased in a supermarket, it was not worthwhile to create anything, there would be no advancement in technology at all and the whole industry would stagnate. Engineers and programmers have created new technologies through collaboration since the early beginnings of computers. Knowledge needs to be spread, and collaborative creativity benefits the entire society.

Pages:
Jump to: