Jade DIY hardware wallet - page 2. | Bitcointalksearch.org

fillippone

legendary

Activity: 2268

Merit: 16328

Fully fledged Merit Cycler - Golden Feather 22-23

Quote from: Pmalek on June 08, 2024, 02:31:24 AM

Quote from: wavessurfing on June 07, 2024, 03:17:07 PM

is the DIY variant secure, who has the experience ?

I can't comment on that particular video or the software he uses, but the Blockstream Jade is safe to use. It's an open-source and airgapped bitcoin-only hardware wallet. You can use it as a stateless signer via QR codes if you want. You have the choice to purchase the assembled device, which is very affordable and should cost you around $65, or you can purchase the individual components yourself and assemble everything on your own and build it from source.

The possibility to assemble your own hardware is a guarantee of the solidity of the project.
My own self compiled Jade works smoothly.
The main difference with the commercial solutions is the lack of a photocam, that downs allow to read QR.
Apart from that, I have no reason (to the best of my knowledge) to use a DYO variant using reliable sources.

Hispo

legendary

Activity: 1162

Merit: 2025

Leading Crypto Sports Betting & Casino Platform

I have been keeping an eye on the hardware wallet by Block stream, Jade, though in my opinion the price for the original product in their store sounds rather high compared to the hardware one is receiving and the possible quality of the case and board, so I love these kinds of tutorials which allows anyone to go into cold storage of crypto assets with a minimum budget. Tongue

Last time I saw something similar to this tutorial was a tutorial to build our own Trezor mode Model from the scratch.

Also, one of the biggest advantages of these kinds of wallets which are open software and open hardware is the fact we can try to replace the case with other with better materials, ones of the projects I want to get into is making a highly resistant metallic case of both Jade and Trezor model One. Tongue

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: wavessurfing on June 07, 2024, 03:17:07 PM

is the DIY variant secure, who has the experience ?

I can't comment on that particular video or the software he uses, but the Blockstream Jade is safe to use. It's an open-source and airgapped bitcoin-only hardware wallet. You can use it as a stateless signer via QR codes if you want. You have the choice to purchase the assembled device, which is very affordable and should cost you around $65, or you can purchase the individual components yourself and assemble everything on your own and build it from source.

wavessurfing

member

Activity: 402

Merit: 45

Quote from: Pmalek on May 15, 2024, 11:00:19 AM

Quote from: HideYourKeys on May 09, 2024, 04:50:02 AM

Yep, it feels exactly like a seedsigner, how can I change that??

I guess you set it up using the Advanced Setup mode. The standard and assembled (non DIY) Jade has a beginner setup and advanced setup. The latter one creates a stateless signing device that you can use with SeedQRs. The beginner setup feature creates a standard wallet with the information stored on the device like with any other hardware wallet. You also need to set up a PIN. Like I said, this is for the normal Jade. I can only assume it's the same thing for the DIY variant. So, go through the beginner setup, not the advanced one.

is the DIY variant secure, who has the experience ?

https://www.reddit.com/r/Bitcoin/comments/13wyck9/diy_blockstream_jade_create_your_own_bitcoinonly/

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: HideYourKeys on May 09, 2024, 04:50:02 AM

Yep, it feels exactly like a seedsigner, how can I change that??

I guess you set it up using the Advanced Setup mode. The standard and assembled (non DIY) Jade has a beginner setup and advanced setup. The latter one creates a stateless signing device that you can use with SeedQRs. The beginner setup feature creates a standard wallet with the information stored on the device like with any other hardware wallet. You also need to set up a PIN. Like I said, this is for the normal Jade. I can only assume it's the same thing for the DIY variant. So, go through the beginner setup, not the advanced one.

cygan

legendary

Activity: 3304

Merit: 8633

Crypto Swap Exchange

new firmware 1.0.30 is now available for Jade!
the new version released today has the following new features:

added new api calls 'get_registered_descriptors' and 'get_registered_descriptor' to enhance miniscript support
menu option for network selection (mainnet/testnet) for stateless qr code users
updated esp-idf base firmware to v5.1.3 (note: saved bluetooth bonds will need to be re-paired)

this miniscript-capable version can be flashed under the following link: https://jadefw.blockstream.com/upgrade/fwupgrade.html

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: Jason Brendon on May 13, 2024, 10:08:47 PM

It's not a fucking pack of peanuts and you could just remove the bad ones. WIFI chip can be removed from an ESP 32 is the first time I have ever heard. It's probably not the easiest thing to do.

Yeah, it was also the first time in your life you ever heard about existence of Raspberry Pi Zero with wifi chip (that can also be removed manually)... I guess you must be smarter than me in this field Tongue

Now let's get back on topic of Jade DIY.

Jason Brendon

member

Activity: 162

Merit: 65

Quote from: dkbit98 on May 13, 2024, 03:46:34 AM

Quote from: Jason Brendon on May 13, 2024, 03:37:25 AM

How did they remove the wifi chip? by the way, pi zero has no wifi at all.

What do you mean how? They simply desoldered the wifi chip from the board, and by the way newer version of Rpi zero devices does have wifi (only older version 1.3 doesn't have wifi), so better do your own research:
https://www.raspberrypi.com/products/raspberry-pi-zero-w/

It's not a fucking pack of peanuts and you could just remove the bad ones. WIFI chip can be removed from an ESP 32 is the first time I have ever heard. It's probably not the easiest thing to do.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: Jason Brendon on May 13, 2024, 03:37:25 AM

How did they remove the wifi chip? by the way, pi zero has no wifi at all.

What do you mean how? They simply desoldered the wifi chip from the board, and by the way newer version of Rpi zero devices does have wifi (only older version 1.3 doesn't have wifi), so better do your own research:
https://www.raspberrypi.com/products/raspberry-pi-zero-w/

Jason Brendon

member

Activity: 162

Merit: 65

Quote from: dkbit98 on May 09, 2024, 02:32:39 PM

Wi-fi is disabled in settings and I know people who are removing wifi chips from this device, they also did the same with RaspberyPi zero.

How did they remove the wifi chip? by the way, pi zero has no wifi at all.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: Jason Brendon on May 05, 2024, 10:42:33 PM

I think this TTGO has wifi connection embedded? Huh

How can anybody use this to store your private keys?

Wi-fi is disabled in settings and I know people who are removing wifi chips from this device, they also did the same with RaspberyPi zero.
Than again, nobody is really going to use cheap TTGO device to store keys there, it's just a proof of concept, and it's not very usable without camera anyway.

Quote from: Jason Brendon on May 07, 2024, 03:37:32 AM

I wish there was a DIY device that by default has no wifi at all...

Sure there are, Seedsigner aka Raspberry Pi zero v1.3, Krux aka M5StickV K210 or Maix Amigo, they are all airgapped devices without wifi.

https://seedsigner.com/
https://selfcustody.github.io/krux/

HideYourKeys

full member

Activity: 149

Merit: 165

Metal Seed Phrase at the lowest price! From 44.99

In fact, I have gone through the whole blockstream article, and I did use the PIN, but the device is still on "stateless" mode :S

https://help.blockstream.com/hc/en-us/articles/20108678230937-Advanced-Jade-Setup

I will retry and ask on blockstream TG as well

HideYourKeys

full member

Activity: 149

Merit: 165

Metal Seed Phrase at the lowest price! From 44.99

Quote from: Jason Brendon on May 08, 2024, 10:22:54 PM

Quote from: HideYourKeys on May 08, 2024, 12:20:03 PM

I have flashed serveral TTGO T-displays for friends, as an entry-level device, I think it is the perfect choice.

Nevertheless, I have noticed that the last two ones I flashed (I only have one available, I gave away the other one) do not "keep the data", I mean, I flash them, and set up a wallet with the recovery words, the PIN, and so on... but once turned off and on, you have to enter all the words again... Have any of you guys experienced that? I am on 1.0.29 firmware.

P.S: I even wrote a post on this topic, and made a guide, in fact I made some ammendments and tricks on top of the videos the OP made. For instance, in some cases I did not get the bootloader prompt, but there are some commands to enforce its flashing. https://hideyourkeys.io/cheap-hardware-wallet-below-diy-guide/

Is it the new 'stateless' mode where it acts like SeedSigner(another DIY project) so every time you turn off the device, it forgets things.

Yep, it feels exactly like a seedsigner, how can I change that??

Jason Brendon

member

Activity: 162

Merit: 65

Quote from: HideYourKeys on May 08, 2024, 12:20:03 PM

I have flashed serveral TTGO T-displays for friends, as an entry-level device, I think it is the perfect choice.

Nevertheless, I have noticed that the last two ones I flashed (I only have one available, I gave away the other one) do not "keep the data", I mean, I flash them, and set up a wallet with the recovery words, the PIN, and so on... but once turned off and on, you have to enter all the words again... Have any of you guys experienced that? I am on 1.0.29 firmware.

P.S: I even wrote a post on this topic, and made a guide, in fact I made some ammendments and tricks on top of the videos the OP made. For instance, in some cases I did not get the bootloader prompt, but there are some commands to enforce its flashing. https://hideyourkeys.io/cheap-hardware-wallet-below-diy-guide/

Is it the new 'stateless' mode where it acts like SeedSigner(another DIY project) so every time you turn off the device, it forgets things.

HideYourKeys

full member

Activity: 149

Merit: 165

Metal Seed Phrase at the lowest price! From 44.99

I have flashed serveral TTGO T-displays for friends, as an entry-level device, I think it is the perfect choice.

Nevertheless, I have noticed that the last two ones I flashed (I only have one available, I gave away the other one) do not "keep the data", I mean, I flash them, and set up a wallet with the recovery words, the PIN, and so on... but once turned off and on, you have to enter all the words again... Have any of you guys experienced that? I am on 1.0.29 firmware.

P.S: I even wrote a post on this topic, and made a guide, in fact I made some ammendments and tricks on top of the videos the OP made. For instance, in some cases I did not get the bootloader prompt, but there are some commands to enforce its flashing. https://hideyourkeys.io/cheap-hardware-wallet-below-diy-guide/

Jason Brendon

member

Activity: 162

Merit: 65

Quote from: Cricktor on May 06, 2024, 03:34:16 PM

Quote from: Jason Brendon on May 05, 2024, 10:42:33 PM

I think this TTGO has wifi connection embedded? Huh

How can anybody use this to store your private keys?

I'm pretty sure (though couldn't find a quick confirmation) that even when there's wifi hardware available, it isn't enabled, no driver loaded, no wifi initialized or explicitly disabled. It wouldn't make sense to have such an attack vector open when you can disable this potential connectivity.

Or the other way round, if you fear such a DIY Jade could maliciously leak your wallet secrets via wifi, the code is open-source, as far as I've seen the firmware is reproducable. Inspect the code for shady stuff. The Jade clone can't guess your or other wifi's passwords.

I have the same strategy with my DIY PiTrezor which I run on a Pi Zero W. As wifi and/or Bluetooth can't be used with a basically Trezor One firmware, there's a) no driver for wifi or Bluetooth in PiTrezor's firmware and b) I disable explicitly both wireless modules in the Pi Zero's boot config. That's safe enough for me and my PiTrezor is more an experimental project, no valuable wallet on it.

I wish there was a DIY device that by default has no wifi at all...

Cricktor

hero member

Activity: 714

Merit: 1010

Crypto Swap Exchange

Quote from: Jason Brendon on May 05, 2024, 10:42:33 PM

I think this TTGO has wifi connection embedded? Huh

How can anybody use this to store your private keys?

I'm pretty sure (though couldn't find a quick confirmation) that even when there's wifi hardware available, it isn't enabled, no driver loaded, no wifi initialized or explicitly disabled. It wouldn't make sense to have such an attack vector open when you can disable this potential connectivity.

Or the other way round, if you fear such a DIY Jade could maliciously leak your wallet secrets via wifi, the code is open-source, as far as I've seen the firmware is reproducable. Inspect the code for shady stuff. The Jade clone can't guess your or other wifi's passwords.

I have the same strategy with my DIY PiTrezor which I run on a Pi Zero W. As wifi and/or Bluetooth can't be used with a basically Trezor One firmware, there's a) no driver for wifi or Bluetooth in PiTrezor's firmware and b) I disable explicitly both wireless modules in the Pi Zero's boot config. That's safe enough for me and my PiTrezor is more an experimental project, no valuable wallet on it.

Jason Brendon

member

Activity: 162

Merit: 65

Quote from: dkbit98 on June 01, 2023, 09:12:07 AM

TTGO (Lilygo) T-Display ~$10 USD

https://github.com/3rdIteration/Jade/blob/master/diy/readme.md

I think this TTGO has wifi connection embedded? Huh

How can anybody use this to store your private keys?

apogio

hero member

Activity: 560

Merit: 1060

Quote from: BlackHatCoiner on April 05, 2024, 02:30:46 PM

I should think about it twice before questioning Blockstream for their lack of research. Tongue

Especially since the founder has invented the core mining mechanism of bitcoin Tongue

Seriously though, nice catch and nice study. You have provided us with some knowledge.

BlackHatCoiner

legendary

Activity: 1512

Merit: 7340

Farewell, Leo

Quote from: Pmalek on April 05, 2024, 09:15:47 AM

Feel free to add something more if you want to.

As it turns out, I was not totally right.

It doesn't directly use libsecp256k1, indeed, but it does use secp256k1-zkp, which is a fork of the former. As you can see in here, it says that their EC library calls secp256k1_surjectionproof_verify() and secp256k1_rangeproof_verify(), which are defined only over secp256k1-zkp. You can verify by searching in libsecp256k1 (empty) and in secp256k1-zkp (non-empty).

I should think about it twice before questioning Blockstream for their lack of research. Tongue

Topic: Jade DIY hardware wallet - page 2. (Read 1226 times)