digitalbitbox / mcu Goto Github PK

The most recent firmware update has caused havoc on BitBoxes used for multisig.

It's a particularly hairy issue as existing multisig UTXOs have become unspendable absent manually exporting a private key.

Full details are here: spesmilo/electrum#5275

Any plans to make the rest of the source code open source too?
E.g. the part it talks to the hardware.

Like Trezor has it: https://github.com/trezor/trezor-mcu

If the hardware files provided from the chip manufacturer aren't open source you might consider using libopencm3 (http://libopencm3.org/wiki/Main_Page) too.

The libopencm3 project (previously known as libopenstm32) aims to create a free/libre/open-source (LGPL v3, or later) firmware library for various ARM Cortex-M0(+)/M3/M4 microcontrollers, including ST STM32, Ti Tiva and Stellaris, NXP LPC 11xx, 13xx, 15xx, 17xx parts, Atmel SAM3, Energy Micro EFM32 and others.

https://opensource.com/business/15/7/why-open-hardware-winning

Support tezos

Not sure if I'm doing it wrong. But it looks like that i can't retrieve the master key at 'm'.

  [DEBUG]  main: encrypting raw json: {"xpub" : "m"}
Sending command: 4oivxqirFxug4E9M7nxja7O7A3rP/WcX1NQJtpsGZhs=
try to read some bytes...
 OK, read 2048 bytes.
result: {
  "error": {
    "message": "Could not generate key.",
    "code": 251,
    "command": "xpub"
  }
}

/home/lucas/.clion10/system/cmake/generated/36d6158c/36d6158c/Debug/tests/tests_api
Internal API Result:
tests_echo_2FA: OK
tests_aes_cbc: OK
Signal: SIGSEGV (Segmentation fault)
Process finished with exit code 0

System:

uname -a
Linux lucas_hp_9470m 4.1.4-1-ARCH #1 SMP PREEMPT Mon Aug 3 21:30:37 UTC 2015 x86_64 GNU/Linux

gcc --version
gcc (GCC) 5.2.0
Copyright (C) 2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

clang --version
clang version 3.6.2 (tags/RELEASE_362/final)
Target: x86_64-unknown-linux-gnu
Thread model: posix

This seg-fault only happens on gcc, not with clang.

Full cmake .. output with gcc: http://pastebin.com/raw.php?i=gGbUNf6H

It stops in tests_sign. My IDE says in commander.c line 917, but that line looks good to me.

No problems on Travis. There we have a older CMake and a older gcc.

Any ideas?

Using latest firmware (6.04) Bitbox consistently across latest MEW and legacy MEW reports failed signing.
In Chrome and Opera. Has this issue been identified?

We are integrating different dapps and hardware wallets in our service. We have already integrated Trezor and Ledger Nano S as hardware wallets. And users ask to integrate Digital Bitbox.

Live unit tests (tests_api) work on the previous OSX High Sierra, and MEW works on OSX Catalina (using the hijack interface and Chrome browser). Therefore, it seems that something changed with how OSX Catalina is handling USB communication with the hidapi interface. Specifically, the live unit tests fail if there is an API call to the device that requires a user touch and the user does not immediately do a touch confirmation on the device.

I want to add Bitcore BTX support to Bitbox Hardware Wallet
Whit steps are needed?

As example, a user could retrieve { "input":{ "error": "Please set a password." } }. The only way of detecting if a new password needs to be set is by parsing the string. Not urgent, but it would be great if there where error codes.

I don't have a full understanding of this [1] and as far as i know symmetric encryption is not very vulnerable to timing attacks, though i think adding a constant time behavior would be a good countermeasure (example from a bitcoin-core PR [2]).

[1] http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
[2] https://github.com/bitcoin/bitcoin/pull/5949/files#diff-caa129d4183d0a0943a8b84710fd4427R1184

Not sure if we want that device:info returns the xpub. I think it would be better if we would response with seeded:true/false... It would allow bypassing of the xpub export verification... not bad, but let's discuss it.

Any news on when we can expect it?

Hi,
I made some changes to the firmware that I'd like to load to a device used for tests. I made some changes to commander.c and built the firmware.bin file as the readme suggested, not using vagrant.
After putting the device in bootloader mode, I tried loading the firmware using both apps dbb-app, dbb-cli, and the load_firware.py [sic :) ] script, but the process never succeeds.
In the gui, the error is Error while upgrading firmware. Please unplug and replug your Digital Bitbox.
In the cli, Firmware upgrade failed!
And using the python script, ERROR: invalid firmware signature
I also tried setting debug as the version in with using the python script, but that didn't work either.

Is there no way to load a self modified firmware to the dbb?

A good UX would require to show the user...

• ... if he has set a password
• ... version number of DBB
• ... personal name (to distinct between devices if he uses more than one)
• ... if he has seeded the DBB

To avoid a chain of initial commands (device:version,name, xpub [to check if wallet is seeded]) , it might help to have one getinfo (or just info) command that responses serval informations. Need to be specified in detail.

low prio
Currently the output looks like:

"autobackup_1.aes, autobackup_2.aes, autobackup_3.aes, autobackup_4.aes, autobackup_5.aes, autobackup_6.aes, autobackup_7.aes, autobackup_8.aes, autobackup_9.aes, autobackup_10.aes, new.file, "

I think its okay as a CSV, but should use , instead of , (no space after comma). Also the last comma should be removed if possible.

Otherwise use ["x", "y"].

ref #253

{ "touchbutton": "accept" , "sign": [{"sig":8784540a5e6f2cfdfe135f9aca673b205913ef5be75ff6a950474b897fb1d91843ef2f70594c8f9ff3e3146aa200f3c8051e75df77b6c599f27ae706fea46776, "pubkey":03cafb64f419309362bcd02035a509aebca3997e36dd009a1a010feb9b70723043}] }

The "sig" value should also be wrapped in ".

Needs update of API documentation.
https://digitalbitbox.com/api.html

Please consider adding a Digital Bitbox simulator. It would allow for projects implementing support for the bitbox to have a way to run automated tests.

I don't think this would be very hard to do. The api tests already use the bitbox firmware as a library and can send commands and get responses back. A simulator would just need to wrap that library and just forward the data to and from the outside world to the library functions. It could have an external interface using a UDP socket.

See counterpart: BitBoxSwiss/dbb-app#36

After https://github.com/digitalbitbox/mcu/blob/c8ea0e02135653ad0d7b11e096c36348a2d34947/src/sd.c#L565,

Those lines are missing:

utils_zero(files, sizeof(files));
return DBB_ERROR;

As a result, in that error case, the api call for {"backup":"list"} returns:

{"error":{"message":"Could not open the directory.","code":403,"command":"backup"},"backup":}

which is invalid json (no value for the backup key).

1. Add the lines to correctly return the error.
2. Somewhere in the json api there is a bug in that it produces invalid json, instead of adding a null or similar on an empty value (or the json api returned an error that was not checked). Fix if easy.

Not sure if this best belongs here or in desktop app, but...

After updating firmware to 4.0.0, wallet will accept hidden wallet password and opens a wallet, but shows no history/no balance. This occurs with the new desktop app and the old one. Main wallet seems to be unaffected. All help appreciated.