[ESHOP launched] Trezor: Bitcoin hardware wallet - page 121.

JorgeStolfi

hero member

Activity: 910

Merit: 1003

Quote from: GreatBug on October 04, 2014, 10:38:37 AM

Quote from: JorgeStolfi on October 04, 2014, 01:31:33 AM

I would guess that the code above is a manual translation into python-like language of some part of the executable binary extracted from the bootloader.

How do you come to this conclusion? Its just python code that verifies signatures on a firmware image. nothing more.

The poster offered that pseudo-code as evidence that he did reverse-engineer the bootloader. That is all. Anyone who can get the binary out of the Trezor can check whether that part of the binary corresponds to that pseudo-code.

That pseudo-code alone does not prove that the poster reverse-engineered the entire binary code (but if that pseudo-code is the output of a disassembler, surely he did). It does not prove that the bootloader has no backdoor (one must check the whole binary for that). It does not prove that the official firmware is not malicious. I

GreatBug

sr. member

Activity: 629

Merit: 252

Quote from: JorgeStolfi on October 04, 2014, 01:31:33 AM

I would guess that the code above is a manual translation into python-like language of some part of the executable binary extracted from the bootloader.

How do you come to this conclusion? Its just python code that verifies signatures on a firmware image. nothing more.

devthedev

legendary

Activity: 1050

Merit: 1004

Quote from: instagibbs on October 04, 2014, 09:29:29 AM

Quote from: JorgeStolfi on October 04, 2014, 01:31:33 AM

I would guess that the code above is a manual translation into python-like language of some part of the executable binary extracted from the bootloader.

Exactly. And coming from a "competitor" is a pretty good sign.

We're all early adopters, teamwork is good! (;

instagibbs

member

Activity: 114

Merit: 12

Quote from: JorgeStolfi on October 04, 2014, 01:31:33 AM

I would guess that the code above is a manual translation into python-like language of some part of the executable binary extracted from the bootloader.

Exactly. And coming from a "competitor" is a pretty good sign.

JorgeStolfi

hero member

Activity: 910

Merit: 1003

Quote from: chrisrico on October 04, 2014, 01:09:17 AM

Quote from: btchip on October 03, 2014, 06:03:27 PM

for what it's worth as an independant audit, the bootloader functionally does what it's supposed to do and doesn't contain a backdoor.
(+ proof of RE)

The bootloader is written in Python? I'm a bit surprised about that.

I would guess that the code above is a manual translation into python-like language of some part of the executable binary extracted from the bootloader.

chrisrico

hero member

Activity: 496

Merit: 500

Quote from: btchip on October 03, 2014, 06:03:27 PM

for what it's worth as an independant audit, the bootloader functionally does what it's supposed to do and doesn't contain a backdoor.

(+ proof of RE)

The bootloader is written in Python? I'm a bit surprised about that.

GreatBug

sr. member

Activity: 629

Merit: 252

Quote from: btchip on October 03, 2014, 06:03:27 PM

for what it's worth as an independant audit, the bootloader functionally does what it's supposed to do and doesn't contain a backdoor.

(+ proof of RE)

Who performed this audit? What exactly was audited? Where are the results?

How is that code proof of RE (I assume you mean 'reverse engineering')? It appears to only check the signatures.

btchip

hero member

Activity: 623

Merit: 500

CTO, Ledger

for what it's worth as an independant audit, the bootloader functionally does what it's supposed to do and doesn't contain a backdoor.

(+ proof of RE)

instagibbs

member

Activity: 114

Merit: 12

Quote from: BurtW on October 03, 2014, 08:03:38 AM

Quote from: stick on October 03, 2014, 07:00:36 AM

Quote from: klokan on October 03, 2014, 04:39:19 AM

Can you please clarify if it can be read?

Yes, it can be read.

So it can be read, disassembled, and the public key replaced.

I don't think you can *change* what's there easily, but you could just clone a Trezor, adding in a backdoor. But that's always the case without some sort of self-attestation system. AFAIK

slush

legendary

Activity: 1386

Merit: 1097

Quote from: DoomDumas on October 01, 2014, 05:12:06 PM

Wow.. Gratz mr Palatinus... im proud of your acheivement.. first one to create a pool.. and first really reliable and commercialized hardware wallet...

Thank you very much for all those years of hardwork and for keeping the good work until the end and further more

you're my best..

Thanks Dominique! :-) I remember our very first tx in 11/2010 and it was fun ;-).

BurtW

legendary

Activity: 2646

Merit: 1137

All paid signature campaigns should be banned.

Quote from: stick on October 03, 2014, 07:00:36 AM

Quote from: klokan on October 03, 2014, 04:39:19 AM

Can you please clarify if it can be read?

Yes, it can be read.

So it can be read, disassembled, and the public key replaced.

stick

sr. member

Activity: 441

Merit: 268

Quote from: klokan on October 03, 2014, 04:39:19 AM

Can you please clarify if it can be read?

Yes, it can be read.

binford

newbie

Activity: 52

Merit: 0

Quote from: someone42 on October 03, 2014, 06:01:30 AM

... if you're going to be making a 1:1 copy, you don't need source.

but a verbatim bootloader copy would only work with original satoshilabz firmware and complain about any other (unsigned) release ... but if the copy-cat would be only after income from sales of generic trezor device without intention of providing own firmware, then this could be no issue since it should be compatible.
i had to write it down to think about it, sorry for the spam

someone42

member

Activity: 78

Merit: 11

Chris Chua

Quote from: stick on October 03, 2014, 04:17:02 AM

Keys stored in the bootloader are public as asymmetric cryptography is used there. There is no security reason why bootloader should stay closed, but we were quite hesitant to open it because that's the last piece of mosaic that our competition is missing from making a perfect TREZOR clone.

Anyone who wants to clone your code can just upload (unsigned) firmware that dumps the bootloader. The STM32F2xx's level 2 code protection does not prevent flash from being read by code that is running within the microcontroller. No, this won't get you the source, but if you're going to be making a 1:1 copy, you don't need source.

binford

newbie

Activity: 52

Merit: 0

Quote from: stick on October 03, 2014, 04:17:02 AM

Keys stored in the bootloader are public as asymmetric cryptography is used there.

what was I thinking ...

Quote

There is no security reason why bootloader should stay closed, but we were quite hesitant to open it because that's the last piece of mosaic that our competition is missing from making a perfect TREZOR clone.

protecting IP, makes also sense.
~~genuine fakes~~ generic trezor arriving in 5, 4, 3, ...

klokan

full member

Activity: 120

Merit: 100

Quote from: stick on October 03, 2014, 04:17:02 AM

Keys stored in the bootloader are public as asymmetric cryptography is used there. There is no security reason why bootloader should stay closed, but we were quite hesitant to open it because that's the last piece of mosaic that our competition is missing from making a perfect TREZOR clone.

Either the bootloader binary can be retrieved using custom firmware or it can't. In the first case, it's simple for competition to get all they need. In the latter case, the bootloader cannot be verified.

In the first case it makes no sense to hide the code, in the second case it won't help much to release it.

Can you please clarify if it can be read?

stick

sr. member

Activity: 441

Merit: 268

Keys stored in the bootloader are public as asymmetric cryptography is used there. There is no security reason why bootloader should stay closed, but we were quite hesitant to open it because that's the last piece of mosaic that our competition is missing from making a perfect TREZOR clone.

binford

newbie

Activity: 52

Merit: 0

I think bootloader is the first program that starts when trezor is powered up.
the program responsible for checking firmware signatures and low level calls.
It might be a bad idea to open source it since this is the place where the manufacturer's keys are stored and i have a quite strong opinion about keeping it closed source.

keithers

legendary

Activity: 1456

Merit: 1001

This is the land of wolves now & you're not a wolf

Quote from: cryptworld on October 02, 2014, 09:54:58 PM

Quote from: gothsurf on October 02, 2014, 12:16:09 PM

Can someone comment on whether or not the non open source bootloader is a legitimate concern?

http://www.reddit.com/r/TREZOR/comments/2hwwxv/trezors_bootloader_is_closed_source_please_open_it/

I read it on reddit and would like to know an answer too

I'd like to hear a few takes on this as well even though I am not too sure what a bootloader even is....is this raising security concerns?

cryptworld

hero member

Activity: 714

Merit: 503

Quote from: gothsurf on October 02, 2014, 12:16:09 PM

Can someone comment on whether or not the non open source bootloader is a legitimate concern?

http://www.reddit.com/r/TREZOR/comments/2hwwxv/trezors_bootloader_is_closed_source_please_open_it/

I read it on reddit and would like to know an answer too

Topic: [ESHOP launched] Trezor: Bitcoin hardware wallet - page 121. (Read 966173 times)