Pages:
Author

Topic: New HW wallet announced: COLDCARD Q1 (Read 1216 times)

legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
September 07, 2024, 08:56:21 AM
#81
I would think (and might be wrong) that what they are calling "boot rom" is the regular boot loader for the STM32L4S5VIT6
Anyone using any ARM chip is going to have to have a boot loader (think of it as a PC BIOS)

If anyone is motivated take a look at:

https://ghidra-sre.org/
or
https://www.radare.org/r/

And you can probably de-compile it.

Since it's part of the DFU I don't see how it could be anything else.

As to if it's a stock one or not it does get back to the point of you NEED a boot loader for the ARM CPU, be it a coldcard a trezor a ledger or whatever. Does any other wallet maker give it to you to download? If not then why not? If it's the stock one from the CPU maker, great. If not then NOTHING else matters. Kind of like on a PC if your BIOS / UEFI is compromised nothing you do after that point matters in terms of security.

-Dave


legendary
Activity: 2730
Merit: 7065
September 07, 2024, 07:23:23 AM
#80
Coldcard is using called Boot ROM, according to them this is piece of code stored in ROM, but they are hiding the fact that this code is totally closed source, you can't even view it.
Interesting find. There isn't much information about it when searching online. They have a section on their docs page that explains what Boot ROM is, but not much information there. Perhaps it's possible somehow to view the Boot ROM code by downloading the firmware files from here. The file descriptions mention that Boot ROM is part of the file. The size of the files containing Boot ROM code is larger than the files without it. Maybe someone knows how to analyze it if it's viewable at all...
legendary
Activity: 2212
Merit: 7064
August 29, 2024, 02:15:25 PM
#79
Another interesting update ergarding Coldcard Q crap wallet,
First they lied about having open source code, but later they changed it to source viewable, but even that is not exactly true.
Coldcard is using called Boot ROM, according to them this is piece of code stored in ROM, but they are hiding the fact that this code is totally closed source, you can't even view it.
If you ask them about this issue they will avoid the answer and block you on social media, like they have been doing for all other issues.
This is another confirmation how Coldcard and NVK continues to deceive everyone including their own customers.

Quote
Boot ROM is a piece of code stored in a Read Only Memory (ROM). It is the very first code executed by the CPU when it is powered on. This code contains critical instructions to configure the system-on-chip (SoC) and allow the SoC to execute legitimate applications.
https://coldcard.com/docs/glossary/#boot-rom-security

Not Open Source!
Not Verifiable Source Code!


STOP using Coldcard devices!

legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
August 10, 2024, 05:17:50 PM
#78
Have you seen the prices that voltagegoat and others are asking for their tickers?
I only knew a little about the Nixie ones but IIRC, they weren't that pricey so I'm going to assume VoltageGoat probably charges more than they should... The main reason why I mentioned blockclock was that we can spend half of that amount for a DIY version that looks almost the same [IIRC, @dkbit98 was the one who created a thread about this].

Back to the Q1, finally saw one in person. Can't speak to the HW itself, but the case is the same cheap ass plastic that their other ones are made of and the screen is 'meh' at best.
This explains why they had to come up with a "larger hard case" to protect a product that's already ridiculously big [it would've been better if it had a rugged HW case in place of that cheap plastic and depending on the manufacturer, the overall cost could've been smaller than these two products combined].
legendary
Activity: 2212
Merit: 7064
August 09, 2024, 02:47:17 PM
#77
Back to the Q1, finally saw one in person. Can't speak to the HW itself, but the case is the same cheap ass plastic that their other ones are made of and the screen is 'meh' at best.
From what I heard this new screen is much worse than in Q1 than it was in mk4 and older c0ldcard devices.
There is a chance this could be updated and fixed with some future firmware, but I wouldn't waste my sats on this huge device that has a bunch of fake claims.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
August 09, 2024, 11:25:12 AM
#76
A better alternative would've been to offer their devices at reasonable prices Tongue
- This also applies to most of their other products (e.g. blockclock).

I will agree for what they are their wallets are a lot of $.

For their other products, it's not so bad.
Have you seen the prices that voltagegoat and others are asking for their tickers?
The SATSCARD are average price for a semi-custom NFC card.

Back to the Q1, finally saw one in person. Can't speak to the HW itself, but the case is the same cheap ass plastic that their other ones are made of and the screen is 'meh' at best.
Neat concept, poorly implemented.

-Dave

legendary
Activity: 2212
Merit: 7064
August 08, 2024, 11:57:17 AM
#75
Let me guess... Someone on a certain blog post probably labeled them as the "most trusted and secure HW" Cheesy
I don't know where they picked that line up, maybe it's just their wishful thinking, but based on experience from their previous devices they don't stay ''secure'' for a long time.
Very soon someone finds a terrible bug or a flaw and this devices magically become unsecure for general use.
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
August 02, 2024, 08:24:33 AM
#74
Now he is deceiving everyone with new lies that c0ldcard is the only hardware wallet that avoids being connected to a computer.

I would understand if this was coming from some new manufacturer, or newbies, but NVK obviously knows about all other air-gapped hardware wallets.
...
https://www.talkimg.com/images/2024/07/31/5SGLv.jpeg
According to the older archive versions of their website, this lie always existed [unfortunately], but instead of correcting their mistake, they decided to go a step further on the 4th[ish] iteration of their website and completely remove the optional part [I do know these options are off by default, but still...].

He is just using another cheap tricks to sell his devices  Tongue
A better alternative would've been to offer their devices at reasonable prices Tongue
- This also applies to most of their other products (e.g. blockclock).

Let me guess... Someone on a certain blog post probably labeled them as the "most trusted and secure HW" Cheesy
legendary
Activity: 2212
Merit: 7064
July 31, 2024, 03:24:58 PM
#73
Another crap coming from c0ldcard, c0inkite and psycho owner NVK.
Now he is deceiving everyone with new lies that c0ldcard is the only hardware wallet that avoids being connected to a computer.
I would understand if this was coming from some new manufacturer, or newbies, but NVK obviously knows about all other air-gapped hardware wallets.
He is just using another cheap tricks to sell his devices  Tongue



Another lie  Roll Eyes:



Archived:
https://web.archive.org/web/20240731203008/https://coldcard.com/

Let's see how long until he gets forced to change this lies again.
hero member
Activity: 714
Merit: 1298
July 11, 2024, 12:41:57 AM
#72
They mention the German government's selling of confiscated bitcoin as the reason for the special offer. Y

Vague excuse for their unreasonably high initial price on  COLDCARD Q1 which fails to come into sharp focus as they wanted to be. I think the price for this clumsy device will gradually succumb to the the level o $150 or even less. Probably they need to hire a man like Jony Ive to do the  design work and make their products iconic in HW domain.
legendary
Activity: 2730
Merit: 7065
July 10, 2024, 03:33:47 PM
#71
Coinkite and Coldcard are currently offering a 20% discount on all their products (up to $1000). They mention the German government's selling of confiscated bitcoin as the reason for the special offer. You don't need to manually enter a discount code to take advantage of the offer. In fact, the Coinkite store automatically adds the needed promo code during checkout.

With 20% off, the Mk4 is currently $126 instead of $157. The Coldcard Q costs $176 instead of $220.
hero member
Activity: 714
Merit: 1298
June 18, 2024, 12:11:35 AM
#70
Regarding QR, looks like it is not to be incompatible with Sparrow
Sparrow is only desktop wallet and QR codes are more used with mobile wallets, so only Nunchuk will work for now with Coldcard Q.


Wait, for some reason, I always thought QR codes   are  for secure communication with any device, including desktop/laptop machines. For instance, I use QR to communicate my Passport with laptop Sparrow. In general I'm reluctant to use mobiles when dealing with crypto due to increased  possibility to make some human errors on mobiles. Thus, in my view, not only Nunchuk works with Coldcard. Desktop/laptop Sparrow is also its companion.
legendary
Activity: 2212
Merit: 7064
June 15, 2024, 02:00:05 PM
#69
They gave it a decent screen size but made the text so small and dim that it's hard to read.
After people who pre-ordered this device had to wait for such a long time (I think more than a year), I still think they rushed things with Coldcard Q.
They will probably fix text size and other things in future, but by then they will release new device, maybe Coldcard X or Coldcard Zero.
This is Coldcard business model...

They gave it a camera for scanning QR codes, but they put the camera on top instead of on the back, so it points straight at the ceiling when you hold the device instead of pointing at the QR code you're looking at.  Then again, it can't use most QR codes, because...
But you can use this device as a lamp instead, it's a perfect position for this use case  Cool
full member
Activity: 128
Merit: 190
June 14, 2024, 05:57:03 PM
#68
Some of the design choices they made are bizarre.

They gave it a decent screen size but made the text so small and dim that it's hard to read.

They gave it a camera for scanning QR codes, but they put the camera on top instead of on the back, so it points straight at the ceiling when you hold the device instead of pointing at the QR code you're looking at.  Then again, it can't use most QR codes, because...

They created an entirely new QR spec and decided the device can't use any QRs that aren't their spec, which means it won't with most of the apps you use a hardware wallet with, which mostly defeats the point of QRs.

Bizarre.

I really thought this was going to be the device that would convince me to switch to a ColdCard.  Nope.  Maybe they'll fix this stuff a few years from now when they release a 2nd gen?
legendary
Activity: 2212
Merit: 7064
June 14, 2024, 02:55:42 PM
#67
Regarding QR, looks like it is not to be incompatible with Sparrow
Sparrow is only desktop wallet and QR codes are more used with mobile wallets, so only Nunchuk will work for now with Coldcard Q.
Other mobile wallets will probably add support in future but I wouldn't count on that.
I would never pay $220 for this plastic brick that looks like unfinished product to me.
hero member
Activity: 714
Merit: 1298
June 14, 2024, 12:48:21 AM
#66
I just watched the new Coldcard Q1 video review from Crypto Guide and I had to post this screenshots for comparison with other hardware wallets.
In first image you can see Coldcard mk4 and Q1, and in second image on the right you can size size difference comparison with Passport and Keystone devices.
But that is not all, this new Coldcard Q1 has probably one of the worst displays from all hardware wallets, it's very dull contrast with bad even if you increase brightness to 100%.
Most of the bigger screen is unused and text size is only a bit bigger than on mk4 device, so it's actually useless currently.
This wallet currently only works with Nunchuk mobile wallet because they made up their own QR code standard.
Only good thing in Q1 for me is removeable batteries, and maybe keyboard, but I would never recommend this device to anyone.

Source video: https://youtu.be/2m5K0RageOI



They adjusted the item name a bit, Now it is Coldcard Q rather than  Coldcard Q1.

Regarding QR, looks like it is not to be incompatible with Sparrow, the 1.8.3 firmware  of which added Coldcard Q1 support (with BBQr).

And yeah,the   design  of Coldcard Q sets one thinking on advisability of device purchasing.
legendary
Activity: 2212
Merit: 7064
June 13, 2024, 02:39:26 PM
#65
I just watched the new Coldcard Q1 video review from Crypto Guide and I had to post this screenshots for comparison with other hardware wallets.
In first image you can see Coldcard mk4 and Q1, and in second image on the right you can size size difference comparison with Passport and Keystone devices.
But that is not all, this new Coldcard Q1 has probably one of the worst displays from all hardware wallets, it's very dull contrast with bad even if you increase brightness to 100%.
Most of the bigger screen is unused and text size is only a bit bigger than on mk4 device, so it's actually useless currently.
This wallet currently only works with Nunchuk mobile wallet because they made up their own QR code standard.
Only good thing in Q1 for me is removeable batteries, and maybe keyboard, but I would never recommend this device to anyone.

 
Source video: https://youtu.be/2m5K0RageOI

legendary
Activity: 2730
Merit: 7065
April 02, 2024, 01:11:48 PM
#64
I just noticed that Coldcard announced a new firmware update for the Q model.

One point in the release notes caught my attention. It says:
Quote
- Sparrow wallet export will always be BBQr now.

I remembered that dkbit98 and the Foundation Passport representative talked about how Coldcard developed a new QR system that was different from what competitors were using and unsupported by software wallets.
Now we know that Sparrow Wallet supports this new standard. Proof of that can be found in their release notes for version 1.8.3:
Quote
Coldcard Q1 support (with BBQr)

Update:

Nunchuk has now become the second software wallet that I know of that supports the new BBQR encoding standard.
Quote
• Added support for BBQR (QR encoding for the Coldcard Q)
legendary
Activity: 2212
Merit: 7064
March 12, 2024, 12:48:04 PM
#63
NVK always have the need to invent the wheel all over again, maybe he is hoping to sell more devices now, and other people can deal with new QR code system later  Roll Eyes
If he didn't live in his small eco chamber and block all the people in social media and everywhere else, he could actually hear other developers of software wallets and actual users.
Good luck everyone who took his bait and purchased his new gigantic q1 device  Tongue
Jus sayin.

 
legendary
Activity: 2730
Merit: 7065
March 11, 2024, 12:44:26 PM
#62
So over a year and still not firm ETA of getting this into customers hands. Just next week for some and 'soon' for others.
I believe them when they say they have plenty of backorders to process. If it's a small team doing that, it's going to take a while.

I really used to like them and their products.
I can't comment on the build quality of their hardware. It looks good on first sight. Their decisions are questionable, though. dkbit98 mentioned that they created a unique QR code format that is not supported by other software wallets. I later saw what I believe is his source for that information. The team behind Foundation Devices made a post at the end of 2023, announcing that the new Coldcard would have that unusual QR system. It's weird business politics doing things completely different from everyone else and not using proven and well-supported formats. But it's their call, and they'll have to live with that and the aftermath.
Pages:
Jump to: