SlideShare a Scribd company logo
HWallet:
The simplest Bitcoin
hardware wallet
Nemanja Nikodijević
Security Researcher
Hardware wallets
STM32F205
HWallet
OLED
ST31H320
USB
STM32F042
OLED
USB
ATECC508ASTM32L475
OLED
USB
NXP K20USB NXP K82
OLED
Secure MCU
Secure
Element
NDA requiredNDA-free <nemanja@hacke.rs>
Hardware Acceleration
secp256k1SHA256TRNG
Open
Source
✓
✓
✗
✗✗✗
✗✗
✓✓✓✓
?✓ ✓
✓
Threat model
<nemanja@hacke.rs>
MCU
OLED
USB
Comm MCU
USB
Main MCU
OLED
https://blog.trezor.io/details-about-the-security-updates-in-trezor-
one-firmware-1-6-2-a3b25b668e98
https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/
Secure MCU
Library dependencies
STM32 HAL
(USB, SPI,I2C, UART)
uECC
third party libs opensource closed source
ST31 Cryptography BOLOS
App 0
App n
...
libopencm3
(USB, SPI,I2C, UART…)
Bootloader
&
Firmware
Bootloader
&
Firmware
Bootloader&
SEPROXYHAL
nanopb
micropython
Bootloader& Firmware
Trezor Crypto
AES
Base58
BLAKE2
RIPEMD160
SHA1/2/3
Ed25519
Curve25519 Chacha20 Poly1305
QR encoder
Emulator
<nemanja@hacke.rs>
Code size comparison
git clone https://github.com/{PRODUCT}/{FIRMWARE} --recurse-submodules
cd {FIRMWARE}
wc –l `find ./ -name "*.c" -o –name "*.h"`
<nemanja@hacke.rs>
HWallet
2.5M+ 346k+ 162k+ ~4k122k+
OLED font
License
headers
Code layers
<nemanja@hacke.rs>
UART SPI GPIO LTC MMCAUCRC TRNG
https://gitlab.com/nemanjan/hwallet
NXP K82 OLED
To
Communication
MCU
Tx/Rx speed fixed
to 115200 bps
SPI bus clocked at
1 MHz
Bitcoin
TX
SHA256D
nonce
ECDSA:
secp256k1
TX Signature
Code layers
<nemanja@hacke.rs>
UART SPI GPIO LTC
Packet OLED
MMCAUCRC TRNG
Crypto
https://gitlab.com/nemanjan/hwallet
typedef struct {
uint16_t type;
uint16_t length;
uint8_t data[32];
uint32_t crc;
} Packet;
PACKET_Send();
PACKET_Receive();
typedef struct {
SPIx* spi;
GPIOx* dcGpio;
GPIOx* rstGpio;
uint8_t dcPin;
uint8_t rstPin;
uint8_t buffer[ ];
} OLED;
OLED_WriteRow();
OLED_Clear();
CRYPTO_Random();
CRYPTO_SHA256();
CRYPTO_ECDSA_Sign();
CRYPTO_ECDSA_GetPublicKey();
typedef struct {
uint8_t num[32];
uint8_t len;
} Bignum;
CRYPTO_Bignum_Init();
CRYPTO_Bignum_Mod();
CRYPTO_Bignum_Div();
CRYPTO_Bignum_Sub();
CRYPTO_Bignum_IsNull();
B' = (1/B) mod N
A' = A – A mod B
(A/B) mod N = (A'B') mod N
N - a large prime, larger than
any A or B, e.g. p from
secp256k1
Code layers
<nemanja@hacke.rs>
UART SPI GPIO LTC
Main Loop
Packet OLED
MMCAUCRC TRNG
Crypto
https://gitlab.com/nemanjan/hwallet
while(1) {
Packet msg;
PACKET_Receive(&msg);
switch(PACKET_MODULE(msg.type)) {
case PACKET_BITCOIN:
Bitcoin_Process(&msg);
...
};
}
Module Function
Packet type
15 8 7 0
Code layers
<nemanja@hacke.rs>
UART SPI GPIO LTC
Main Loop
Bitcoin ???
Packet OLED
MMCAUCRC TRNG
Crypto
??? ???
https://gitlab.com/nemanjan/hwallet
void Bitcoin_Process(Packet* msg) {
switch(PACKET_FUNC(msg->type)) {
case BITCOIN_FUNC_INIT_TX:
Bitcoin_Tx_Init();
...
};
}
Demo time
<nemanja@hacke.rs>
PoC||GTFO
Can it be even simpler?
<nemanja@hacke.rs>
UART SPI GPIO LTC
Main Loop
Bitcoin ???
Packet OLED
TRNGCRC
Crypto
??? ???
K82
KL82
Cortex-M4
Cortex-M0+
150 MHz
72 MHz
Core Freq Flash RAM
256 kB
128 kB
256 kB
96 kB
…and more secure?
NXP K82 NXP K81
NXP KL82 NXP KL81
Anti
Tamper
+ =+ NDA
Expanding functionality: Recovery seed
<nemanja@hacke.rs>
TRNG
BIP-32
BIP-39
BIP-44
Entropy
128-512bit m
m/0
m/44'
m/i
m/44'/0' m/44'/0'/0'/0m/44'/0'/0'
...
CKD(x, n)
based on
HMAC-SHA512
...
44' = 0x8000002C
BTC – 0'
…
ETH – 60'
…
XRP – 144'
witch collapse
practice feed shame
open despair creek
road again ice least
HMAC
SHA512
m/44'/0'/0'/0/0
m purpose’ coin_type’ account’ change address_index
Expanding functionality: FIDO U2F
<nemanja@hacke.rs>
NXP K20USB
NXP K82
NXP K81
nRF52840 NXP KL82
NXP KL81
USB
BLE
WebAuthn
FIDO
WebAuthn CTAP
CTAP
Comm MCU Main MCU
Client to
Authenticator
Protocol
Благодарю за внимание!
Thanks for your attention!

More Related Content

What's hot

SlingSecure USB Eng
SlingSecure USB EngSlingSecure USB Eng
SlingSecure USB Eng
SlingSecure Mobile Encryption
 
Owning NX-OS - t2 2010
Owning NX-OS - t2 2010Owning NX-OS - t2 2010
Owning NX-OS - t2 2010
blh42
 
Hacking intranet websites
Hacking intranet websitesHacking intranet websites
Hacking intranet websites
shehab najjar
 
Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]
Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]
Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]
Alwin Arrasyid
 
Positive Hack Days. Gurkin. Zero Day for SCADA (0-day)
Positive Hack Days. Gurkin. Zero Day for SCADA (0-day)Positive Hack Days. Gurkin. Zero Day for SCADA (0-day)
Positive Hack Days. Gurkin. Zero Day for SCADA (0-day)
Positive Hack Days
 
Hardware hacking
Hardware hackingHardware hacking
Hardware hacking
Tavish Naruka
 
Talk - Ataques via USB
Talk -  Ataques via USB Talk -  Ataques via USB
Talk - Ataques via USB
Anderson Vieira
 
SW3 Presentation 14
SW3 Presentation 14SW3 Presentation 14
SW3 Presentation 14guestd0ad3d
 
Alice and bob: Love & the most important crypto on the net
Alice and bob: Love & the most important crypto on the netAlice and bob: Love & the most important crypto on the net
Alice and bob: Love & the most important crypto on the net
Chris Hammond-Thrasher
 
WinSock Asynchronous Input/Output
WinSock Asynchronous Input/OutputWinSock Asynchronous Input/Output
WinSock Asynchronous Input/Outputcalophatpho
 
Scada strange love uwn-stuxnet
Scada strange love   uwn-stuxnetScada strange love   uwn-stuxnet
Scada strange love uwn-stuxnetPositive Hack Days
 
[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnie[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnie
Zoltan Balazs
 
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)Security Bootcamp
 
Introduction to iOS Penetration Testing
Introduction to iOS Penetration TestingIntroduction to iOS Penetration Testing
Introduction to iOS Penetration Testing
OWASP
 
Nse 4 certification
Nse 4 certificationNse 4 certification
Nse 4 certification
OlsianGue
 
Bitcoin hardware wallets security
Bitcoin hardware wallets securityBitcoin hardware wallets security
Bitcoin hardware wallets security
Eric Larcheveque
 
How to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ DisobeyHow to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ Disobey
Zoltan Balazs
 
[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들
[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들
[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들
GangSeok Lee
 
Arduino 習作工坊 - Lesson 1 燈光之夜
Arduino 習作工坊 - Lesson 1 燈光之夜Arduino 習作工坊 - Lesson 1 燈光之夜
Arduino 習作工坊 - Lesson 1 燈光之夜
CAVEDU Education
 

What's hot (20)

iWave Systems Techologies Pvt Ltd: Products- Software BSPs
iWave Systems Techologies Pvt Ltd: Products- Software BSPsiWave Systems Techologies Pvt Ltd: Products- Software BSPs
iWave Systems Techologies Pvt Ltd: Products- Software BSPs
 
SlingSecure USB Eng
SlingSecure USB EngSlingSecure USB Eng
SlingSecure USB Eng
 
Owning NX-OS - t2 2010
Owning NX-OS - t2 2010Owning NX-OS - t2 2010
Owning NX-OS - t2 2010
 
Hacking intranet websites
Hacking intranet websitesHacking intranet websites
Hacking intranet websites
 
Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]
Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]
Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]
 
Positive Hack Days. Gurkin. Zero Day for SCADA (0-day)
Positive Hack Days. Gurkin. Zero Day for SCADA (0-day)Positive Hack Days. Gurkin. Zero Day for SCADA (0-day)
Positive Hack Days. Gurkin. Zero Day for SCADA (0-day)
 
Hardware hacking
Hardware hackingHardware hacking
Hardware hacking
 
Talk - Ataques via USB
Talk -  Ataques via USB Talk -  Ataques via USB
Talk - Ataques via USB
 
SW3 Presentation 14
SW3 Presentation 14SW3 Presentation 14
SW3 Presentation 14
 
Alice and bob: Love & the most important crypto on the net
Alice and bob: Love & the most important crypto on the netAlice and bob: Love & the most important crypto on the net
Alice and bob: Love & the most important crypto on the net
 
WinSock Asynchronous Input/Output
WinSock Asynchronous Input/OutputWinSock Asynchronous Input/Output
WinSock Asynchronous Input/Output
 
Scada strange love uwn-stuxnet
Scada strange love   uwn-stuxnetScada strange love   uwn-stuxnet
Scada strange love uwn-stuxnet
 
[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnie[ENG] IPv6 shipworm + My little Windows domain pwnie
[ENG] IPv6 shipworm + My little Windows domain pwnie
 
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
SBC 2012 - Malware Memory Forensics (Nguyễn Chấn Việt)
 
Introduction to iOS Penetration Testing
Introduction to iOS Penetration TestingIntroduction to iOS Penetration Testing
Introduction to iOS Penetration Testing
 
Nse 4 certification
Nse 4 certificationNse 4 certification
Nse 4 certification
 
Bitcoin hardware wallets security
Bitcoin hardware wallets securityBitcoin hardware wallets security
Bitcoin hardware wallets security
 
How to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ DisobeyHow to hide your browser 0-day @ Disobey
How to hide your browser 0-day @ Disobey
 
[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들
[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들
[2010 CodeEngn Conference 04] window31 - Art of Keylogging 키보드보안과 관계없는 키로거들
 
Arduino 習作工坊 - Lesson 1 燈光之夜
Arduino 習作工坊 - Lesson 1 燈光之夜Arduino 習作工坊 - Lesson 1 燈光之夜
Arduino 習作工坊 - Lesson 1 燈光之夜
 

Similar to HWallet: The simplest Bitcoin hardware wallet

BalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletBalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency wallet
Nemanja Nikodijević
 
Presentation for IoT workshop at Sinhagad University (Feb 4, 2016) - 2/2
Presentation for IoT workshop at Sinhagad University (Feb 4, 2016) - 2/2Presentation for IoT workshop at Sinhagad University (Feb 4, 2016) - 2/2
Presentation for IoT workshop at Sinhagad University (Feb 4, 2016) - 2/2
Bhavin Chandarana
 
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...
christopherfairbairn
 
Stm32 f4 first touch
Stm32 f4 first touchStm32 f4 first touch
Stm32 f4 first touch
Benux Wei
 
Embedded. What Why How
Embedded. What Why HowEmbedded. What Why How
Embedded. What Why How
Volodymyr Shymanskyy
 
IoT Houston Meetup - Graphics on the STM32
IoT Houston Meetup - Graphics on the STM32IoT Houston Meetup - Graphics on the STM32
IoT Houston Meetup - Graphics on the STM32
Travis Teague
 
Geepy roadmap 2017
Geepy roadmap 2017Geepy roadmap 2017
Geepy roadmap 2017
Eddie Velásquez
 
Track 5 session 5 - st dev con 2016 - stm32 hands on seminar - cloud connec...
Track 5   session 5 - st dev con 2016 - stm32 hands on seminar - cloud connec...Track 5   session 5 - st dev con 2016 - stm32 hands on seminar - cloud connec...
Track 5 session 5 - st dev con 2016 - stm32 hands on seminar - cloud connec...
ST_World
 
Tools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalTools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade Final
Priyanka Aash
 
Introducing Azure Sphere
Introducing Azure SphereIntroducing Azure Sphere
Introducing Azure Sphere
Mirco Vanini
 
Why a zynq should power your next project
Why a zynq should power your next projectWhy a zynq should power your next project
Why a zynq should power your next project
Mark Smith
 
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
Felipe Prado
 
Make the Smartcard great again
Make the Smartcard great againMake the Smartcard great again
Make the Smartcard great again
Eric Larcheveque
 
Development Board for NXP i.MX 8M Quad Application Processors
Development Board for NXP i.MX 8M Quad Application ProcessorsDevelopment Board for NXP i.MX 8M Quad Application Processors
Development Board for NXP i.MX 8M Quad Application Processors
Linda Zhang
 
MediaTek Linkit Smart 7688 Webinar
MediaTek Linkit Smart 7688 WebinarMediaTek Linkit Smart 7688 Webinar
MediaTek Linkit Smart 7688 Webinar
MediaTek Labs
 
FRDM-KL46Z_Hands-On_Presentation_v02
FRDM-KL46Z_Hands-On_Presentation_v02FRDM-KL46Z_Hands-On_Presentation_v02
FRDM-KL46Z_Hands-On_Presentation_v02Libor GECNUK
 
Hardware backdooring is practical : slides
Hardware backdooring is practical : slidesHardware backdooring is practical : slides
Hardware backdooring is practical : slides
Moabi.com
 
Republic of IoT - Hackathon Hardware Kits Hands-on Labs
Republic of IoT - Hackathon Hardware Kits Hands-on LabsRepublic of IoT - Hackathon Hardware Kits Hands-on Labs
Republic of IoT - Hackathon Hardware Kits Hands-on Labs
Alwin Arrasyid
 

Similar to HWallet: The simplest Bitcoin hardware wallet (20)

BalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletBalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency wallet
 
Presentation for IoT workshop at Sinhagad University (Feb 4, 2016) - 2/2
Presentation for IoT workshop at Sinhagad University (Feb 4, 2016) - 2/2Presentation for IoT workshop at Sinhagad University (Feb 4, 2016) - 2/2
Presentation for IoT workshop at Sinhagad University (Feb 4, 2016) - 2/2
 
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...
Christchurch Embedded .NET User Group - Introduction to Microsoft Embedded pl...
 
Stm32 f4 first touch
Stm32 f4 first touchStm32 f4 first touch
Stm32 f4 first touch
 
Embedded. What Why How
Embedded. What Why HowEmbedded. What Why How
Embedded. What Why How
 
IoT Houston Meetup - Graphics on the STM32
IoT Houston Meetup - Graphics on the STM32IoT Houston Meetup - Graphics on the STM32
IoT Houston Meetup - Graphics on the STM32
 
Geepy roadmap 2017
Geepy roadmap 2017Geepy roadmap 2017
Geepy roadmap 2017
 
Track 5 session 5 - st dev con 2016 - stm32 hands on seminar - cloud connec...
Track 5   session 5 - st dev con 2016 - stm32 hands on seminar - cloud connec...Track 5   session 5 - st dev con 2016 - stm32 hands on seminar - cloud connec...
Track 5 session 5 - st dev con 2016 - stm32 hands on seminar - cloud connec...
 
Tools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade FinalTools Of The Hardware Hacking Trade Final
Tools Of The Hardware Hacking Trade Final
 
Introducing Azure Sphere
Introducing Azure SphereIntroducing Azure Sphere
Introducing Azure Sphere
 
Why a zynq should power your next project
Why a zynq should power your next projectWhy a zynq should power your next project
Why a zynq should power your next project
 
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
 
iWave Systems Techologies Pvt Ltd: Products-Hardware IPs
iWave Systems Techologies Pvt Ltd: Products-Hardware IPsiWave Systems Techologies Pvt Ltd: Products-Hardware IPs
iWave Systems Techologies Pvt Ltd: Products-Hardware IPs
 
Make the Smartcard great again
Make the Smartcard great againMake the Smartcard great again
Make the Smartcard great again
 
Sahil_Resume
Sahil_ResumeSahil_Resume
Sahil_Resume
 
Development Board for NXP i.MX 8M Quad Application Processors
Development Board for NXP i.MX 8M Quad Application ProcessorsDevelopment Board for NXP i.MX 8M Quad Application Processors
Development Board for NXP i.MX 8M Quad Application Processors
 
MediaTek Linkit Smart 7688 Webinar
MediaTek Linkit Smart 7688 WebinarMediaTek Linkit Smart 7688 Webinar
MediaTek Linkit Smart 7688 Webinar
 
FRDM-KL46Z_Hands-On_Presentation_v02
FRDM-KL46Z_Hands-On_Presentation_v02FRDM-KL46Z_Hands-On_Presentation_v02
FRDM-KL46Z_Hands-On_Presentation_v02
 
Hardware backdooring is practical : slides
Hardware backdooring is practical : slidesHardware backdooring is practical : slides
Hardware backdooring is practical : slides
 
Republic of IoT - Hackathon Hardware Kits Hands-on Labs
Republic of IoT - Hackathon Hardware Kits Hands-on LabsRepublic of IoT - Hackathon Hardware Kits Hands-on Labs
Republic of IoT - Hackathon Hardware Kits Hands-on Labs
 

Recently uploaded

web-tech-lab-manual-final-abhas.pdf. Jer
web-tech-lab-manual-final-abhas.pdf. Jerweb-tech-lab-manual-final-abhas.pdf. Jer
web-tech-lab-manual-final-abhas.pdf. Jer
freshgammer09
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证如何办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证如何办理一比一原版(IIT毕业证)伊利诺伊理工大学毕业证如何办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证如何办理
aozcue
 
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证如何办理
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证如何办理一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证如何办理
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证如何办理
peuce
 
一比一原版(UCSB毕业证)圣塔芭芭拉社区大学毕业证如何办理
一比一原版(UCSB毕业证)圣塔芭芭拉社区大学毕业证如何办理一比一原版(UCSB毕业证)圣塔芭芭拉社区大学毕业证如何办理
一比一原版(UCSB毕业证)圣塔芭芭拉社区大学毕业证如何办理
aozcue
 
欧洲杯冠军-欧洲杯冠军网站-欧洲杯冠军|【​网址​🎉ac123.net🎉​】领先全球的买球投注平台
欧洲杯冠军-欧洲杯冠军网站-欧洲杯冠军|【​网址​🎉ac123.net🎉​】领先全球的买球投注平台欧洲杯冠军-欧洲杯冠军网站-欧洲杯冠军|【​网址​🎉ac123.net🎉​】领先全球的买球投注平台
欧洲杯冠军-欧洲杯冠军网站-欧洲杯冠军|【​网址​🎉ac123.net🎉​】领先全球的买球投注平台
andreassenrolf537
 
Building a Raspberry Pi Robot with Dot NET 8, Blazor and SignalR - Slides Onl...
Building a Raspberry Pi Robot with Dot NET 8, Blazor and SignalR - Slides Onl...Building a Raspberry Pi Robot with Dot NET 8, Blazor and SignalR - Slides Onl...
Building a Raspberry Pi Robot with Dot NET 8, Blazor and SignalR - Slides Onl...
Peter Gallagher
 
MATHEMATICS BRIDGE COURSE (TEN DAYS PLANNER) (FOR CLASS XI STUDENTS GOING TO ...
MATHEMATICS BRIDGE COURSE (TEN DAYS PLANNER) (FOR CLASS XI STUDENTS GOING TO ...MATHEMATICS BRIDGE COURSE (TEN DAYS PLANNER) (FOR CLASS XI STUDENTS GOING TO ...
MATHEMATICS BRIDGE COURSE (TEN DAYS PLANNER) (FOR CLASS XI STUDENTS GOING TO ...
PinkySharma900491
 

Recently uploaded (7)

web-tech-lab-manual-final-abhas.pdf. Jer
web-tech-lab-manual-final-abhas.pdf. Jerweb-tech-lab-manual-final-abhas.pdf. Jer
web-tech-lab-manual-final-abhas.pdf. Jer
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证如何办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证如何办理一比一原版(IIT毕业证)伊利诺伊理工大学毕业证如何办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证如何办理
 
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证如何办理
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证如何办理一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证如何办理
一比一原版(UMich毕业证)密歇根大学|安娜堡分校毕业证如何办理
 
一比一原版(UCSB毕业证)圣塔芭芭拉社区大学毕业证如何办理
一比一原版(UCSB毕业证)圣塔芭芭拉社区大学毕业证如何办理一比一原版(UCSB毕业证)圣塔芭芭拉社区大学毕业证如何办理
一比一原版(UCSB毕业证)圣塔芭芭拉社区大学毕业证如何办理
 
欧洲杯冠军-欧洲杯冠军网站-欧洲杯冠军|【​网址​🎉ac123.net🎉​】领先全球的买球投注平台
欧洲杯冠军-欧洲杯冠军网站-欧洲杯冠军|【​网址​🎉ac123.net🎉​】领先全球的买球投注平台欧洲杯冠军-欧洲杯冠军网站-欧洲杯冠军|【​网址​🎉ac123.net🎉​】领先全球的买球投注平台
欧洲杯冠军-欧洲杯冠军网站-欧洲杯冠军|【​网址​🎉ac123.net🎉​】领先全球的买球投注平台
 
Building a Raspberry Pi Robot with Dot NET 8, Blazor and SignalR - Slides Onl...
Building a Raspberry Pi Robot with Dot NET 8, Blazor and SignalR - Slides Onl...Building a Raspberry Pi Robot with Dot NET 8, Blazor and SignalR - Slides Onl...
Building a Raspberry Pi Robot with Dot NET 8, Blazor and SignalR - Slides Onl...
 
MATHEMATICS BRIDGE COURSE (TEN DAYS PLANNER) (FOR CLASS XI STUDENTS GOING TO ...
MATHEMATICS BRIDGE COURSE (TEN DAYS PLANNER) (FOR CLASS XI STUDENTS GOING TO ...MATHEMATICS BRIDGE COURSE (TEN DAYS PLANNER) (FOR CLASS XI STUDENTS GOING TO ...
MATHEMATICS BRIDGE COURSE (TEN DAYS PLANNER) (FOR CLASS XI STUDENTS GOING TO ...
 

HWallet: The simplest Bitcoin hardware wallet

  • 1. HWallet: The simplest Bitcoin hardware wallet Nemanja Nikodijević Security Researcher
  • 2. Hardware wallets STM32F205 HWallet OLED ST31H320 USB STM32F042 OLED USB ATECC508ASTM32L475 OLED USB NXP K20USB NXP K82 OLED Secure MCU Secure Element NDA requiredNDA-free <nemanja@hacke.rs> Hardware Acceleration secp256k1SHA256TRNG Open Source ✓ ✓ ✗ ✗✗✗ ✗✗ ✓✓✓✓ ?✓ ✓ ✓
  • 3. Threat model <nemanja@hacke.rs> MCU OLED USB Comm MCU USB Main MCU OLED https://blog.trezor.io/details-about-the-security-updates-in-trezor- one-firmware-1-6-2-a3b25b668e98 https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/ Secure MCU
  • 4. Library dependencies STM32 HAL (USB, SPI,I2C, UART) uECC third party libs opensource closed source ST31 Cryptography BOLOS App 0 App n ... libopencm3 (USB, SPI,I2C, UART…) Bootloader & Firmware Bootloader & Firmware Bootloader& SEPROXYHAL nanopb micropython Bootloader& Firmware Trezor Crypto AES Base58 BLAKE2 RIPEMD160 SHA1/2/3 Ed25519 Curve25519 Chacha20 Poly1305 QR encoder Emulator <nemanja@hacke.rs>
  • 5. Code size comparison git clone https://github.com/{PRODUCT}/{FIRMWARE} --recurse-submodules cd {FIRMWARE} wc –l `find ./ -name "*.c" -o –name "*.h"` <nemanja@hacke.rs> HWallet 2.5M+ 346k+ 162k+ ~4k122k+ OLED font License headers
  • 6. Code layers <nemanja@hacke.rs> UART SPI GPIO LTC MMCAUCRC TRNG https://gitlab.com/nemanjan/hwallet NXP K82 OLED To Communication MCU Tx/Rx speed fixed to 115200 bps SPI bus clocked at 1 MHz Bitcoin TX SHA256D nonce ECDSA: secp256k1 TX Signature
  • 7. Code layers <nemanja@hacke.rs> UART SPI GPIO LTC Packet OLED MMCAUCRC TRNG Crypto https://gitlab.com/nemanjan/hwallet typedef struct { uint16_t type; uint16_t length; uint8_t data[32]; uint32_t crc; } Packet; PACKET_Send(); PACKET_Receive(); typedef struct { SPIx* spi; GPIOx* dcGpio; GPIOx* rstGpio; uint8_t dcPin; uint8_t rstPin; uint8_t buffer[ ]; } OLED; OLED_WriteRow(); OLED_Clear(); CRYPTO_Random(); CRYPTO_SHA256(); CRYPTO_ECDSA_Sign(); CRYPTO_ECDSA_GetPublicKey(); typedef struct { uint8_t num[32]; uint8_t len; } Bignum; CRYPTO_Bignum_Init(); CRYPTO_Bignum_Mod(); CRYPTO_Bignum_Div(); CRYPTO_Bignum_Sub(); CRYPTO_Bignum_IsNull(); B' = (1/B) mod N A' = A – A mod B (A/B) mod N = (A'B') mod N N - a large prime, larger than any A or B, e.g. p from secp256k1
  • 8. Code layers <nemanja@hacke.rs> UART SPI GPIO LTC Main Loop Packet OLED MMCAUCRC TRNG Crypto https://gitlab.com/nemanjan/hwallet while(1) { Packet msg; PACKET_Receive(&msg); switch(PACKET_MODULE(msg.type)) { case PACKET_BITCOIN: Bitcoin_Process(&msg); ... }; } Module Function Packet type 15 8 7 0
  • 9. Code layers <nemanja@hacke.rs> UART SPI GPIO LTC Main Loop Bitcoin ??? Packet OLED MMCAUCRC TRNG Crypto ??? ??? https://gitlab.com/nemanjan/hwallet void Bitcoin_Process(Packet* msg) { switch(PACKET_FUNC(msg->type)) { case BITCOIN_FUNC_INIT_TX: Bitcoin_Tx_Init(); ... }; }
  • 11. Can it be even simpler? <nemanja@hacke.rs> UART SPI GPIO LTC Main Loop Bitcoin ??? Packet OLED TRNGCRC Crypto ??? ??? K82 KL82 Cortex-M4 Cortex-M0+ 150 MHz 72 MHz Core Freq Flash RAM 256 kB 128 kB 256 kB 96 kB …and more secure? NXP K82 NXP K81 NXP KL82 NXP KL81 Anti Tamper + =+ NDA
  • 12. Expanding functionality: Recovery seed <nemanja@hacke.rs> TRNG BIP-32 BIP-39 BIP-44 Entropy 128-512bit m m/0 m/44' m/i m/44'/0' m/44'/0'/0'/0m/44'/0'/0' ... CKD(x, n) based on HMAC-SHA512 ... 44' = 0x8000002C BTC – 0' … ETH – 60' … XRP – 144' witch collapse practice feed shame open despair creek road again ice least HMAC SHA512 m/44'/0'/0'/0/0 m purpose’ coin_type’ account’ change address_index
  • 13. Expanding functionality: FIDO U2F <nemanja@hacke.rs> NXP K20USB NXP K82 NXP K81 nRF52840 NXP KL82 NXP KL81 USB BLE WebAuthn FIDO WebAuthn CTAP CTAP Comm MCU Main MCU Client to Authenticator Protocol