Pages:
Author

Topic: Jade DIY hardware wallet - page 2. (Read 1226 times)

legendary
Activity: 2268
Merit: 16328
Fully fledged Merit Cycler - Golden Feather 22-23
August 11, 2024, 06:06:45 PM
#71
is the DIY variant secure, who has the experience ?
I can't comment on that particular video or the software he uses, but the Blockstream Jade is safe to use. It's an open-source and airgapped bitcoin-only hardware wallet. You can use it as a stateless signer via QR codes if you want. You have the choice to purchase the assembled device, which is very affordable and should cost you around $65, or you can purchase the individual components yourself and assemble everything on your own and build it from source.

The possibility to assemble your own hardware is a guarantee of the solidity of the project.
My own self compiled Jade works smoothly.
The main difference with the commercial solutions is the lack of a photocam, that downs allow to read QR.
Apart from that, I have no reason (to the best of my knowledge) to use a DYO variant using reliable sources.
legendary
Activity: 1162
Merit: 2025
Leading Crypto Sports Betting & Casino Platform
August 05, 2024, 11:33:17 AM
#70
I have been keeping an eye on the hardware wallet by Block stream, Jade, though in my opinion the price for the original product in their store sounds rather high compared to the hardware one is receiving and the possible quality of the case and board, so I love these kinds of tutorials which allows anyone to go into cold storage of crypto assets with a minimum budget.  Tongue
Last time I saw something similar to this tutorial was a tutorial to build our own Trezor mode Model from the scratch.

Also, one of the biggest advantages of these kinds of wallets which are open software and open hardware is the fact we can try to replace the case with other with better materials, ones of the projects I want to get into is making a highly resistant metallic case of both Jade and Trezor model One.  Tongue
legendary
Activity: 2730
Merit: 7065
June 08, 2024, 02:31:24 AM
#69
is the DIY variant secure, who has the experience ?
I can't comment on that particular video or the software he uses, but the Blockstream Jade is safe to use. It's an open-source and airgapped bitcoin-only hardware wallet. You can use it as a stateless signer via QR codes if you want. You have the choice to purchase the assembled device, which is very affordable and should cost you around $65, or you can purchase the individual components yourself and assemble everything on your own and build it from source.
member
Activity: 402
Merit: 45
June 07, 2024, 03:17:07 PM
#68
Yep, it feels exactly like a seedsigner, how can I change that??
I guess you set it up using the Advanced Setup mode. The standard and assembled (non DIY) Jade has a beginner setup and advanced setup. The latter one creates a stateless signing device that you can use with SeedQRs. The beginner setup feature creates a standard wallet with the information stored on the device like with any other hardware wallet. You also need to set up a PIN. Like I said, this is for the normal Jade. I can only assume it's the same thing for the DIY variant. So, go through the beginner setup, not the advanced one.

is the DIY variant secure, who has the experience ?

https://www.reddit.com/r/Bitcoin/comments/13wyck9/diy_blockstream_jade_create_your_own_bitcoinonly/
legendary
Activity: 2730
Merit: 7065
May 15, 2024, 11:00:19 AM
#67
Yep, it feels exactly like a seedsigner, how can I change that??
I guess you set it up using the Advanced Setup mode. The standard and assembled (non DIY) Jade has a beginner setup and advanced setup. The latter one creates a stateless signing device that you can use with SeedQRs. The beginner setup feature creates a standard wallet with the information stored on the device like with any other hardware wallet. You also need to set up a PIN. Like I said, this is for the normal Jade. I can only assume it's the same thing for the DIY variant. So, go through the beginner setup, not the advanced one.
legendary
Activity: 3304
Merit: 8633
Crypto Swap Exchange
May 15, 2024, 03:06:29 AM
#66
new firmware 1.0.30 is now available for Jade!
the new version released today has the following new features:

