DIY Bowser Hardware Wallet | Bitcointalksearch.org

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: kkdao on January 02, 2023, 10:17:55 PM

I think the Bowser wallet is a neat project, but should only store small amounts of bitcoin, if any. Have you tried flashing the AWS one? I don't think it works

No I didn't and sadly I don't have AWS M5Stack device to test it out.
Bowser is just a fun little project and there are much better DIY devices that exist today, like SeedSigner, Krux and other stuff made with RapsberryPi Zero devices and Trezor code.
I am following all open source hardware wallets and signing devices that exist in one of my topic, so anything new and interesting that comes out will be posted there:
https://bitcointalksearch.org/topic/list-open-source-hardware-wallets-5288971

kkdao

newbie

Activity: 11

Merit: 2

Quote from: dkbit98 on February 03, 2021, 04:21:15 AM

Quote from: dgoon on February 02, 2021, 01:58:55 PM

I just ordered one and I'll keep yall updated on how the build process goes. Cool

I hope you opted for M5Stack Core2 ESP32 AWS Development Kit with built in Secure Element.
It costs couple of dollars more than regular M5Stack but it is superior in many ways, with built in encrypted chip ATECC608 that makes it safer, touch screen, almost five stronger and better battery, longer type-C USB cable, and size is almost the same as basic M5STack.
Only problem is they run out of stock very quickly so you need to be fast when ordering

I think the Bowser wallet is a neat project, but should only store small amounts of bitcoin, if any. Have you tried flashing the AWS one? I don't think it works

Quote from: n0nce on February 21, 2022, 12:10:20 PM

Quote from: dkbit98 on February 19, 2022, 08:28:11 AM

Quote from: n0nce on February 19, 2022, 06:59:05 AM

That's cool! I wanted to get an M5Stack anyway to play around with. A question about the secure chip: does the firmware actually recognize it is running on a M5 with secure chip & use it or is it not used? I mean, if it's not implemented, then having it on the PCB won't help.. Grin

M5Stacks are a great little devices and sometimes you can find them on discount deals for very cheap.
Secure element is used for sure and it should be recognized, if you watch the video on their product page you will see that it is used for encryption.

Interesting; I had no time yet, just read the README and it says:

Quote from:

the mnemonic is stored in an accessible location on the device
...
the wallet details are only pseudo-secure on the device

Maybe it's old info from before they supported this secure element, or maybe there's another reason that somehow makes the seed accessible, even though it's secured on a secure chip. A clarification would be helpful. Grin

IIRC the code for the Bowser wallet doesn't support the AWS M5stack device - it only supports the M5stack Basic Core+Fire devices

[moderator's note: consecutive posts merged]

n0nce

hero member

Activity: 882

Merit: 5834

not your keys, not your coins!

Quote from: dkbit98 on February 19, 2022, 08:28:11 AM

Quote from: n0nce on February 19, 2022, 06:59:05 AM

That's cool! I wanted to get an M5Stack anyway to play around with. A question about the secure chip: does the firmware actually recognize it is running on a M5 with secure chip & use it or is it not used? I mean, if it's not implemented, then having it on the PCB won't help.. Grin

M5Stacks are a great little devices and sometimes you can find them on discount deals for very cheap.
Secure element is used for sure and it should be recognized, if you watch the video on their product page you will see that it is used for encryption.

Interesting; I had no time yet, just read the README and it says:

Quote from:

the mnemonic is stored in an accessible location on the device
...
the wallet details are only pseudo-secure on the device

Maybe it's old info from before they supported this secure element, or maybe there's another reason that somehow makes the seed accessible, even though it's secured on a secure chip. A clarification would be helpful. Grin

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: n0nce on February 19, 2022, 06:59:05 AM

That's cool! I wanted to get an M5Stack anyway to play around with. A question about the secure chip: does the firmware actually recognize it is running on a M5 with secure chip & use it or is it not used? I mean, if it's not implemented, then having it on the PCB won't help.. Grin

M5Stacks are a great little devices and sometimes you can find them on discount deals for very cheap.
Secure element is used for sure and it should be recognized, if you watch the video on their product page you will see that it is used for encryption.
I never ordered this exact model so I didn't test it myself how it works in real life or as a hardware wallet, but you can contact their support team for more information.
I know that creator of Bowser wallet and LNURLPoS (arcbtc), is very active so you can also ask him if he can help you with this.

n0nce

hero member

Activity: 882

Merit: 5834

not your keys, not your coins!

Quote from: dkbit98 on December 29, 2020, 12:08:55 PM

https://m5stack.com/collections/m5-core/products/m5stack-core2-esp32-iot-development-kit-for-aws-iot-edukit?variant=37687799251116

Getting back on this topic with one small update as I recently found a similar M5Stack Core2 ESP32 AWS Development Kit that has built in Secure Element Microchip ATECC608A Trust&GO, and that is same secure chip used in other hardware wallets like ColdCard mk3, Bitbox02 and Passport.
This device also has a touch screen, card slot, built-in 500mAh Lithium and it can be found for nice price around $40

That's cool! I wanted to get an M5Stack anyway to play around with. A question about the secure chip: does the firmware actually recognize it is running on a M5 with secure chip & use it or is it not used? I mean, if it's not implemented, then having it on the PCB won't help.. Grin

Psycopyro

newbie

Activity: 21

Merit: 34

That's a nice ~~game~~ wallet ! Grin

dgoon

jr. member

Activity: 36

Merit: 35

Quote from: dkbit98 on February 03, 2021, 04:21:15 AM

I hope you opted for M5Stack Core2 ESP32 AWS Development Kit with built in Secure Element.
It costs couple of dollars more than regular M5Stack but it is superior in many ways, with built in encrypted chip ATECC608 that makes it safer, touch screen, almost five stronger and better battery, longer type-C USB cable, and size is almost the same as basic M5STack.
Only problem is they run out of stock very quickly so you need to be fast when ordering

Welp. Time to cancel that order Embarrassed

. Thanks for the heads up though, Ill just wait till they become on the website that you linked instead of settling for any m5Stack. Thanks again.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: dgoon on February 02, 2021, 01:58:55 PM

I just ordered one and I'll keep yall updated on how the build process goes. Cool

I hope you opted for M5Stack Core2 ESP32 AWS Development Kit with built in Secure Element.
It costs couple of dollars more than regular M5Stack but it is superior in many ways, with built in encrypted chip ATECC608 that makes it safer, touch screen, almost five stronger and better battery, longer type-C USB cable, and size is almost the same as basic M5STack.
Only problem is they run out of stock very quickly so you need to be fast when ordering

dgoon

jr. member

Activity: 36

Merit: 35

I just ordered one and I'll keep yall updated on how the build process goes. Cool

dkbit98

legendary

Activity: 2212

Merit: 7064

https://m5stack.com/collections/m5-core/products/m5stack-core2-esp32-iot-development-kit-for-aws-iot-edukit?variant=37687799251116

Getting back on this topic with one small update as I recently found a similar M5Stack Core2 ESP32 AWS Development Kit that has built in Secure Element Microchip ATECC608A Trust&GO, and that is same secure chip used in other hardware wallets like ColdCard mk3, Bitbox02 and Passport.
This device also has a touch screen, card slot, built-in 500mAh Lithium and it can be found for nice price around $40

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

Quote from: bob123 on November 22, 2020, 11:57:38 AM

I am not aware of any case/vulnerability where the device leaks customer information. What kind of information are you referring to?
The website definitely is horrible, just as most of the websites on the internet. Browsing without ad blocker and a javascript blocker is almost a no-go nowadays.

I think he's referring to the case where someone leaked Ledger's database with the customer's information.

Let's stop with the name-calling and the arguments on the terminology shall we? Hardware wallets are synonymous with the devices specifically used to store Bitcoin priv keys securely so I guess it's reasonable to be more careful with the naming. I don't think the disputes on this would be solved through this anyways. Appreciate that OP did put a disclaimer at the bottom of the topic.

IMO, it can be considered a HW wallet in a sense since it does provide some level of security against specific attacks and it is specially built for the purpose of storing Bitcoins but other than the risk of side channel attacks and the obvious limitations of DIY, I think it's still fairly safe for newbies to use. They should have some level of competency with Bitcoin if they're planning to embark on such a project. It's a pretty neat project, love to have a closer look at that though, will have to do so when I have some free time next week or so.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: dkbit98 on November 22, 2020, 09:30:43 AM

Again I say - paper is not a hardware, even kids know this, and those definitions are freely available on internet, and I didn't write any of them.

Then, why do you use them if they don't make any sense?
Either way.. i guess that's not that relevant.

Quote from: dkbit98 on November 22, 2020, 09:30:43 AM

I also don't think ledger is secure hardware wallet also, it is closed source and it is proven unsafe device leaking customer information, with website full of ads and trackers, and I have proof for that.

I am not aware of any case/vulnerability where the device leaks customer information. What kind of information are you referring to?
The website definitely is horrible, just as most of the websites on the internet. Browsing without ad blocker and a javascript blocker is almost a no-go nowadays.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: bob123 on November 21, 2020, 10:26:16 AM

And one of your "definitions" would mean a paper wallet also is a hardware wallet.

Again I say - paper is not a hardware, even kids know this, and those definitions are freely available on internet, and I didn't write any of them.

I also don't think ledger is secure hardware wallet also, it is closed source and it is proven unsafe device leaking customer information, with website full of ads and trackers, and I have proof for that.

Thank you for your feedback.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: Stalker22 on November 21, 2020, 02:39:44 PM

Don't get me wrong, a hardware wallet is a really nice combo of security and ease of use, but is it the safest way to store your coins? I think not.

Definitely not, i agree with you.

An air-gapped cold wallet always is more secure than a hardware wallet. Given that no blunders are made.
The attack surface of a hardware wallet used with an online PC is always higher.

A hardware wallet also isn't mean for most secure storage. It should be seen as a convenient way to store coins securely. Like a trade-off between security and usability.
These are a good alternative for people either 1) not techy enough to properly generate and maintain a cold storage or 2) don't have time / want more easy of use when using BTC.

Stalker22

legendary

Activity: 1526

Merit: 1359

Quote from: bob123 on November 21, 2020, 10:26:16 AM

...
Either way, this project simply is an air-gapped wallet on a small device. No hardware security. Take it or leave it.

In part I agree with you. But also because I have some background in corporate information security, I think a properly airgapped and encrypted cold storage device is safer than any hardware wallet. I'm not talking explicitly about this device here (I haven't had a chance to explore all of its technical data in detail yet) but in general. Don't get me wrong, a hardware wallet is a really nice combo of security and ease of use, but is it the safest way to store your coins? I think not.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: Stalker22 on November 21, 2020, 06:36:35 AM

I think we're stuck with semantics here. How do you define what the 'hardware wallet' is? Does every hardware wallet have a secure element? I don't think so.

Each hardware wallet does have hardware security to protect private keys.
Some have a secure element, others a crypto co-processor. But some hardware security is required.

Quote from: Stalker22 on November 21, 2020, 06:36:35 AM

In my humble opinion, this DIY project can be described as a hardware which can be used as a wallet.

That's absolutely true.
But this also applies to my online mobile wallet. It is a hardware used as a wallet.

Obviously, it is all the time online. But even if it would stay completely air-gapped, it would be an air-gapped (cold) wallet, but still not a hardware wallet even tho it "is hardware" (every software runs on hardware).

Quote from: dkbit98 on November 21, 2020, 06:41:33 AM

I showed you multiple definitions of Hardware Wallets [...]

Yes.
And one of your "definitions" would mean a paper wallet also is a hardware wallet.
And another of your "definitions" would automatically deem that project to not be a hardware wallet. Both of them are wrong, to say at least.

Either way, this project simply is an air-gapped wallet on a small device. No hardware security. Take it or leave it.

I appreciate that you try to find new forms of storage, but you obviously do not possess the technical competence to estimate how secure a given storage method is.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: bob123 on November 21, 2020, 05:47:07 AM

But this, by definition, is not a hardware wallet.

I showed you multiple definitions of Hardware Wallets and there is not a single word about secure element to define Hardware Wallet, but you can write your own or propose change on Wikipedia and see how it goes.
None of the first hardware wallet prototypes had any secure elements, and you should think how secure exactly are those closed source secure elements with closed source wallets.
If some random person say shit is safe.... it is still shit.

Quote from: Stalker22 on November 21, 2020, 06:36:35 AM

I think we're stuck with semantics here. How do you define what the 'hardware wallet' is? Does every hardware wallet have a secure element? I don't think so.
In my humble opinion, this DIY project can be described as a hardware which can be used as a wallet. Is it a safer than the real hardware wallet? Of course it's not.

Yeah, I think spongebob just needs to write something, and he is very stubborn bur smart person so he created his own definition of hardware wallet Cheesy

I even said myself that DIY Bowser Hardware Wallet is less secure than regular hardware wallets, and it is not for everyone.

Stalker22

legendary

Activity: 1526

Merit: 1359

Quote from: bob123 on November 21, 2020, 05:47:07 AM

This project simply is an offline storage on a small dedicated device. One could achieve the same on an old mobile, a laptop or any mini computer.
Not saying this is bad. But this, by definition, is not a hardware wallet.

I think we're stuck with semantics here. How do you define what the 'hardware wallet' is? Does every hardware wallet have a secure element? I don't think so.
In my humble opinion, this DIY project can be described as a hardware which can be used as a wallet. Is it a safer than the real hardware wallet? Of course it's not.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: dkbit98 on November 20, 2020, 06:32:28 AM

Creators of Bowser are calling it diy hardware wallet, so it is diy hardware wallet,

Just because some random person is claiming some shit is gold.. it still stays shit.

Quote from: dkbit98 on November 20, 2020, 06:32:28 AM

What about Ledger HW1 is that Hardware Wallet or piece of shit USB and why they called it Hardware wallet?

The HW1 is a relatively bad hardware wallet, but it utilizes hardware security mechanisms by using a secure element.

Quote from: dkbit98 on November 20, 2020, 06:32:28 AM

One more definition for hardware wallet from 2019:

Quote

[...] Your all-important private keys are maintained in a secure offline environment on the hardware wallet, fully protected even should the device be plugged into a malware-infected computer.

And this already does not apply to your so-called "diy hardware wallet".
If you plug in that device into an malware infected computer, it becomes compromised. This is not the case with real hardware wallets.

This project simply is an offline storage on a small dedicated device. One could achieve the same on an old mobile, a laptop or any mini computer.
Not saying this is bad. But this, by definition, is not a hardware wallet.

Stalker22

legendary

Activity: 1526

Merit: 1359

I don't know, I kinda like this idea. Of course, this is a DIY project for enthusiasts and not a competition to stock hardware wallets. I am sure that this wallet won't win the beauty contest nor will it be the safest wallet on the market. But anyone who has spent significant time creating something with their hands will appreciate this.
If we all felt that if a ready-made product could be purchased in a supermarket, it was not worthwhile to create anything, there would be no advancement in technology at all and the whole industry would stagnate. Engineers and programmers have created new technologies through collaboration since the early beginnings of computers. Knowledge needs to be spread, and collaborative creativity benefits the entire society.

Topic: DIY Bowser Hardware Wallet (Read 594 times)