After my
earlier post, being also inspired by
pixie85's post and by icopress' suggestion, I decided to check the hardware integrity of the Ledger I received from Betnomi.
In theory, on their
website the required steps look simple, yet the practice is the one which always kills us. All I found there was this:
Secure Element attestation
The Secure Element itself is personalized at factory with an attestation proving that it has been manufactured by Ledger. You can verify it by running
pip install --no-cache-dir ledgerblue
python -m ledgerblue.checkGenuineRemote --targetId 0x33000004
Obviously, those were not commands which could be simply typed in a Command Prompt window. So after some digging I understood that I have first to install Python. You can get Python from here:
https://www.python.org/downloads. Alternatively, you can also download it from Microsoft store. I downloaded Python 3.11.4.
Following some articles I found on the Internet, I understood that Visual Studio 2017 build tools
may also be needed on Windows. As I wanted to make sure I have all prerequisites, I also installed this software (so I don't know if everything works without it). Visual Studio 2017 build tools can be downloaded from here:
https://www.visualstudio.com/downloads/#build-tools-for-visual-studio-2017.
If you want to make sure you installed Python properly, you can run this command (directly in a Command Prompt window -- so just press Start - Run - cmd or press Windows key + R):
python --version. You should see something like this:
Then you'll need to install
pip, which is a Python package manager, which may come or not together with your Python build. Following some
tutorials about Python, I reached
this page and from here you can
download pip. You will see in your Download folder a file named
get-pip.py.
Afterwards you have to run this command (Command Prompt):
python get-pip.py. This will install pip.
Having pip installed, you can ensure about this by typing the following command (in Command Prompt):
pip --version. You should see something like this:
Additionally, you'll need to install a Virtual Environment for Python, in order to be able to run the commands for checking the hardware integrity (I know, it already sounds like a pain in the ass only by reading everything I wrote here but imagine how it feels to actually
do all these (!) and find all the information necessary in order to be able to make this check...
). So following the same tutorial page for Python I installed first
Pipenv, which allows you to install Python packages, then I installed
Virtualenv, which "creates a folder which contains all the necessary executables to use the packages that a Python project would need". In order to install these, you need to run these commands (in Command Prompt):
pip install --user pipenv and
pip install virtualenv.
Next step is to install
Python tools for Ledger Blue, Nano S and Nano X, which can be found
here. In order to be able to do this you need to run the following commands (in Command Prompt):
python3 -m venv ledger and
pip install ledgerblue.
After finishing all these we finally get back to the command shown on Ledger website:
python -m ledgerblue.checkGenuineRemote --targetId 0x33000004 --
but we do not run the command yet (keep reading below). The part "0x33000004" is the TargetID, meaning a code of your product. The entire list of TargetIDs is available on the website I mentioned above (obviously, none of these can be found directly on Ledger's website so you need deep Internet search for obtaining all this information):
| Device name | Firmware Version | TargetID |
| Nano S Plus | all | 0x33100004 |
| Nano X | < 2.2.1 (developer units only) | 0x33000004 |
| Nano X | >= 2.2.1 | 0x33000004 |
| Nano S | <= 1.3.1 | 0x31100002 |
| Nano S | 1.4.x | 0x31100003 |
| Nano S | >= 1.5.x | 0x31100004 |
| Ledger Blue | <= 2.0 | 0x31000002 |
| Ledger Blue | 2.1.x | 0x31000004 |
| Ledger Blue v2 | 2.1.x | 0x31010004 |
As I wrote above, the command should not be entered yet. This is because the Ledgers from Betnomi have an old firmware (2.0.1) and the command works with newer firmware versions. So at this point you need to perform a firmware update (if you haven't already), which can be done through the Ledger Live app. For those not aware (there may be still a few of them), Ledger Live app can be downloaded from Ledger website:
https://www.ledger.com/ledger-live. After installation is done select the tab My Ledger. There will be two firmware updates available. First one will upgrade the Ledger's firmware from 2.0.1 to 2.2.1. Second upgrade will bring the firmware 2.2.2 to your Ledger. However, the command for checking the hardware integrity can be run after having the firmware 2.2.1. You should see something like this:
Reaching this point,
you must have the Ledger connected to your PC / laptop and also make sure it is not in standby. For obvious reasons, the command won't do anything if the wallet is not connected to the PC. And, if it is in standby mode you'll get a long error message, ending with
Connection to remote host was lost. However, assuming that the device is connected and it is not in standby mode, run the command
python -m ledgerblue.checkGenuineRemote --targetId 0x33000004. You will receive a warning on your Ledger screen, which you need to confirm.
And finaaaaaaaaaaally, after all these, I received this confirmation:
It was a lot of work but, at least, I was assured that the Ledgers from Betnomi are genuine. Or, at least, I was 50% assured. To ensure the remaining 50% I proceeded to open the device, in order to check its PCB.
Warning: performing the steps mentioned below may destroy your device. If you won't destroy it then you'll certainly lose the warranty.This part may also sound simple, but it's not simple at all. You need to pay a lot of attention, as the product looks like a capsule (obviously, it was not meant to be opened) and it has no screw. Trying to break its case open may break it so your device may be totally damaged. However, since I won 3 such Ledgers from Betnomi I afforded the risks.
So first step is to remove the grey part branded with Betnomi from the wallet. The grey part should be lifted (
in a delicate manner) from the grey button of the wallet. It can be removed relatively easy.
Now the important part comes. You need a very thin screwdriver or a very thin knife or any other sharp thing which is also very thin. If you look around the display, you'll see a very thin line -- this is the line where the part of the case protecting the display is assembled with the rest of the product. The screw driver should be used for forcing it into this thin line, in order to detach this part of the case from the other part of it. This should be done with a lot of attention, as at this step the device may become broken. In order to avoid this you may try to push the screwdriver between the part with the display and the rest of the wallet case on multiple spots of this thin line, thus getting some more weak spots which, in the end, will make the detaching of the display more easy.
By pure chance, I had a minuscule screwdriver and I used it for the
surgery operation:
Then I used the grey part, which I previously removed, and I inserted it in the small opening made by the screwdriver, to keep that part open. Having a part already open, I used the screwdriver to force the opening more:
I proceeded with caution for the rest of the thin line until the case fully opened.
At this point I had to pay a lot of attention, as the navigation buttons are not attached to the PCB, nor to the external side of the case. They are not attached to anything and only the fact that they enter in the holes of the case keeps them at place. So I took them out, hoping to remember the correct place of each one.
The display is on the other side of the PCB (as seen in the image from above) and it is connected to the PCB through a small interface, so you can manipulate it to a side, since it is not attached on the PCB. This is important, because by moving it to a side you can check the entire side of the PCB where it is placed.
In the end, I could take these pictures of both sides of the PCB:
Next step was to compare the PCB details with the images shown on Ledger's
website. There are 4 hardware revisions of these Ledgers, having different PCB colors. The PCB of my device is green, which corresponds to Revision 4. And, by analyzing the look of my PCB and the one from Ledger website, it seems the PCBs are identical:
Now I was finally assured that my product respects the hardware integrity!
Since I am a magician when it comes to opening electronic devices piece by piece then placing all the pieces back together By pure chance 
I also managed to place back everything inside the wallet case then close back the case. Surprisingly, the wallet is still functional!
In the end, for trying to be
more catholic than Pope is, I performed also the genuine check offered by Ledger Live app:
The check concluded by saying that the product is genuine. Hooray!
ConclusionHaving these said, I guess that the owners of Betnomi Ledgers can relax now, as their products are not tampered with. Those which want though can perform the above steps for checking their wallets' hardware integrity on their own. However, I don't recommend this, unless you don't care if the device gets fully damaged or unless you are used to opening electronic devices / fix them / etc.
It is very sad that icopress is having a huge loss because of Betnomi but, at least, they were not
that evil to tamper the devices they raffled on the forum.
