Topic: DIY Bowser Hardware Wallet (Read 554 times)

I think the Bowser wallet is a neat project, but should only store small amounts of bitcoin, if any. Have you tried flashing the AWS one? I don't think it works

I hope you opted for M5Stack Core2 ESP32 AWS Development Kit with built in Secure Element.
It costs couple of dollars more than regular M5Stack but it is superior in many ways, with built in encrypted chip ATECC608 that makes it safer, touch screen, almost five stronger and better battery, longer type-C USB cable, and size is almost the same as basic M5STack.
Only problem is they run out of stock very quickly so you need to be fast when ordering

Interesting; I had no time yet, just read the README and it says:

Maybe it's old info from before they supported this secure element, or maybe there's another reason that somehow makes the seed accessible, even though it's secured on a secure chip. A clarification would be helpful.

M5Stacks are a great little devices and sometimes you can find them on discount deals for very cheap.
Secure element is used for sure and it should be recognized, if you watch the video on their product page you will see that it is used for encryption.

the mnemonic is stored in an accessible location on the device
...
the wallet details are only pseudo-secure on the device

That's cool! I wanted to get an M5Stack anyway to play around with. A question about the secure chip: does the firmware actually recognize it is running on a M5 with secure chip & use it or is it not used? I mean, if it's not implemented, then having it on the PCB won't help..

https://m5stack.com/collections/m5-core/products/m5stack-core2-esp32-iot-development-kit-for-aws-iot-edukit?variant=37687799251116

Getting back on this topic with one small update as I recently found a similar M5Stack Core2 ESP32 AWS Development Kit that has built in Secure Element Microchip ATECC608A Trust&GO, and that is same secure chip used in other hardware wallets like ColdCard mk3, Bitbox02 and Passport.
This device also has a touch screen, card slot, built-in 500mAh Lithium and it can be found for nice price around $40

I hope you opted for M5Stack Core2 ESP32 AWS Development Kit with built in Secure Element.
It costs couple of dollars more than regular M5Stack but it is superior in many ways, with built in encrypted chip ATECC608 that makes it safer, touch screen, almost five stronger and better battery, longer type-C USB cable, and size is almost the same as basic M5STack.
Only problem is they run out of stock very quickly so you need to be fast when ordering

I just ordered one and I'll keep yall updated on how the build process goes.  

I am not aware of any case/vulnerability where the device leaks customer information. What kind of information are you referring to?
The website definitely is horrible, just as most of the websites on the internet. Browsing without ad blocker and a javascript blocker is almost a no-go nowadays.

Again I say - paper is not a hardware, even kids know this, and those definitions are freely available on internet, and I didn't write any of them.

I also don't think ledger is secure hardware wallet also, it is closed source and it is proven unsafe device leaking customer information, with website full of ads and trackers, and I have proof for that.

And one of your "definitions" would mean a paper wallet also is a hardware wallet.

Don't get me wrong, a hardware wallet is a really nice combo of security and ease of use, but is it the safest way to store your coins? I think not.

...
Either way, this project simply is an air-gapped wallet on a small device. No hardware security. Take it or leave it.

I think we're stuck with semantics here. How do you define what the 'hardware wallet' is? Does every hardware wallet have a secure element? I don't think so.

In my humble opinion, this DIY project can be described as a hardware which can be used as a wallet.

I showed you multiple definitions of Hardware Wallets [...]

But this, by definition, is not a hardware wallet.

I think we're stuck with semantics here. How do you define what the 'hardware wallet' is? Does every hardware wallet have a secure element? I don't think so.
In my humble opinion, this DIY project can be described as a hardware which can be used as a wallet. Is it a safer than the real hardware wallet? Of course it's not.

This project simply is an offline storage on a small dedicated device. One could achieve the same on an old mobile, a laptop or any mini computer.
Not saying this is bad. But this, by definition, is not a hardware wallet.

Creators of Bowser are calling it diy hardware wallet, so it is diy hardware wallet,

What about Ledger HW1 is that Hardware Wallet or piece of shit USB and why they called it Hardware wallet?

One more definition for hardware wallet from 2019:

Hardware wallet is a physical electronic device, built for the sole purpose of securing bitcoins. The core innovation is that the hardware wallet must be connected to your computer, phone, or tablet before bitcoins may be spent. Hardware wallets are a good choice if you’re serious about security and convenient, reliable Bitcoin storage.

Bitcoin hardware wallets keep private keys separate from vulnerable, internet-connected devices. Your all-important private keys are maintained in a secure offline environment on the hardware wallet, fully protected even should the device be plugged into a malware-infected computer. As bitcoins are digital, cybercriminals could, potentially, target your computer’s “software wallet” and steal them by accessing your private key.

This is DIY hardware wallet, and it is NOT for newbies and people like spongebob Ledger shiller.

Let's see what makes a hardware wallet:

https://en.bitcoin.it/wiki/Hardware_wallet

Edit: Please see https://bitcointalksearch.org/topic/m.1327630 for an updated prototype.

Hardware Bitcoin wallet is a project which aims to implement a minimal dedicated Bitcoin wallet. Its main difference with every other Bitcoin client/wallet out there is its low resource requirements: the binary is currently 25 kilobytes large, it uses less than 2 kilobytes of RAM and requires only 160 bytes of non-volatile storage per wallet. With such low requirements, I reckon a production device would be smaller, more robust and cheaper than any other Bitcoin wallet.

The wallet stores private keys (actually, it only stores a seed for the deterministic key generator), parses transactions and signs transactions. It essentially doesn't do anything else. This is by design - simpler means a smaller attack surface. Private keys are generated on the device and never leave the device, except when doing a wallet backup. Even then, the seed is only displayed - it is never sent over the serial port. My intention is that physical access to a device is required in order to obtain private keys or to spend anything. As an additional layer of security, wallets can be encrypted. An encrypted wallet offers pseudo-two-factor authentication: in order to spend BTC, you need to know the wallet passphrase and you need to have the hardware Bitcoin wallet.

Here's a somewhat messy prototype:

The thing on the left is an Arduino clone (though I'm not actually using the Arduino IDE or libraries). The bunch of discretes on the lower part of the breadboard comprise a noise source, which is used to generate random numbers. The input user interface consists of two pushbuttons (bottom-left and bottom-right corners), where the user can approve or disapprove of actions. This gives you an idea of the necessary hardware peripherals required. Of course, a production device would be much more compact than this .


Here's the prototype signing a transaction:

Here's an actual transaction that it signed: http://blockexplorer.com/t/AEhoN6bzjd.

The code is hosted at: https://github.com/someone42/hardware-bitcoin-wallet. Currently, there's only a port for the ATmega328 microcontroller. However, most of the code is platform-independent; porting to another microcontroller "only" involves writing drivers for the microcontroller's peripherals.

I shall commit to being open and transparent, releasing source code and hardware specifications as I produce them. If people are interested, I might even design a production hardware Bitcoin wallet. From simple BOM and assembly cost estimates, such a device would cost 6 to 7 USD per unit to manufacture (for a quantity of 1000). If anyone has questions/suggestions, feel free to ask in this thread.