  • added new api calls 'get_registered_descriptors' and 'get_registered_descriptor' to enhance miniscript support
  • menu option for network selection (mainnet/testnet) for stateless qr code users
  • updated esp-idf base firmware to v5.1.3 (note: saved bluetooth bonds will need to be re-paired)

this miniscript-capable version can be flashed under the following link: https://jadefw.blockstream.com/upgrade/fwupgrade.html
legendary
Activity: 2212
Merit: 7064
May 14, 2024, 01:06:58 AM
#65
It's not a fucking pack of peanuts and you could just remove the bad ones. WIFI chip can be removed from an ESP 32 is the first time I have ever heard. It's probably not the easiest thing to do.
Yeah, it was also the first time in your life you ever heard about existence of Raspberry Pi Zero with wifi chip (that can also be removed manually)... I guess you must be smarter than me in this field   Tongue
Now let's get back on topic of Jade DIY.
member
Activity: 162
Merit: 65
May 13, 2024, 10:08:47 PM
#64
How did they remove the wifi chip? by the way, pi zero has no wifi at all.
What do you mean how? They simply desoldered the wifi chip from the board, and by the way newer version of Rpi zero devices does have wifi (only older version 1.3 doesn't have wifi), so better do your own research:
https://www.raspberrypi.com/products/raspberry-pi-zero-w/

It's not a fucking pack of peanuts and you could just remove the bad ones. WIFI chip can be removed from an ESP 32 is the first time I have ever heard. It's probably not the easiest thing to do.
legendary
Activity: 2212
Merit: 7064
May 13, 2024, 03:46:34 AM
#63
How did they remove the wifi chip? by the way, pi zero has no wifi at all.
What do you mean how? They simply desoldered the wifi chip from the board, and by the way newer version of Rpi zero devices does have wifi (only older version 1.3 doesn't have wifi), so better do your own research:
https://www.raspberrypi.com/products/raspberry-pi-zero-w/
member
Activity: 162
Merit: 65
May 13, 2024, 03:37:25 AM
#62
Wi-fi is disabled in settings and I know people who are removing wifi chips from this device, they also did the same with RaspberyPi zero.
How did they remove the wifi chip? by the way, pi zero has no wifi at all.
legendary
Activity: 2212
Merit: 7064
May 09, 2024, 02:32:39 PM
#61
I think this TTGO has wifi connection embedded?Huh How can anybody use this to store your private keys?
Wi-fi is disabled in settings and I know people who are removing wifi chips from this device, they also did the same with RaspberyPi zero.
Than again, nobody is really going to use cheap TTGO device to store keys there, it's just a proof of concept, and it's not very usable without camera anyway.

I wish there was a DIY device that by default has no wifi at all...
Sure there are, Seedsigner aka Raspberry Pi zero v1.3, Krux aka M5StickV K210 or Maix Amigo, they are all airgapped devices without wifi.

https://seedsigner.com/
https://selfcustody.github.io/krux/



full member
Activity: 149
Merit: 165
Metal Seed Phrase at the lowest price! From 44.99
May 09, 2024, 06:26:04 AM
#60
In fact, I have gone through the whole blockstream article, and I did use the PIN, but the device is still on "stateless" mode :S

https://help.blockstream.com/hc/en-us/articles/20108678230937-Advanced-Jade-Setup

I will retry and ask on blockstream TG as well
full member
Activity: 149
Merit: 165
Metal Seed Phrase at the lowest price! From 44.99
May 09, 2024, 04:50:02 AM
#59
I have flashed serveral TTGO T-displays for friends, as an entry-level device, I think it is the perfect choice.

Nevertheless, I have noticed that the last two ones I flashed (I only have one available, I gave away the other one) do not "keep the data", I mean, I flash them, and set up a wallet with the recovery words, the PIN, and so on... but once turned off and on, you have to enter all the words again... Have any of you guys experienced that? I am on 1.0.29 firmware.

P.S: I even wrote a post on this topic, and made a guide, in fact I made some ammendments and tricks on top of the videos the OP made. For instance, in some cases I did not get the bootloader prompt, but there are some commands to enforce its flashing. https://hideyourkeys.io/cheap-hardware-wallet-below-diy-guide/

Is it the new 'stateless' mode where it acts like SeedSigner(another DIY project) so every time you turn off the device, it forgets things.

Yep, it feels exactly like a seedsigner, how can I change that??
member
Activity: 162
Merit: 65
May 08, 2024, 10:22:54 PM
#58
I have flashed serveral TTGO T-displays for friends, as an entry-level device, I think it is the perfect choice.

Nevertheless, I have noticed that the last two ones I flashed (I only have one available, I gave away the other one) do not "keep the data", I mean, I flash them, and set up a wallet with the recovery words, the PIN, and so on... but once turned off and on, you have to enter all the words again... Have any of you guys experienced that? I am on 1.0.29 firmware.

P.S: I even wrote a post on this topic, and made a guide, in fact I made some ammendments and tricks on top of the videos the OP made. For instance, in some cases I did not get the bootloader prompt, but there are some commands to enforce its flashing. https://hideyourkeys.io/cheap-hardware-wallet-below-diy-guide/

Is it the new 'stateless' mode where it acts like SeedSigner(another DIY project) so every time you turn off the device, it forgets things.
full member
Activity: 149
Merit: 165
Metal Seed Phrase at the lowest price! From 44.99
May 08, 2024, 12:20:03 PM
#57
I have flashed serveral TTGO T-displays for friends, as an entry-level device, I think it is the perfect choice.

Nevertheless, I have noticed that the last two ones I flashed (I only have one available, I gave away the other one) do not "keep the data", I mean, I flash them, and set up a wallet with the recovery words, the PIN, and so on... but once turned off and on, you have to enter all the words again... Have any of you guys experienced that? I am on 1.0.29 firmware.

P.S: I even wrote a post on this topic, and made a guide, in fact I made some ammendments and tricks on top of the videos the OP made. For instance, in some cases I did not get the bootloader prompt, but there are some commands to enforce its flashing. https://hideyourkeys.io/cheap-hardware-wallet-below-diy-guide/
member
Activity: 162
Merit: 65
May 07, 2024, 03:37:32 AM
#56
I think this TTGO has wifi connection embedded?Huh How can anybody use this to store your private keys?

I'm pretty sure (though couldn't find a quick confirmation) that even when there's wifi hardware available, it isn't enabled, no driver loaded, no wifi initialized or explicitly disabled. It wouldn't make sense to have such an attack vector open when you can disable this potential connectivity.

Or the other way round, if you fear such a DIY Jade could maliciously leak your wallet secrets via wifi, the code is open-source, as far as I've seen the firmware is reproducable. Inspect the code for shady stuff. The Jade clone can't guess your or other wifi's passwords.

I have the same strategy with my DIY PiTrezor which I run on a Pi Zero W. As wifi and/or Bluetooth can't be used with a basically Trezor One firmware, there's a) no driver for wifi or Bluetooth in PiTrezor's firmware and b) I disable explicitly both wireless modules in the Pi Zero's boot config. That's safe enough for me and my PiTrezor is more an experimental project, no valuable wallet on it.

I wish there was a DIY device that by default has no wifi at all...
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
May 06, 2024, 03:34:16 PM
#55
I think this TTGO has wifi connection embedded?Huh How can anybody use this to store your private keys?

I'm pretty sure (though couldn't find a quick confirmation) that even when there's wifi hardware available, it isn't enabled, no driver loaded, no wifi initialized or explicitly disabled. It wouldn't make sense to have such an attack vector open when you can disable this potential connectivity.

Or the other way round, if you fear such a DIY Jade could maliciously leak your wallet secrets via wifi, the code is open-source, as far as I've seen the firmware is reproducable. Inspect the code for shady stuff. The Jade clone can't guess your or other wifi's passwords.

I have the same strategy with my DIY PiTrezor which I run on a Pi Zero W. As wifi and/or Bluetooth can't be used with a basically Trezor One firmware, there's a) no driver for wifi or Bluetooth in PiTrezor's firmware and b) I disable explicitly both wireless modules in the Pi Zero's boot config. That's safe enough for me and my PiTrezor is more an experimental project, no valuable wallet on it.
member
Activity: 162
Merit: 65
May 05, 2024, 10:42:33 PM
#54

I think this TTGO has wifi connection embedded?Huh How can anybody use this to store your private keys?
hero member
Activity: 560
Merit: 1060
April 05, 2024, 03:56:17 PM
#53
I should think about it twice before questioning Blockstream for their lack of research.  Tongue

Especially since the founder has invented the core mining mechanism of bitcoin  Tongue

Seriously though, nice catch and nice study. You have provided us with some knowledge.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
April 05, 2024, 02:30:46 PM
#52
Feel free to add something more if you want to.
As it turns out, I was not totally right.

It doesn't directly use libsecp256k1, indeed, but it does use secp256k1-zkp, which is a fork of the former. As you can see in here, it says that their EC library calls secp256k1_surjectionproof_verify() and secp256k1_rangeproof_verify(), which are defined only over secp256k1-zkp. You can verify by searching in libsecp256k1 (empty) and in secp256k1-zkp (non-empty).

I should think about it twice before questioning Blockstream for their lack of research.  Tongue
Pages:
Jump to: