Topic: Ledger Recovery - Send your (encrypted) recovery phrase to 3rd parties entities (Read 5441 times)

I briefly looked at the code a long time ago, not trying to analyse it fully as I'm not going to get or use any Ledger hardware crap. No Rust expert, either.

The software talks to some Ledger API that Ledger Live also uses to perform some basic functionality around the Ledger Bitcoin app fetched from Ledger's servers. And as written on the Github repo it's merely a PoC which indeed hasn't been refined substantially.

The Ledger API is mentioned in code's comment and easy to spot in the code here and there, see
https://github.com/darosior/ledger_installer/blob/master/ledger_manager/src/lib.rs

Some URLs taken from above link to code:

It can't yet install/upgrade/downgrade Ledger hardware firmware. At least you can check if your Ledger crap is genuine and you can install, update and open the Bitcoin app on your Ledger Nano, if you dare to control any Bitcoins with a Ledger.

I remember seeing this back when it first got released. The developer himself says it's only created for testing purposes and is never meant to be a replacement app for Ledger hardware wallets. Looking at his GitHub, there haven't been any changes for 7 and more months.

On a different note, I am not sure where the software gets the bitcoin app from. It must communicate with Ledger's servers and get it from there I would believe. If not, what's the source and who has checked it...

I believe nothing will happen too, because if Ledger wallets are actually backdoored and billions of the community's assets are actually stolen, then that sort of "issue" would absolutely cause distrust in the cryptocurrency industry AND probably crash the market. It would be the "Black Swan" of the cycle, completing the bull cycle, then start the bear cycle.

Perhaps it might also start a series of "situations" that might crash the market lower and lower, no?

UFO are literally Unidentified Flying Object, so obviously someone saw them, but not identified.
I can also show real security vulnerabilities for previous version of ledger devices, and I can argue that ledger recover is another intentional ''vulnerability''.

One guy tried to do it, and he even release source code on github, but I didn't follow how far he went with that project.
Here, I found this github link (use at your own risk):
https://github.com/darosior/ledger_installer

Really?  
It's not happening inside toaster obviously...

Take a few pictures of the device, packaging, and the box contents. You can share the images in my thread, Show off your hardware wallet. It's a great opportunity to bump it with a new device that's not been shown before in that discussion.

I will go out on a limb here and say that nothing will happen to your coins. Fingers crossed...

My Ledger JUST ARRIVED! 👀

The box is very nice, the packaging is also very nice, and I like the color I ordered. It would be a waste if I merely throw this away, and it would be very irresponsible to give it to someone.

I will use it and I will send it merely $1,000 as the maximum amount for shitcoining Runes. If my coins are stolen, the people of this topic will be the first people to know.

 

And that brings us back to this gem:


Oh, but it gets better.  Ledger changed their story, admitting it was a former employee who got phished:


How many former Ledger employees still have access to their codebase?  Ledger won't say, not that we could trust any answer they'd give.

That would be my guess. And my next guess is the decryption keys are only known to Ledger and/or their "storage partners". That makes me wonder who has a backup, and how they were created. One way or another, it adds a risk that shouldn't exist in hardware wallets.

I think that the encryption part take place inside hardware wallet.

Your way of thinking is exactly right.

Even if there isn't a flaw, there's no way to know if Ledger will leak their code again, giving hackers the chance to reverse engineer it.  And there's no way to know if a future firmware update will introduce a bug that could give hackers access.

With closed source code, there are too many unknowns.

And after a company lies to their users, there's no way to trust them.


But you learned it, which makes you wiser than those who never do.

Perhaps, but we also have to account for coin support. Ledger supports most alt and shitcoins out of all the hardware wallets. I have never looked into Keystone, but I doubt they support the same amount of alts as Ledger. I know that Trezor doesn't, plus the support for Trezor is different for each of their devices. One HW might support a certain altcoin while the remaining models don't. Ledger, sadly, has an advantage in this aspect.

The hardware wallet doesn't do the sending. The software, Ledger Live does. It retrieves the keys from the device, divides them into shards, encrypts them, and sends them two three custodial parties over Ledger Live.

You need Ledger Live during the initial setup. At that point, Ledger would have gotten enough privacy-related information about you from its software.

But we can't also prove that there is no flaw either, and I personally WON'T gamble my Bitcoin savings on it by storing them in a hardware wallet that has closed source firmware. I'll probably use it for shitcoining very small amounts of Bitcoin through Magic Eden Runes market merely because I have already ordered it. But if I remembered this topic before I purchased it, I probably will not buy it.

I learned another lesson, the HARD WAY.

  

I don't think you can setup a Ledger hardware wallet without their software: you need to "install" each coin on the device. But even if we ignore this, avoiding Ledger's software isn't enough if there's a possibility of malware to target the device.

That's the wrong approach to look at this: Ledger wants you to have faith in their products, despite the fact they've lied on several occasions about the security of their product.

You're missing the point: by the time someone proves the device is vulnerable to malware, your funds are gone and it's too late. It's better to avoid that scenario.

Well, if follow this version, then here is the answer to how to avoid possible potential data leakage for ledger users  - don't use software from this company. Or in other words, connect the HW device to third-party wallets, such as electrum (any other), for example, and not Ledger live.

For several years now there have been allegations of vulnerabilities in the transmission of user data through ledger servers, software and devices in general, but no one has yet demonstrated 100% evidence and everything is based only on assumptions. I in no way justify the ledger, but damn, if there is a flaw, then show me, and don't try to convince me only on faith.

It turns out that belief in the vulnerability of ledgeris similar to belief in ghosts and UFOs - no one has seen them, can't prove their existence, but convinced that they definitely exist.

It's just an USB device, I don't see how such a device could get it's own internet access. I know malicious USB cables can pretend to be a keyboard and get access to the computer that way, but I don't think Ledger does that. So it needs Ledger's own software (Ledger Live) to be installed, and when you're running Ledger Live, it connects to Ledger's servers anyway. So you can't know what data it's sending.

Although true, but if it could be proven that the device is sending packets of data to a server, and if we could trace those packets of data going to an I.P. address belonging to Ledger, or worse an unknown entity, then we can safely make a presumption that they are doing "something" with the data, which could be sensitive data - your private keys.

BUT, that's where that question goes. - Is there proof that there are there packets of data that are sent from a Ledger Nano S+ to the internet?

Oops.  I forgot that part of the original question.

Keeping a bunch of shitcoins in hardware wallet is like keeping bananas in safe deposit, you know the outcome.
I would not trust ledger with anything, including rotten bananas, but people like gambling with closed source stuff.

You are asking to compare something that can't be compared.
Nobody knows if Linux was installed correctly, and how are you using this laptop in real life.
Sure, ledger is easier to use, if that is what you want, but new Trezor or Keystone devices are ten times better as multi-coin signing devices.
Even old offline smartphone as secondary signing device with open source wallet is probably better than using just a laptop.

OP is asking for shitcoin wallet, so this doesn't help him much.
 

Exactly.

This is why I moved on to a different hardware wallet and workflow with the following features:

Open Source.  Never trust closed source code.
Airgapped.  Online hackers can't reach the device.
Stateless.  The seed & wallet aren't saved on the device.
Encrypted Seed QR.  Loading the seed is quick, easy, and safe.

It's actually faster and easier to use an encrypted seed QR to load a seed & wallet than it is to type a PIN to unlock a device that already has your seed.

By not having your seed on the device, there's no threat of a thief extracting your keys manually.

By having no internet connection to the device, there's no threat of internet hackers or malicious coders reaching the keys on the device.  And yes, I do consider the possibility of Ledger's employees (or ex employees?) being malicious.  Or their partner companies employees.  Or their partner companies ex-employees?  There's just too much potential for too many things to go wrong.

I think the combo of airgap/stateless/encrypted seed QR is a much safer way of keeping Bitcoin secure.  And it's actually easier once you set it up.

Krux does all of this natively, on off the shelf K210 devices with touchscreens (the WonderMV K210 is currently the best device for Krux, and it can be found for less than $60).  There's also an excellent SeedSigner fork that adds encrypted seed QR (and the encrypted QRs are compatible with Krux, which is a nice bonus).

Many believed it wasn't possible on a hardware level. Ledger claimed numerous times that extracting data from the chips can't be done. Turns out that the only thing preventing data extraction is the accompanying software that wasn't there in the past. Ledger has now created it and included it in their firmware.

What we now know is that key extraction is and has always been possible from secure element chips and the hardware built-into hardware wallets. The developers only needed to write the necessary code. Ledger was the the first company that did that (that we know of), and they introduced a new potential attack vector.