Hey all, I'm the author of Krux. I noticed some traffic coming from here on GitHub and was pleasantly surprised to find this post.
Thank you, dkbit98, for the write-up!
I wanted to answer some questions that were brought up in this thread and shed more light on the project in general.
First of all, I'd like to be clear that this project isn't associated with the company (M5Stack) that makes the M5StickV. They make a bunch of embedded devices, of which the M5StickV is one. From what I gather, M5Stack is sort of like the Chinese for-profit version of the Raspberry Pi Foundation.
Krux is "just" custom firmware and software I wrote for the device to turn it into a hardware wallet. I was in the market for a DIY multisig device and came across cool projects like SeedSigner (for the Pi Zero) and Specter-DIY, but ultimately decided that I wanted to try making my own after I came across the M5StickV on Adafruit. It seemed ripe for being turned into a hardware wallet with all it had packed into it, especially for the price point ($30-$50 depending on which distributor you buy it from).
So, I got to work, used the embit (embedded bitcoin) micropython library for bitcoin-related logic, wrote an interface on top of it, and got my hands dirty making QR codes (and everything else) work.
This started as a side project that morphed into something I thought was pretty cool and had the potential to be more widely useful, so here we are. I made the repo public a few days ago and haven't had any audits done (not opposed, but I don't think I could afford it), let alone another software engineer's eyes. That's the reason for the scary-sounding disclaimer for now; I don't want my hobby project to be the reason someone loses their money. But it does work!
I never had a device with an OV7740 sensor but I think it'd take a while before someone can successfully scan a Qr code with its camera.
This is actually rather fast so long as the QR code is flat and not changing too rapidly. For some reference, it can handle reading the animated QR codes that Specter Desktop generates, which I believe change every 500ms. I did have to do some work here to speed things up and improve accuracy such as capturing in grayscale at a lower resolution and converting to a binary black/white image for processing. Fun problem to solve. The display shows the processed image, so you can see the world in black and white [insert maximalist joke here].
The more difficult part was making QR codes fit the tiny display and still be readable by other devices (webcams). It generates its own animated QR codes to solve for this. Alternatively, you can also hook up an Adafruit thermal printer to it and print out the QR codes to pack more data into them (thus generating fewer).
Printing is a useful feature in general: it lets you make physical backups of your seed phrase, print out signed PSBTs (that you could mail if you wanted), etc. There's a section on the README about it if anyone's interested. It adds to the cost, but just another $50.
Then again, there doesn't seem to be a way to zoom in on the pictures so I can't tell with any great detail how the finish of the shell actually looks but it does look like cheap plastic.
Not sure what your criteria are to consider something "cheap plastic," but it feels solid to me. You'd have to be trying to break it in order to break it. It seems to be two pieces (front and back) of injection molded plastic snapped and screwed together.
I am to lazy during summertime to load and install firmware with everything else on it and do some testing and reviews.
For anyone reading this, just want to mention that I added a Dockerfile to handle the process of building the firmware so that anyone with Docker and Python 3 installed should be able to do this now. Ideally, I would have liked for Docker to be the only requirement, but passing through USB serial devices from the host into Docker seems to be hard to do. So for now, Docker builds the firmware, and the Python scripts you invoke directly load the firmware (a binary file that resides in the Docker image) and the software (all contents under 'src').
Hope that helped. I'll check this thread periodically and try to answer what I can!