Author

Topic: Jade DIY hardware wallet (Read 1426 times)

hero member
Activity: 560
Merit: 1060
November 20, 2024, 12:29:07 AM
#98
The person in that picture wanted to try this as an intellectual experiment with no practical purpose.
I remember him wearing a "trustless clock," which was based on Bitcoin's timestamping protocol.
It's something that's particularly ineffective as a watch if you know a little about how Bitcoin timestamping is computed.




Oh so he is like the BTC Sessions of watches. Instead of wallets he tries watches. I get it!  Tongue
Seriously I am always in favour of trying new things and experimenting with new ideas.
Having said that, I would try to make it work, but just to get the DIY satisfaction.
Watches, in my opinion, are still accessories that need to be more stylish than feature-rich. I am wearing a smartwatch though, so I guess you shouldn't take my word seriously Tongue
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
November 19, 2024, 05:18:59 PM
#97
The person in that picture wanted to try this as an intellectual experiment with no practical purpose.
I remember him wearing a "trustless clock," which was based on Bitcoin's timestamping protocol.
It's something that's particularly ineffective as a watch if you know a little about how Bitcoin timestamping is computed.


hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
November 19, 2024, 02:32:36 PM
#96
Apart from a feasibility study and "we can do this", I can't find a good reason to wear a crypto wallet as an ugly plastic signal colored "thing" on my wrist. This defeats my preference to keep a low profile and not let my surrounding wonder what kind of a strange watch I wear, if I had such a thing (I won't).
hero member
Activity: 560
Merit: 1060
November 19, 2024, 02:39:57 AM
#95
I am not a big fan of this type of smart watches with their boring design, but support for code is more important.
If you ask me I would much rather use some retro design similar to casio watches.

Speaking of watches, I had a chat with Valerio Vaccaro, and he made me notice this:

<--image removed from original post-->

He also confirmed that the  twatchs3 is compatible with Lora and Lorawan, but of course, Jade does not support this as it requires a lot of software to be added, and this would significantly increase the surface of attack for a wallet.

I 've no particular experience in watches or bands, but, having seen your conversation above, I 'd like to ask what is really the purpose for wearing a hardware wallet as a watch, apart from it being fancy.

At the same time, I 'll tell the truth... the watch in the picture, is kinda ugly in my eyes, am I the only one?
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
November 17, 2024, 08:49:41 AM
#94
Speaking of watches, I had a chat with Valerio Vaccaro, and he made me notice this:



He also confirmed that the  twatchs3 is compatible with Lora and Lorawan, but of course, Jade does not support this as it requires a lot of software to be added, and this would significantly increase the surface of attack for a wallet.
legendary
Activity: 2212
Merit: 7064
November 15, 2024, 05:15:02 PM
#93
Here is another great video from Crypto Guide with more DIY hardware wallet devices using nlockstream Jade firmware.
With new devices he used you can see huge improvements with bigger screen on some of this devices:


https://youtu.be/EC6b8FfX8oI

I am copy-pasting all links posted on his youtube channel, and you can follow instructions on video posted:

Quote

Now I am just waiting for him to do the same thing with T-Watch S3 Smiley

legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
November 10, 2024, 04:04:55 PM
#92
does anyone know what is common function or usage of LoRa SX1262 on TWatchS3?

LoRa (abbreviation stands for "Long Range") is  the communication protocol is designed for wireless long range  communication at low power consumption, thus   SX1262  module secures the relevant connection between this smart-watch and other LoRa capable devices.




Interestingly, Valerio Vaccaro, one of the engineers working at Blockstream (not sure if or how he is involved in Jade development), is a big supporter of LoRa:

[Total privacy Bitcoin]: off grid Transactions LoRaWan/goTenna

maybe h0es the mastermind behind this move.
hero member
Activity: 714
Merit: 1298
November 08, 2024, 03:00:25 AM
#91
does anyone know what is common function or usage of LoRa SX1262 on TWatchS3?

LoRa (abbreviation stands for "Long Range") is  the communication protocol is designed for wireless long range  communication at low power consumption, thus   SX1262  module secures the relevant connection between this smart-watch and other LoRa capable devices.


legendary
Activity: 2212
Merit: 7064
November 07, 2024, 03:28:44 PM
#90
Are you saying to me that it is now possible to have a merit wristband, a jade and a watch in the same device?
Probably, but let's see if someone test how everything works... maybe CryptoGuide from YT, he likes DIY bitcoin stuff.
I am not a big fan of this type of smart watches with their boring design, but support for code is more important.
If you ask me I would much rather use some retro design similar to casio watches.

I didn't read this thread for a while, so i just found out about commercial ESP32 smartwatch. I guess it's one more ways to hide or move Bitcoin wallet stealthily, although i doubt it'll work on border that may ask you to give access to all devices.
You can always flash the watch with regular watch firmware code, and load back Jade code when you cross the border.

legendary
Activity: 2730
Merit: 7065
November 07, 2024, 08:24:28 AM
#89
And while we're at it, does anyone know what is common function or usage of LoRa SX1262 on TWatchS3?
Based on some information I found, it can work similarly to GPS to track the person wearing the watch. It's used for wireless communication and data transfer over longer distances. It can collect data about you, like health monitoring. The module can also become part of a wider system like smart homes, where it allows you to control various appliances from your watch.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
November 07, 2024, 04:30:03 AM
#88
I didn't read this thread for a while, so i just found out about commercial ESP32 smartwatch. I guess it's one more ways to hide or move Bitcoin wallet stealthily, although i doubt it'll work on border that may ask you to give access to all devices. And while we're at it, does anyone know what is common function or usage of LoRa SX1262 on TWatchS3?
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
November 06, 2024, 09:50:19 PM
#87
Are you saying to me that it is now possible to have a merit wristband, a jade and a watch in the same device?

[insert “shut up and take my money.gif” here]

Regarding Jade OG reading post here, that would be interesting.
I doubt, but it would be very helpful!
legendary
Activity: 2212
Merit: 7064
November 06, 2024, 04:55:49 PM
#86
Interesting new update from Jade developers with adding support for esp32s3 DIY devices TTGO TWatchS3 and M5Stack CoreS3.
This means that anyone can finally have a bitcoin smart watch with Jade code for only around 40$.
Maybe someone from Jade is reading my posts because I was recently writing about this Wink

https://github.com/Blockstream/Jade/blob/master/CHANGELOG.md
https://www.lilygo.cc/products/t-watch-s3
member
Activity: 402
Merit: 45
September 26, 2024, 10:41:14 AM
#85
thank you so much bitmaxz

i see this reference that may be useful

https://github.com/lnbits/hardware-wallet
legendary
Activity: 3472
Merit: 3217
Happy New year 🤗
September 05, 2024, 06:22:53 PM
#84
You will only know for sure if you try. Support personnel surely don't have such knowledge, but they could forward your inquiries to the right department. But you also have to keep in mind that there is no way for their developers to know if the wallet will be functional with a non-supported and untested hardware component if they haven't personally conducted similar tests.

I am thinking about trying it since the T-displayTTGO from Lilygo the model unit is ESP32 development board I found much cheaper one around $3 with no LCD and $7 with LCD much similar to T-display(Lilygo). It looks compatible since LNbits DIY hardware wallet mentions that they support T-display(LilyGo) or any version of ESP32 so maybe the blockstream jade firmware supports any ESP32 since they both have a similar model I'm sure it won't work on ESP32 with no LCD because you can't able to navigate but the one with LCD I believe it would work.

In case it doesn't work then I found another option not only LnBits support this but also uBitcoin Hardware wallet.
I found them from this video $10 bitcoin Hardware Wallet, DIY/FOSS/ESP32/easy build!
legendary
Activity: 2730
Merit: 7065
September 05, 2024, 07:10:45 AM
#83
I got the warning, "Do not attempt to flash the Blockstream firmware to DIY hardware," so that means it's not possible?
The warning message on GitHub is to not flash a DIY firmware on an official Jade hardware wallet. It's surely there because they can't guarantee that your device will work as advertised and if you break it, it won't be covered by the warranty. The Jade doesn't come with a written warranty, but I have read that you can contact the support within a year of buying your device and there is an unofficial type of warranty and support.

I'm sure if I ask Blockstream they won't tell me the truth if their firmware will work because they're promoting LilyGo vendor.
You will only know for sure if you try. Support personnel surely don't have such knowledge, but they could forward your inquiries to the right department. But you also have to keep in mind that there is no way for their developers to know if the wallet will be functional with a non-supported and untested hardware component if they haven't personally conducted similar tests.
hero member
Activity: 560
Merit: 1060
September 05, 2024, 03:47:09 AM
#82
The real question is, can it and does that particular model work? Have you checked this GitHub source? There is mention of some Lilygo displays there. If I were you, I would ask the Blockstream support or open a new issue on GitHub before buying the display to get feedback from them first.

Well, it just looks similar. I got the warning, "Do not attempt to flash the Blockstream firmware to DIY hardware," so that means it's not possible?
As you can see on the image, all components look the same, even on the back, which makes me think maybe the firmware from LilyGo will work on this unit?
I researched a bit yesterday and I heard that you need to replace the driver to be able to flash it with other custom firmware. I'm sure if I ask Blockstream they won't tell me the truth if their firmware will work because they're promoting LilyGo vendor.

In any case, I wouldn't use a DIY wallet on unsupported hardware to hold even only a few precious satoshis.
In case of any problems, expect way less support (if any) than if you went out using supported hardware.
I think the risk/reward ratio is too high for me.


I agree with filippone, I have been there and I can assure you that you don't wanna get in that position. There is no support at all. And it's perfectly normal because they couldn't offer support for every type of hardware.
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
September 04, 2024, 04:50:14 PM
#81
The real question is, can it and does that particular model work? Have you checked this GitHub source? There is mention of some Lilygo displays there. If I were you, I would ask the Blockstream support or open a new issue on GitHub before buying the display to get feedback from them first.

Well, it just looks similar. I got the warning, "Do not attempt to flash the Blockstream firmware to DIY hardware," so that means it's not possible?
As you can see on the image, all components look the same, even on the back, which makes me think maybe the firmware from LilyGo will work on this unit?
I researched a bit yesterday and I heard that you need to replace the driver to be able to flash it with other custom firmware. I'm sure if I ask Blockstream they won't tell me the truth if their firmware will work because they're promoting LilyGo vendor.

In any case, I wouldn't use a DIY wallet on unsupported hardware to hold even only a few precious satoshis.
In case of any problems, expect way less support (if any) than if you went out using supported hardware.
I think the risk/reward ratio is too high for me.
legendary
Activity: 3472
Merit: 3217
Happy New year 🤗
September 04, 2024, 02:27:56 PM
#80
The real question is, can it and does that particular model work? Have you checked this GitHub source? There is mention of some Lilygo displays there. If I were you, I would ask the Blockstream support or open a new issue on GitHub before buying the display to get feedback from them first.

Well, it just looks similar. I got the warning, "Do not attempt to flash the Blockstream firmware to DIY hardware," so that means it's not possible?
As you can see on the image, all components look the same, even on the back, which makes me think maybe the firmware from LilyGo will work on this unit?
I researched a bit yesterday and I heard that you need to replace the driver to be able to flash it with other custom firmware. I'm sure if I ask Blockstream they won't tell me the truth if their firmware will work because they're promoting LilyGo vendor.
legendary
Activity: 2730
Merit: 7065
September 04, 2024, 08:22:09 AM
#79
It seems I found something similar with wireless wifi and Bluetooth module I was planning to try it if it can able to flash with the Blockstream jade firmware.
The real question is, can it and does that particular model work? Have you checked this GitHub source? There is mention of some Lilygo displays there. If I were you, I would ask the Blockstream support or open a new issue on GitHub before buying the display to get feedback from them first.
legendary
Activity: 3472
Merit: 3217
Happy New year 🤗
September 03, 2024, 06:50:35 PM
#78
Has one here tried the lilygo T display model?
It seems I found something similar with wireless wifi and Bluetooth module I was planning to try it if it can able to flash with the Blockstream jade firmware.

Here's a similar image that I found that I can buy near here in my country.


legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
August 18, 2024, 06:32:04 AM
#77
I saw a Twitter thread where they explain another reason why you should never connect the device to a PC:
As long as I know Jade is the only one able to do this.
The Blockstream Jade requires some type of connection to a PC when you first set it up to install its firmware. You can install the firmware either via the Blockstream Green software wallet or from Blockstream's download portal. There is a third (advanced) option that I have forgotten about. You can connect the device either via USB cable or Bluetooth to install the firmware. The same is true for firmware updates, with one difference being that you can install a firmware with disabled Bluetooth. If you do that, then you can only install new firmware updates by connecting the device via a cable.
You are right on one point here: having a signing device (a hardware wallet) and using it via Bluetooth is nonsense, given the amount of bad code an attacker can infect the Bluetooth stack with.
Also the attacker.
legendary
Activity: 2730
Merit: 7065
August 18, 2024, 01:57:35 AM
#76
I saw a Twitter thread where they explain another reason why you should never connect the device to a PC:
As long as I know Jade is the only one able to do this.
The Blockstream Jade requires some type of connection to a PC when you first set it up to install its firmware. You can install the firmware either via the Blockstream Green software wallet or from Blockstream's download portal. There is a third (advanced) option that I have forgotten about. You can connect the device either via USB cable or Bluetooth to install the firmware. The same is true for firmware updates, with one difference being that you can install a firmware with disabled Bluetooth. If you do that, then you can only install new firmware updates by connecting the device via a cable.
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
August 17, 2024, 11:26:48 AM
#75
The  platform I used to install the Jade software is the M5Stack module, lacks a photo camera.
Other solutions might include it.
So, my DIY Jade has a limitation regarding the airgapped usage, due to the inability to read QR codes.
That's too bad. I think Jade's airgapped functionality is the biggest strength of this device. Without it, it's a very limited hardware wallet without a secure element that has to rely on Blockstream's blind oracle and virtual secure element. It was recently discovered that this third-party server was breeched.

Indeed the airgapped operation is one of the  main reason why this device is unique.
I saw a Twitter thread where they explain another reason why you should never connect the device to a PC:



As long as I know Jade is the only one able to do this.
legendary
Activity: 2730
Merit: 7065
August 12, 2024, 01:00:43 PM
#74
The  platform I used to install the Jade software is the M5Stack module, lacks a photo camera.
Other solutions might include it.
So, my DIY Jade has a limitation regarding the airgapped usage, due to the inability to read QR codes.
That's too bad. I think Jade's airgapped functionality is the biggest strength of this device. Without it, it's a very limited hardware wallet without a secure element that has to rely on Blockstream's blind oracle and virtual secure element. It was recently discovered that this third-party server was breeched.
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
August 12, 2024, 04:43:52 AM
#73
The main difference with the commercial solutions is the lack of a photocam, that downs allow to read QR.
Sorry, this part of your post confused me a bit. Are you saying that the DIY Jade when purchased disassembled doesn't come with a camera or that it does but the camera is of bad quality? If it's the latter, then I can confirm that. More precisely, it's not that the camera sucks to a degree of being useless, it's the software companion apps like Sparrow Wallet that can't scan the QR codes as well as they should. Another user also said that they were struggling with their Sparrow-Jade combo.

Are you using the Jade as a stateless signer and with what companion app?

The  platform I used to install the Jade software is the M5Stack module, lacks a photo camera.
Other solutions might include it.
So, my DIY Jade has a limitation regarding the airgapped usage, due to the inability to read QR codes.
legendary
Activity: 2730
Merit: 7065
August 12, 2024, 02:07:19 AM
#72
The main difference with the commercial solutions is the lack of a photocam, that downs allow to read QR.
Sorry, this part of your post confused me a bit. Are you saying that the DIY Jade when purchased disassembled doesn't come with a camera or that it does but the camera is of bad quality? If it's the latter, then I can confirm that. More precisely, it's not that the camera sucks to a degree of being useless, it's the software companion apps like Sparrow Wallet that can't scan the QR codes as well as they should. Another user also said that they were struggling with their Sparrow-Jade combo.

Are you using the Jade as a stateless signer and with what companion app?
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
August 11, 2024, 06:06:45 PM
#71
is the DIY variant secure, who has the experience ?
I can't comment on that particular video or the software he uses, but the Blockstream Jade is safe to use. It's an open-source and airgapped bitcoin-only hardware wallet. You can use it as a stateless signer via QR codes if you want. You have the choice to purchase the assembled device, which is very affordable and should cost you around $65, or you can purchase the individual components yourself and assemble everything on your own and build it from source.

The possibility to assemble your own hardware is a guarantee of the solidity of the project.
My own self compiled Jade works smoothly.
The main difference with the commercial solutions is the lack of a photocam, that downs allow to read QR.
Apart from that, I have no reason (to the best of my knowledge) to use a DYO variant using reliable sources.
legendary
Activity: 1162
Merit: 2025
Leading Crypto Sports Betting & Casino Platform
August 05, 2024, 11:33:17 AM
#70
I have been keeping an eye on the hardware wallet by Block stream, Jade, though in my opinion the price for the original product in their store sounds rather high compared to the hardware one is receiving and the possible quality of the case and board, so I love these kinds of tutorials which allows anyone to go into cold storage of crypto assets with a minimum budget.  Tongue
Last time I saw something similar to this tutorial was a tutorial to build our own Trezor mode Model from the scratch.

Also, one of the biggest advantages of these kinds of wallets which are open software and open hardware is the fact we can try to replace the case with other with better materials, ones of the projects I want to get into is making a highly resistant metallic case of both Jade and Trezor model One.  Tongue
legendary
Activity: 2730
Merit: 7065
June 08, 2024, 02:31:24 AM
#69
is the DIY variant secure, who has the experience ?
I can't comment on that particular video or the software he uses, but the Blockstream Jade is safe to use. It's an open-source and airgapped bitcoin-only hardware wallet. You can use it as a stateless signer via QR codes if you want. You have the choice to purchase the assembled device, which is very affordable and should cost you around $65, or you can purchase the individual components yourself and assemble everything on your own and build it from source.
member
Activity: 402
Merit: 45
June 07, 2024, 03:17:07 PM
#68
Yep, it feels exactly like a seedsigner, how can I change that??
I guess you set it up using the Advanced Setup mode. The standard and assembled (non DIY) Jade has a beginner setup and advanced setup. The latter one creates a stateless signing device that you can use with SeedQRs. The beginner setup feature creates a standard wallet with the information stored on the device like with any other hardware wallet. You also need to set up a PIN. Like I said, this is for the normal Jade. I can only assume it's the same thing for the DIY variant. So, go through the beginner setup, not the advanced one.

is the DIY variant secure, who has the experience ?

https://www.reddit.com/r/Bitcoin/comments/13wyck9/diy_blockstream_jade_create_your_own_bitcoinonly/
legendary
Activity: 2730
Merit: 7065
May 15, 2024, 11:00:19 AM
#67
Yep, it feels exactly like a seedsigner, how can I change that??
I guess you set it up using the Advanced Setup mode. The standard and assembled (non DIY) Jade has a beginner setup and advanced setup. The latter one creates a stateless signing device that you can use with SeedQRs. The beginner setup feature creates a standard wallet with the information stored on the device like with any other hardware wallet. You also need to set up a PIN. Like I said, this is for the normal Jade. I can only assume it's the same thing for the DIY variant. So, go through the beginner setup, not the advanced one.
legendary
Activity: 3304
Merit: 8633
icarus-cards.eu
May 15, 2024, 03:06:29 AM
#66
new firmware 1.0.30 is now available for Jade!
the new version released today has the following new features:

  • added new api calls 'get_registered_descriptors' and 'get_registered_descriptor' to enhance miniscript support
  • menu option for network selection (mainnet/testnet) for stateless qr code users
  • updated esp-idf base firmware to v5.1.3 (note: saved bluetooth bonds will need to be re-paired)

this miniscript-capable version can be flashed under the following link: https://jadefw.blockstream.com/upgrade/fwupgrade.html
legendary
Activity: 2212
Merit: 7064
May 14, 2024, 01:06:58 AM
#65
It's not a fucking pack of peanuts and you could just remove the bad ones. WIFI chip can be removed from an ESP 32 is the first time I have ever heard. It's probably not the easiest thing to do.
Yeah, it was also the first time in your life you ever heard about existence of Raspberry Pi Zero with wifi chip (that can also be removed manually)... I guess you must be smarter than me in this field   Tongue
Now let's get back on topic of Jade DIY.
member
Activity: 162
Merit: 65
May 13, 2024, 10:08:47 PM
#64
How did they remove the wifi chip? by the way, pi zero has no wifi at all.
What do you mean how? They simply desoldered the wifi chip from the board, and by the way newer version of Rpi zero devices does have wifi (only older version 1.3 doesn't have wifi), so better do your own research:
https://www.raspberrypi.com/products/raspberry-pi-zero-w/

It's not a fucking pack of peanuts and you could just remove the bad ones. WIFI chip can be removed from an ESP 32 is the first time I have ever heard. It's probably not the easiest thing to do.
legendary
Activity: 2212
Merit: 7064
May 13, 2024, 03:46:34 AM
#63
How did they remove the wifi chip? by the way, pi zero has no wifi at all.
What do you mean how? They simply desoldered the wifi chip from the board, and by the way newer version of Rpi zero devices does have wifi (only older version 1.3 doesn't have wifi), so better do your own research:
https://www.raspberrypi.com/products/raspberry-pi-zero-w/
member
Activity: 162
Merit: 65
May 13, 2024, 03:37:25 AM
#62
Wi-fi is disabled in settings and I know people who are removing wifi chips from this device, they also did the same with RaspberyPi zero.
How did they remove the wifi chip? by the way, pi zero has no wifi at all.
legendary
Activity: 2212
Merit: 7064
May 09, 2024, 02:32:39 PM
#61
I think this TTGO has wifi connection embedded?Huh How can anybody use this to store your private keys?
Wi-fi is disabled in settings and I know people who are removing wifi chips from this device, they also did the same with RaspberyPi zero.
Than again, nobody is really going to use cheap TTGO device to store keys there, it's just a proof of concept, and it's not very usable without camera anyway.

I wish there was a DIY device that by default has no wifi at all...
Sure there are, Seedsigner aka Raspberry Pi zero v1.3, Krux aka M5StickV K210 or Maix Amigo, they are all airgapped devices without wifi.

https://seedsigner.com/
https://selfcustody.github.io/krux/



full member
Activity: 153
Merit: 166
Metal Seed Phrase at the lowest price! From 44.99
May 09, 2024, 06:26:04 AM
#60
In fact, I have gone through the whole blockstream article, and I did use the PIN, but the device is still on "stateless" mode :S

https://help.blockstream.com/hc/en-us/articles/20108678230937-Advanced-Jade-Setup

I will retry and ask on blockstream TG as well
full member
Activity: 153
Merit: 166
Metal Seed Phrase at the lowest price! From 44.99
May 09, 2024, 04:50:02 AM
#59
I have flashed serveral TTGO T-displays for friends, as an entry-level device, I think it is the perfect choice.

Nevertheless, I have noticed that the last two ones I flashed (I only have one available, I gave away the other one) do not "keep the data", I mean, I flash them, and set up a wallet with the recovery words, the PIN, and so on... but once turned off and on, you have to enter all the words again... Have any of you guys experienced that? I am on 1.0.29 firmware.

P.S: I even wrote a post on this topic, and made a guide, in fact I made some ammendments and tricks on top of the videos the OP made. For instance, in some cases I did not get the bootloader prompt, but there are some commands to enforce its flashing. https://hideyourkeys.io/cheap-hardware-wallet-below-diy-guide/

Is it the new 'stateless' mode where it acts like SeedSigner(another DIY project) so every time you turn off the device, it forgets things.

Yep, it feels exactly like a seedsigner, how can I change that??
member
Activity: 162
Merit: 65
May 08, 2024, 10:22:54 PM
#58
I have flashed serveral TTGO T-displays for friends, as an entry-level device, I think it is the perfect choice.

Nevertheless, I have noticed that the last two ones I flashed (I only have one available, I gave away the other one) do not "keep the data", I mean, I flash them, and set up a wallet with the recovery words, the PIN, and so on... but once turned off and on, you have to enter all the words again... Have any of you guys experienced that? I am on 1.0.29 firmware.

P.S: I even wrote a post on this topic, and made a guide, in fact I made some ammendments and tricks on top of the videos the OP made. For instance, in some cases I did not get the bootloader prompt, but there are some commands to enforce its flashing. https://hideyourkeys.io/cheap-hardware-wallet-below-diy-guide/

Is it the new 'stateless' mode where it acts like SeedSigner(another DIY project) so every time you turn off the device, it forgets things.
full member
Activity: 153
Merit: 166
Metal Seed Phrase at the lowest price! From 44.99
May 08, 2024, 12:20:03 PM
#57
I have flashed serveral TTGO T-displays for friends, as an entry-level device, I think it is the perfect choice.

Nevertheless, I have noticed that the last two ones I flashed (I only have one available, I gave away the other one) do not "keep the data", I mean, I flash them, and set up a wallet with the recovery words, the PIN, and so on... but once turned off and on, you have to enter all the words again... Have any of you guys experienced that? I am on 1.0.29 firmware.

P.S: I even wrote a post on this topic, and made a guide, in fact I made some ammendments and tricks on top of the videos the OP made. For instance, in some cases I did not get the bootloader prompt, but there are some commands to enforce its flashing. https://hideyourkeys.io/cheap-hardware-wallet-below-diy-guide/
member
Activity: 162
Merit: 65
May 07, 2024, 03:37:32 AM
#56
I think this TTGO has wifi connection embedded?Huh How can anybody use this to store your private keys?

I'm pretty sure (though couldn't find a quick confirmation) that even when there's wifi hardware available, it isn't enabled, no driver loaded, no wifi initialized or explicitly disabled. It wouldn't make sense to have such an attack vector open when you can disable this potential connectivity.

Or the other way round, if you fear such a DIY Jade could maliciously leak your wallet secrets via wifi, the code is open-source, as far as I've seen the firmware is reproducable. Inspect the code for shady stuff. The Jade clone can't guess your or other wifi's passwords.

I have the same strategy with my DIY PiTrezor which I run on a Pi Zero W. As wifi and/or Bluetooth can't be used with a basically Trezor One firmware, there's a) no driver for wifi or Bluetooth in PiTrezor's firmware and b) I disable explicitly both wireless modules in the Pi Zero's boot config. That's safe enough for me and my PiTrezor is more an experimental project, no valuable wallet on it.

I wish there was a DIY device that by default has no wifi at all...
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
May 06, 2024, 03:34:16 PM
#55
I think this TTGO has wifi connection embedded?Huh How can anybody use this to store your private keys?

I'm pretty sure (though couldn't find a quick confirmation) that even when there's wifi hardware available, it isn't enabled, no driver loaded, no wifi initialized or explicitly disabled. It wouldn't make sense to have such an attack vector open when you can disable this potential connectivity.

Or the other way round, if you fear such a DIY Jade could maliciously leak your wallet secrets via wifi, the code is open-source, as far as I've seen the firmware is reproducable. Inspect the code for shady stuff. The Jade clone can't guess your or other wifi's passwords.

I have the same strategy with my DIY PiTrezor which I run on a Pi Zero W. As wifi and/or Bluetooth can't be used with a basically Trezor One firmware, there's a) no driver for wifi or Bluetooth in PiTrezor's firmware and b) I disable explicitly both wireless modules in the Pi Zero's boot config. That's safe enough for me and my PiTrezor is more an experimental project, no valuable wallet on it.
member
Activity: 162
Merit: 65
May 05, 2024, 10:42:33 PM
#54

I think this TTGO has wifi connection embedded?Huh How can anybody use this to store your private keys?
hero member
Activity: 560
Merit: 1060
April 05, 2024, 03:56:17 PM
#53
I should think about it twice before questioning Blockstream for their lack of research.  Tongue

Especially since the founder has invented the core mining mechanism of bitcoin  Tongue

Seriously though, nice catch and nice study. You have provided us with some knowledge.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
April 05, 2024, 02:30:46 PM
#52
Feel free to add something more if you want to.
As it turns out, I was not totally right.

It doesn't directly use libsecp256k1, indeed, but it does use secp256k1-zkp, which is a fork of the former. As you can see in here, it says that their EC library calls secp256k1_surjectionproof_verify() and secp256k1_rangeproof_verify(), which are defined only over secp256k1-zkp. You can verify by searching in libsecp256k1 (empty) and in secp256k1-zkp (non-empty).

I should think about it twice before questioning Blockstream for their lack of research.  Tongue
legendary
Activity: 2730
Merit: 7065
April 05, 2024, 09:15:47 AM
#51
the address generation process is a core process, which, I hope, has been tested by both software unit tests and human tests. I can't believe that there will be a flaw in such an important aspect of the software.
I didn't mean there would be flaws in it b default. I am sure we would have heard about it by now. The Jade doesn't have the userbase of Trezor or Ledger, but whatever it's got, we would have heard about something like that.

The bugs I was speculating about could perhaps be the result of certain software/hardware issues and not a scenario you would see if everything was working top-notch.

I checked Jade's github repository a little bit. It doesn't use libsecp256k1 as the library for performing elliptic curve operations, at least as far as I can see. It isn't a very good sign, considering that it's the most tested library for that sensitive purpose, and used by the most reputable pieces of software like Bitcoin Core.

To me the portion of the project that is cryptography-related is the most crucial. I wouldn't care if the UI had a bug. However, if there's a bug in cryptography like a non-random R-value in a signature, that can be catastrophic. But, again, I'm not totally sure they use another reputable library for EC operations.
This is a question and topic that should be directed to their customer service team, instructing them to push it further to their development team to clarify. I will do it during the weekend if I don't forget. Feel free to add something more if you want to.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
April 05, 2024, 08:50:08 AM
#50
It is a realistic scenario, but not a likely to happen scenario. I mean, bugs can be found in the code, but the address generation process is a core process, which, I hope, has been tested by both software unit tests and human tests. I can't believe that there will be a flaw in such an important aspect of the software.
I checked Jade's github repository a little bit. It doesn't use libsecp256k1 as the library for performing elliptic curve operations, at least as far as I can see. It isn't a very good sign, considering that it's the most tested library for that sensitive purpose, and used by the most reputable pieces of software like Bitcoin Core.

To me the portion of the project that is cryptography-related is the most crucial. I wouldn't care if the UI had a bug. However, if there's a bug in cryptography like a non-random R-value in a signature, that can be catastrophic. But, again, I'm not totally sure they use another reputable library for EC operations.
hero member
Activity: 560
Merit: 1060
April 05, 2024, 01:53:33 AM
#49
This is how I would approach the question.
Also, I am irrationally risk-averse when it comes to losing Bitcoin (I said irrationally!) so I would further lower that threshold.

Some bad feeling likely remains with a device that showed signs of unreliability. A one-time bad day I would brush off, kind of.

You are both correct. And since I have been asked the question a lot, about why I keep trusting the device and why I still use it, I want to make something clear.

1. I can read and understand C, so I feel confident reading the code. Which is important for me.
2. My usage is pretty limited. Once a month, I scan a private key QR code, I sign a transaction (usually a pretty small one), I erase the memory of the device (using temporary signer option).
3. Blockstream doesn't know my address, nor my name, since I received the product elsewhere, where I don't have the ability to access now, so if I request a change, or buy a new one, I will need to use my real name and address.
4. I own other devices that I use for more frequent transactions.
5. I always know that my backups are safe.
6. I always use QR codes, which is safer than USB cables. Still, QR codes are not a panacea, but, you know, I feel more confident.
7. The Jade is a reputable device.

Warning:
Finally, always be very cautious when it comes to using browser-based products (software & updates). Always verify what you download. Always think twice before downloading something.
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
April 05, 2024, 01:26:51 AM
#48
I still don’t get it.

What is the risk of a fatal hardware malfunction once you have witnessed something like that one apogio experienced? 0.1%?
1 BTC is 70,000 USD.
1 Jade costs roughly 100 USD.

So 100 USD /0.001/70,000 USDBTC≈1.42 BTC

Ok, then it is not worth handling UTXO bigger than 1.42 BTC with such an hardware.
Provided you already have a functioning backup of the seed phrase (Master key).

This is how I would approach the question.
Also, I am irrationally risk-averse when it comes to losing Bitcoin (I said irrationally!) so I would further lower that threshold.
hero member
Activity: 560
Merit: 1060
April 05, 2024, 01:24:42 AM
#47
The worst thing I can think of from the top of my head is that it somehow starts generating addresses whose coins you can never spend (sign) because of a serious bug. Of course, I am just throwing ideas out there, and I don't think it's a realistic scenario.

It is a realistic scenario, but not a likely to happen scenario. I mean, bugs can be found in the code, but the address generation process is a core process, which, I hope, has been tested by both software unit tests and human tests. I can't believe that there will be a flaw in such an important aspect of the software.

What can happen though, is that someone can use a fake website to update their firmware and that the installed software can be malicious. This is a huge problem if it happens... I hope that the device won't work with the fake website, but since I am a developer and not a security person, I don't know how easy this scenario is.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
April 04, 2024, 03:44:44 PM
#46
The worst thing I can think of from the top of my head is that it somehow starts generating addresses whose coins you can never spend (sign) because of a serious bug.

Something of that category came to my mind, too. I don't say lightly, I'm not scared or not concerned. I would mostly assume, if a device starts to act wonky, it would produce enough garbage that errors creep in quickly that the network would simply reject a funky transaction, hopefully! But your described nightmare may still be possible if things go when Murphy takes over as he always does.

Some bad feeling likely remains with a device that showed signs of unreliability. A one-time bad day I would brush off, kind of.
legendary
Activity: 2730
Merit: 7065
April 04, 2024, 10:34:49 AM
#45
I know, that's the purpuse and part of the security model of those signing devices. You still want to be sure that after you re-instantiate your wallet, everything from that point of usage of the device is working reliably.
He can always fall back on his backup phrase in case the device starts acting up or becomes unusable for the purpose it was designed for (signing transactions). The worst thing I can think of from the top of my head is that it somehow starts generating addresses whose coins you can never spend (sign) because of a serious bug. Of course, I am just throwing ideas out there, and I don't think it's a realistic scenario.
hero member
Activity: 560
Merit: 1060
April 01, 2024, 12:16:24 PM
#44
I think, I wouldn't be as scared as fillippone is. After you can revive the device by re-flashing the firmware and it doesn't nag with further obvious instability or hangs, I'd dismiss the previous glitch as a one-time hiccup. Am I reckless?

You aren't. I don't care very much to be honest, but I understand fillippone's concern, because it's a natural behaviour to be concerned when things like this happen and especially when they happen to devices that are used to hold secrets of any type. Could be private keys, gpg keys, passwords, anything like that.
hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
April 01, 2024, 06:50:00 AM
#43
Wow, what's that? Sounds intriguing, my knowledge in physics sucks haha

You might be interested to watch The Universe is Hostile to Computers. In the first minutes an election machines glitch is explained which likely happened due to radioactive decay or this cosmic ray stuff aftermath.


In fact, as I have said, my Jade is amnesiac. Every time I turn it off it erases its memory. So I always need to scan a QR code to load my wallet. Nothing is persisted once it's shut down.

I know, that's the purpuse and part of the security model of those signing devices. You still want to be sure that after you re-instantiate your wallet, everything from that point of usage of the device is working reliably.

I think, I wouldn't be as scared as fillippone is. After you can revive the device by re-flashing the firmware and it doesn't nag with further obvious instability or hangs, I'd dismiss the previous glitch as a one-time hiccup. Am I reckless?
hero member
Activity: 560
Merit: 1060
April 01, 2024, 05:42:21 AM
#42

Maybe a cosmic ray particle or photons incident at the wrong place and time affecting the startup process when apogio turned on his device? Speculation...


Wow, what's that? Sounds intriguing, my knowledge in physics sucks haha

As far a the backups are concerned. Yeah, obviously nothing bad happened. In fact, as I have said, my Jade is amnesiac. Every time I turn it off it erases its memory. So I always need to scan a QR code to load my wallet. Nothing is persisted once it's shut down.

hero member
Activity: 714
Merit: 1010
Crypto Swap Exchange
April 01, 2024, 05:26:56 AM
#41
It would be nice to understand what caused the issue in the first place.

Maybe a cosmic ray particle or photons incident at the wrong place and time affecting the startup process when apogio turned on his device? Speculation...


As I said before, I still would be scared of using that particular hardware.

I assume apogio checked thoroughly the recovery of his wallet after reflashing the device. That should be fine then, except if you're scared that some bits or registers could be instable in his device. If this were the case, instability could occur more often or worse screws things up right when you don't need it, like when you sign a large transaction.

Should we have some function tests built into the firmware to be able to check manually that all major functions are performing properly?
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
March 31, 2024, 11:33:55 AM
#40

I had the 1.0.23 version and I upgraded to 1.0.29.
It works well so far, since yesterday. I have done a full test of my personal use case. I mean, I have imported the wallet using the QR code, I have signed a transaction, I have changed the colors and the brightness, I have performed a factory reset. All good!

Well, Probably a software error. Nice recovery, Jade.
It would be nice to understand what caused the issue in the first place.
Of course, long-term holding with a Hardware Wallet is not a state-of-the-art practice, but It' 's fairly common.
As I said before, I still would be scared of using that particular hardware.
hero member
Activity: 560
Merit: 1060
March 30, 2024, 02:47:41 AM
#39
I am glad that it turned out to be such an easy fix in the end that only required a fresh software installation. While we are on it, was the firmware on the device outdated anyways and you installed a new one or did you install the same version you already had on your Jade when it all went tits up?

I had the 1.0.23 version and I upgraded to 1.0.29.
It works well so far, since yesterday. I have done a full test of my personal use case. I mean, I have imported the wallet using the QR code, I have signed a transaction, I have changed the colors and the brightness, I have performed a factory reset. All good!
legendary
Activity: 2730
Merit: 7065
March 30, 2024, 02:30:23 AM
#38
I am glad that it turned out to be such an easy fix in the end that only required a fresh software installation. While we are on it, was the firmware on the device outdated anyways and you installed a new one or did you install the same version you already had on your Jade when it all went tits up?
hero member
Activity: 560
Merit: 1060
March 29, 2024, 03:31:49 PM
#37
I am happy to tell you that my Jade looks ok now:



What I did, as I said above, was to re-flash the firmware using the browser.
So I went to this page: https://jadefw.blockstream.com/upgrade/fwupgrade.html (it's the same that fillippone mentioned above).
It worked perfectly, somehow...

Once again, thanks for trying to help me and thanks for all the suggestions.
legendary
Activity: 1148
Merit: 3117
March 29, 2024, 03:27:50 PM
#36
Directly from BlockStream. In general, I would never buy a device that is supposed to hold secrets from a reseller. Even if you find reputable resellers, I will always choose the original manufacturer.
Understandable. Well, like I said before, if you live in a EU country, you are entitled to a 2 year warranty. What happens is that since there is no official representation of Blockstream, then you will probably have to incur in shipping fees in sending the device to them (which may be bigger than the cost of the device).
hero member
Activity: 560
Merit: 1060
March 29, 2024, 01:28:44 PM
#35
Did you bought the device directly from Blockstream? Or did you bought it from a reseller?

Directly from BlockStream. In general, I would never buy a device that is supposed to hold secrets from a reseller. Even if you find reputable resellers, I will always choose the original manufacturer.
legendary
Activity: 1148
Merit: 3117
March 29, 2024, 01:26:50 PM
#34
Hmm... thanks for the info.
The problem is, I own it for more than a year and I am also not in the US. So I need to cover the shipping fees, but also, it looks like they can't do anything for me.
Anyway, I will try to upgrade the firmware later tonight. Perhaps this issue will be solved.
Did you bought the device directly from Blockstream? Or did you bought it from a reseller?
hero member
Activity: 560
Merit: 1060
March 29, 2024, 01:12:11 PM
#33
@apogio
Take a look at this:

I couldn't find any warranty information on Jade's website either. I did find this Jade review from January 2024, and there is a section that discusses the warranty.

The reviewer said they spoke to the Blockstream team who told them that if the Jade has any issues within the first year that can't be solved remotely or with a software update, you'll get a replacement device or a refund. They cover the return shipping within the US. For orders from outside the States, the buyer covers the shipping fees.

Hmm... thanks for the info.
The problem is, I own it for more than a year and I am also not in the US. So I need to cover the shipping fees, but also, it looks like they can't do anything for me.
Anyway, I will try to upgrade the firmware later tonight. Perhaps this issue will be solved.
legendary
Activity: 2730
Merit: 7065
March 29, 2024, 11:39:37 AM
#32
You can't really complain to Blockstream since there is no warranty on this devices, but at least they are cheap-ish.
As I wrote in the other thread where we touched upon this subject, it's worth trying. There is no official warranty, but the company might still be willing to fix problems for their customers depending on what went wrong and how. And even if there is a warranty that has expired, we have seen examples (from Ledger) where they have sent replacements for devices that were no longer under warranty.

@apogio
Take a look at this:

I couldn't find any warranty information on Jade's website either. I did find this Jade review from January 2024, and there is a section that discusses the warranty.

The reviewer said they spoke to the Blockstream team who told them that if the Jade has any issues within the first year that can't be solved remotely or with a software update, you'll get a replacement device or a refund. They cover the return shipping within the US. For orders from outside the States, the buyer covers the shipping fees.
hero member
Activity: 560
Merit: 1060
March 29, 2024, 06:00:50 AM
#31

Yes, this is a good idea.
He tells me to follow this guide:
https://jadefw.blockstream.com/upgrade/fwupgrade.html

My thoughts are: would you relay on a faulty piece of hardware for a critical function as storing your precious coins?
If having a new device shipped to you is not such an hassle, I would avoid using that particular pice of hardware again.
Of course, having fun thinkering is part of the game, but I wouldn’t find it funny having that problem again.


Yes these thoughts are the obvious ones, I am having them myself too.
I don't use the Jade very much, so I don't really worry about using it, if I fix the issue myself.
I will follow the guide. Thanks a lot.
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
March 29, 2024, 05:56:41 AM
#30

I am summoning some Jade experts to this post.
I met them In real life, and I am forwarding this post to them.
Hopefully, they will show up (I don't even know if they have accounts here), or I will relay their observations.

EDIT: They told me to contact Blockstream, as they should send a new one.


Thank you very much my friend. You are very helpful.
I will try something tonight and if it fails I will definitely contact Blockstream.

I will try to update the OS to the latest version using the browser. I don't know if I will be able to press anything on the Jade. If yes, then I will have a chance to fix it. If not, then there is no other choice than to contact them.

Yes, this is a good idea.
He tells me to follow this guide:
https://jadefw.blockstream.com/upgrade/fwupgrade.html

My thoughts are: would you relay on a faulty piece of hardware for a critical function as storing your precious coins?
If having a new device shipped to you is not such an hassle, I would avoid using that particular pice of hardware again.
Of course, having fun thinkering is part of the game, but I wouldn’t find it funny having that problem again.

hero member
Activity: 560
Merit: 1060
March 29, 2024, 05:46:39 AM
#29

I am summoning some Jade experts to this post.
I met them In real life, and I am forwarding this post to them.
Hopefully, they will show up (I don't even know if they have accounts here), or I will relay their observations.

EDIT: They told me to contact Blockstream, as they should send a new one.


Thank you very much my friend. You are very helpful.
I will try something tonight and if it fails I will definitely contact Blockstream.

I will try to update the OS to the latest version using the browser. I don't know if I will be able to press anything on the Jade. If yes, then I will have a chance to fix it. If not, then there is no other choice than to contact them.
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
March 29, 2024, 05:27:27 AM
#28
Hi guys!

So, my Jade is officially dead, unfortunately!



I think about using the hardware to re-flash the software from Github. Do you think that's possible?

Since this topic is "Jade DIY", I thought it was the best place to ask this question.

I am summoning some Jade experts to this post.
I met them In real life, and I am forwarding this post to them.
Hopefully, they will show up (I don't even know if they have accounts here), or I will relay their observations.


EDIT: They told me to contact Blockstream, as they should send a new one.
legendary
Activity: 1148
Merit: 3117
March 28, 2024, 02:19:01 PM
#27
You can't really complain to Blockstream since there is no warranty on this devices, but at least they are cheap-ish.
I don't know how it works in other parts of the world, but following EU directives no seller can sell a device without providing a 2 year warranty period[1]. Since they sell directkly on their website and also by means of partners[2], apogio can try to get in contact with either of them if he : a) Lives in Europe and b) is under the 2 period warranty (providing it was not the user to blame for the problem).

Also, apogio can always try to open a ticket in their support page to see their feedback. I found this Reddit user[3][4] that did it in a slightly different problem and he managed to get a new Jade device sent to him. It doesn't hurt trying, especially considering how odd apogio problem was.

[1]https://www.eccnet.eu/consumer-rights/what-are-my-consumer-rights/shopping-rights/guarantees-and-warranties
[2]https://store.blockstream.com/products/blockstream-jade-hardware-wallet
[3]https://libreddit.pussthecat.org/r/Bitcoin/comments/14qpp4n/blockstream_jade_cant_get_past_logo_after/
[4]https://libreddit.pussthecat.org/r/Bitcoin/comments/153bxnm/update_jade_couldnt_get_past_logo_after_firmware/
hero member
Activity: 560
Merit: 1060
March 28, 2024, 02:04:31 PM
#26
Can you explain more what exactly happened with your device?

Sure thing.
So I just turned it on after one month that it had been idle.
It woke up like the picture above...
I don't remember doing anything wrong, or forgetting it turned on.
As I have already said a few times, I use it in a stateless mode.
The memory is always wiped and every time I use it, I scan a QR code and load the wallet in memory for a short period.
legendary
Activity: 2212
Merit: 7064
March 28, 2024, 01:57:31 PM
#25
So, my Jade is officially dead, unfortunately!
Rip Jade. Sad
You can't really complain to Blockstream since there is no warranty on this devices, but at least they are cheap-ish.
Can you explain more what exactly happened with your device?

I think about using the hardware to re-flash the software from Github. Do you think that's possible?
You can try to flash it again, I think instructions are posted on their github page, but make sure you are using code for this device, not for other devices that are similar.
hero member
Activity: 560
Merit: 1060
March 27, 2024, 12:06:20 PM
#24
What happened to it? Was it just like that when you turned it on or did you do something with it before that happened?
Everything on the screen looks inverted. I don't think it's your picture because the Jade imprint on the case looks normal.

Before you do anything, I would contact their customer support and explain everything in detail. Is the wallet still under warranty? If so, they must try to fix it for you or send you a replacement device.

Not only is it inverted, but it's also covering a small part of the screen. The other half is greyish.

I just turned it on after a month of it being idle and that's what I saw. I tried to charge it, but no luck... I will leave it open till it turns off and then I will charge again, in case it fixes.

I don't think it's under warranty. I don't care too much about it. I use it, but I can leave without it.

I just thought it was a good time to try something fancy, like installing a custom OS etc.
legendary
Activity: 2730
Merit: 7065
March 27, 2024, 12:02:09 PM
#23
What happened to it? Was it just like that when you turned it on or did you do something with it before that happened?
Everything on the screen looks inverted. I don't think it's your picture because the Jade imprint on the case looks normal.

Before you do anything, I would contact their customer support and explain everything in detail. Is the wallet still under warranty? If so, they must try to fix it for you or send you a replacement device.
hero member
Activity: 560
Merit: 1060
March 27, 2024, 11:43:46 AM
#22
Hi guys!

So, my Jade is officially dead, unfortunately!



I think about using the hardware to re-flash the software from Github. Do you think that's possible?

Since this topic is "Jade DIY", I thought it was the best place to ask this question.
legendary
Activity: 2380
Merit: 17063
Fully fledged Merit Cycler - Golden Feather 22-23
March 20, 2024, 02:30:17 AM
#21
I own a version based on the M5 StickC-Plus.
As usual, I like the possibility of owning a piece of hardware without the possibility of leaking the data of a potential Bitcoin user.
Buying from a central counterpart always allows for data leaks, which is not good if Samson Mow is right.
legendary
Activity: 2730
Merit: 7065
February 26, 2024, 11:22:49 AM
#20
The Blockstream Jade is one of the cheapest hardware wallets. Besides its affordable price at around €61, the device is also airgapped. If you use the discount code NAKADAI, you can get an additional 10% off and make the purchase even cheaper. I don't know for how long the code will be valid.
hero member
Activity: 560
Merit: 1060
October 24, 2023, 12:10:08 PM
#19

I liked this option: https://github.com/3rdIteration/Jade/blob/master/diy/readme.md

Is it following SeedSigner's (https://seedsigner.com/) footsteps, or am I thinking wrong? Is there any reason not to construct a seed signer? If you order the hardware pieces from separate stores, then it will not let anyone know you want it for Bitcoin.
legendary
Activity: 2212
Merit: 7064
October 23, 2023, 04:32:58 PM
#18
apparently customer data has been leaked at Blockstream! numerous users of the Jade hardware wallet have received the fake email shown below, which looks deceptively real at first glance.
Adam Back has already confirmed that it is a scam.
if you have received this type of email, please delete it immediately and do not click on any link.
I saw this but it doesn't have to be database leak, and this was not confirmed.
From what I heard random people received this phishing email even if they never purchased Jade hardware wallet or signed up for any other Blockstream services.
It is possible this people used their email for some stupid airdrops or they signed up for other crypto newsletters or they purchased some other brand of hardware wallets like ledger aka leaker.
legendary
Activity: 2730
Merit: 7065
October 21, 2023, 03:31:32 AM
#17
Not one more leak. Embarrassed
It's a well-written email that sounds believable unless you pay attention and look at the email address for example.

It will be interesting to see what exactly leaked and in which quantity. I am subscribed to Blockstream's blog and newsletter in my experiment to see if any fake data will leak or if I will receive phishing emails. I can confirm that I haven't received such phishing emails. They might target Jade users exclusively.
legendary
Activity: 3304
Merit: 8633
icarus-cards.eu
October 21, 2023, 03:17:21 AM
#16
apparently customer data has been leaked at Blockstream! numerous users of the Jade hardware wallet have received the fake email shown below, which looks deceptively real at first glance.
Adam Back has already confirmed that it is a scam.
if you have received this type of email, please delete it immediately and do not click on any link.




https://twitter.com/adam3us/status/1715621325883265505
legendary
Activity: 2212
Merit: 7064
June 16, 2023, 08:55:20 AM
#15
Is someone who’s buying a PC more vulnerable to being hacked or targeted than someone who’s buying random boards off the internet? Now that’s a stat I’d like to see! Cheesy
Yes they are obviously more vulnerable, I never heard anyone getting hacked using this devices, and every minute someone who is using computers is hacked in the world.
Anyone with a working brain could realize why this is the case, and chips are all coming from same places anyway.
hero member
Activity: 1050
Merit: 642
Magic
June 14, 2023, 12:42:07 PM
#14
It’s not as convenient as a device like Ledger, but it gets the job done better than any other such device in my opinion.

Just create a seed and some adresses offline and store them securely on a metal plate. Then completely reset the device that you use for creating those informations. Simply store 80% off your bitcoin on those adresses and never worry about anything again. With 20% still liquid you should usually not worry about having to move the other 80% regularly.

Most hardware wallets also have the disadvantage that they are pretty expensive and if you plan to buy multiple ones then you will mess up your profits pretty big.
jr. member
Activity: 56
Merit: 26
June 06, 2023, 09:49:06 PM
#13
Better don't risk anything and don't use bitcoin at all, your computer and smartphone are compromised already  Shocked
Is someone who’s buying a PC more vulnerable to being hacked or targeted than someone who’s buying random boards off the internet? Now that’s a stat I’d like to see! Cheesy

I feel like if you buy random boards it’s much easier to be the victim of a compromised batch than if you buy a computer. But now that I think about it, this fear can be easily bypassed.. the more hardware wallets launch and the more complicated these things get, the more I start loving the idea of a traditional cold storage wallet by transforming old devices into the cold storage. It’s not as convenient as a device like Ledger, but it gets the job done better than any other such device in my opinion. Why even bother purchasing possibly counterfeit boards and all if maybe there’s a pre-Bitcoin era laptop out there in the attic laying down & waiting for you to give it life again?
legendary
Activity: 2212
Merit: 7064
June 06, 2023, 02:02:51 PM
#12
That is that is because your not thinking like a paranoid tinfoil hat person. Also keep in mind that compromising device like this would not just be about compromising a hardware Bitcoin wallet, it would be about compromising thousands of IoT things that could be anywhere doing anything giving who knows whom access to who knows what.
On contrary, I am thinking like a paranoid tinfoiler most of the time, but I am realistic about this subject.
If you think this devices are compromised than you shouldn't use your smartphone, laptop or any other electronic device for anything related with bitcoin....since you are 100% ''paranoid tinfoil hat person''.

But why risk it, which is why I and then you pointed out that anybody getting these should only be buying them from m5stack.com or their approved suppliers.
Better don't risk anything and don't use bitcoin at all, your computer and smartphone are compromised already  Shocked
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
June 04, 2023, 07:23:34 PM
#11
This is general used electronic hardware and it's not connected with Bitcoin in any way, and this DIY bitcoin wallets are not very popular, so I don't see any danger here.
Official shop is always the best place to purchase stuff like this.

That is that is because your not thinking like a paranoid tinfoil hat person. Also keep in mind that compromising device like this would not just be about compromising a hardware Bitcoin wallet, it would be about compromising thousands of IoT things that could be anywhere doing anything giving who knows whom access to who knows what.

Getting some Bitcoin out of the deal would just be a bonus, but how many people would buy some like the field tech I know, and then hook these devices up to whatever and have no clue that they're not original hardware. They look like it, they act like it, but they're not. So who the heck knows what is embedded deep down inside. Could be nothing and these were just cheap knockoffs that they were selling , or they could have some vicious code buried somewhere. Personally I'm going with the benign theory and people are just out to make a buck.

But why risk it, which is why I and then you pointed out that anybody getting these should only be buying them from m5stack.com or their approved suppliers.

-Dave
legendary
Activity: 2212
Merit: 7064
June 03, 2023, 03:11:53 PM
#10
Very nice that there is such a big scene of people modding this wallet and creating accessories for it. If I have the opportunity I will definitely try to create a high quality casing
I don't understand why would you need a high quality case for this?  Roll Eyes
It's just a cheap DIY 3d printing that is available anywhere...
People did make premium metal cases for similar DIY devices like SeedSigner, but this is not needed at all and it can only attract attention.

What would maybe be possible would be fill the case with Silikone. Does someone has experience with that?
No.
Silicone is used for isolation, not so much for cases and 3d printing.

From the paranoid tinfoil hat wearing department, be careful where you buy some of these boards from.
This is general used electronic hardware and it's not connected with Bitcoin in any way, and this DIY bitcoin wallets are not very popular, so I don't see any danger here.
Official shop is always the best place to purchase stuff like this.





legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
June 03, 2023, 02:26:24 PM
#9
You always have the option to buy wallet with cash in store, or use PO box delivery with alternative name and address.
That's what I had to do when I was buying those Ledger Devices.

From the paranoid tinfoil hat wearing department, be careful where you buy some of these boards from.
It did not miss my eyes 😉
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
June 03, 2023, 08:09:36 AM
#8
It’s super cheap to buy them and they end up in every kind of envoirements, scientist, government, businesses etc.. In those kind of envoirments devices like this are also very hard to track, so in my opinion the only reason to counterfeit such a device would really be some kind of malicious activity. I think otherwise the profit would be to small. Is there a good way to see if a chip is real or counterfeit?

Yes & no.
If you buy from them: https://shop.m5stack.com/ you can probably assume it's real. And I would think the ones coming out of their approved resellers are also real.

Beyond that, I don't think you can. A tech I know bought a bunch from them and when he needed more went to what he thought was a reputable site since at the time M5 had no stock. When one died and he sent it back to M5 it came back as not made by us. Looking at them side by side they were the same. Even in the same packing. Their attitude was we sell them and so do these people, getting it elsewhere you are on your own.

So, yes people will clone a $25 thing. Might not even be for evil reasons, just something cheap to make with a good profit margin.
There are even youtube videos about people selling counterfeit IC chips in the $3 range so.....   https://www.youtube.com/watch?v=12u_hBkHB88

-Dave
hero member
Activity: 1050
Merit: 642
Magic
June 03, 2023, 06:46:06 AM
#7
It’s super cheap to buy them and they end up in every kind of envoirements, scientist, government, businesses etc.. In those kind of envoirments devices like this are also very hard to track, so in my opinion the only reason to counterfeit such a device would really be some kind of malicious activity. I think otherwise the profit would be to small. Is there a good way to see if a chip is real or counterfeit?
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
June 03, 2023, 06:31:15 AM
#6
From the paranoid tinfoil hat wearing department, be careful where you buy some of these boards from.

Not necessarily anything malicious directed towards Bitcoin wallets, but even at the ridiculously low price points that you could find and online there are still a ton of counterfeits out there.

I'm assuming that they are just cheap knockoffs being passed off as the less cheap real thing. But in the end you don't have a verifiable source of where some of these chips came from or even who did what at the factory when they were assembled.

Why anyone would create a pirate / clone M5 stack is beyond me, but they are out there Sad

-Dave
hero member
Activity: 1050
Merit: 642
Magic
June 03, 2023, 12:57:30 AM
#5
Very nice that there is such a big scene of people modding this wallet and creating accessories for it. If I have the opportunity I will definitely try to create a high quality casing for a wallet like this to be able to offer it at a competitive price point to other mainstream wallets. Because so far not really any hardware wallet I know does qualify what I consider a well built case. Well built will for me especially include some kind of moisture and water protection.

People may ask why this is necessary but most of those people are relatively new to the crypto world. After 10 years and many destroyed USB Sticks with wallet.dat files on them you will get more cautious  Wink

What would maybe be possible would be fill the case with Silikone. Does someone has experience with that?
legendary
Activity: 2212
Merit: 7064
June 02, 2023, 02:57:15 PM
#4
This made me laugh and sad at the same time when I know what experience we had with Ledger. It's hard to break the link unless you convince someone to receive the delivery for you and they don't know what will it be. This way you put them in risk too.
You always have the option to buy wallet with cash in store, or use PO box delivery with alternative name and address.
For people who want to break the link there is always a way to do it Wink

Very cool project, what I kind of miss as usual with this devices is a good (3D printed) case option, since the display is nice for just 10 USD, but nothing more then a gimmick without the option to put it in a casing.
There is a bunch of STL files available online for free, so everyone can print their own case version.
I know a guy who printed two case versions, one of them is more square shaped and other with oval shape.

CryptoGuide released one more video with custom cases and added camera:
https://www.youtube.com/watch?v=V2yVKag2wlc

hero member
Activity: 1050
Merit: 642
Magic
June 01, 2023, 01:22:07 PM
#3
Very cool project, what I kind of miss as usual with this devices is a good (3D printed) case option, since the display is nice for just 10 USD, but nothing more then a gimmick without the option to put it in a casing.
The more expensive options are nice tho, even also them I would not really consider as more as a gimmick to play around with.


You still have to trust Blockstream to keep all your personal information safe, and hope there won't be any leaks or attacks that will steal and sell your data.
This made me laugh and sad at the same time when I know what experience we had with Ledger. It's hard to break the link unless you convince someone to receive the delivery for you and they don't know what will it be. This way you put them in risk too.

You can consider to let them ship the device to some kind of parcel box like it is usually possible in most countries. With that option a thief will maybe be able to get to your name but that’s all. I think this information will not be enough for somebody really trying to Trackballes down and rob you.
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
June 01, 2023, 09:20:23 AM
#2
You still have to trust Blockstream to keep all your personal information safe, and hope there won't be any leaks or attacks that will steal and sell your data.
This made me laugh and sad at the same time when I know what experience we had with Ledger. It's hard to break the link unless you convince someone to receive the delivery for you and they don't know what will it be. This way you put them in risk too.

CryptoGuide posted a wonderful video instructions how to do everything, with more details on his github page and this will have secure boot same as original Jade device:
https://www.youtube.com/watch?v=PeqP6oVnlIs
On my watch list and I am still looking for a better way for my crypto to keep safe after ledger came up with this wired wallet backup concept. A multisig wallet is still the safest option for me.
legendary
Activity: 2212
Merit: 7064
June 01, 2023, 09:12:07 AM
#1
Jade hardware wallet is open source and it's not very expensive, Blockstream is currently selling it for around $65 plus shipping, and there is a 10% discounts if you pay with L-USDT.

You still have to trust Blockstream to keep all your personal information safe, and hope there won't be any leaks or attacks that will steal and sell your data.

Solution for this is to make your own Jade DIY wallet, and there are several options for everyone to choose.

CryptoGuide posted a wonderful video instructions how to do everything, with more details on his github page and this will have secure boot same as original Jade device:
https://www.youtube.com/watch?v=PeqP6oVnlIs

There is one more quick and dirty solution using Blockstream Jade DIY flasher utility BUT in this case there is no secure boot and flash encryption!
This works for TTGO T-Display, M5Stack Fire, M5Stack Black/Gray and M5StickC PLUS.
https://blockstream.github.io/jadediyflasher/

TTGO (Lilygo) T-Display ~$10 USD


https://github.com/3rdIteration/Jade/blob/master/diy/readme.md

M5 StickC-Plus ~$20 USD


https://github.com/3rdIteration/Jade/blob/master/diy/readme.md

M5 Stack Basic ~$40 USD


https://github.com/3rdIteration/Jade/blob/master/diy/readme.md



All this devices are running with Open Source code so I am adding it to my list of DIY open source hardware wallets:
https://bitcointalksearch.org/topic/list-open-source-hardware-wallets-5288971
Jump to: