Bitcoin Forum

(...)
My first questions would be if somebody has seen any more informations or manuals for the new NFC feature of the MK4?
(...)

Near-Field Communication (NFC)

In the connections front, the user can opt into using NFC with the Mk4 by enabling it in the device’s settings as the feature will come disabled by default. Once turned on, NFC will enable the COLDCARD to come near a compatible device to sign a transaction or a message, co-sign in a multisig setup, or share information from the device’s MicroSD card like a payment address or an extended public key, a partially-signed Bitcoin transaction (PSBT), a text file, or a transaction file.

Coinkite founder NVK told Bitcoin Magazine that the goal with NFC is to lower cost, improve UX, and further adoption.

“Imagine hardware wallets being able to just tap-to-pay,” he said.

Although QR codes have recently become popular in some hardware wallets, NVK said they haven’t been adopted in the larger payment industries because they have extremely low data bandwidth, are more complex and not human readable, and require more expensive hardware.

“This feature was added to improve phone-wallet UX as all modern phones have NFC, free, already sitting unused,” NVK said. “NFC will be available to all COLDCARD functions we are able to send or receive data, just like the SD card or USB cable.”

In addition to requiring NFC to be turned on for usage, NVK told Bitcoin Magazine that the Mk4 will also enable the user to permanently disable the feature by scratching a PCB trace exposed on the MicroSD opening.

My first questions would be if somebody has seen any more informations or manuals for the new NFC feature of the MK4?

As far as I know there is the option to store LTC on an coldcard is it possible for BCH also since it is also similar to BTC?

I don't understand why would you need manual for something you don't even own... and it's not exactly rocket science.

Well if it is not rocket science then please enlighten me on how to sign a transaction with NFC and an iPhone

Well if it is not rocket science then please enlighten me on how to sign a transaction with NFC and an iPhone

7) For that, on your software wallet, create a PSBT transaction and click "Export using NFC"

10) Send it back to your software wallet using the export feature of your hardware wallet.

The problem that I am facing is that there is no hardware wallet that I know that can receive the signed transaction from the coldcard.

Same question as above about a wallet that can actually do this.

Coldcard is the hardware wallet, hardware wallet generate and store the private keys and are used for the signing.

According to this Coldcard guide, you can use Electrum: https://coldcard.com/docs/quick#using-with-electrum-via-usb

You can read this detailed Coldcard guide for beginners, guide For Bitcoin Beginners (https://coldcard.com/docs/beginner) to know more about how you can use Coldcard to make transaction.

Sorry, I mean there is no wallet (especially on iOS) that can receive the signed transaction via NFC.

Yes you can use many wallets with USB or MicroSD card. The question is what wallet can you use for NFC.

Its very weird to me, that coldcard advertises the NFC feature (that I would appreciate) but nobody seems to question that in reality it is impossible to use. Even on their website where you can find manuals for every last bit of the device they don't even mention the feature.

In the connections front, the user can opt into using NFC with the Mk4 by enabling it in the device’s settings as the feature will come disabled by default. Once turned on, NFC will enable the COLDCARD to come near a compatible device to sign a transaction or a message, co-sign in a multisig setup, or share information from the device’s MicroSD card like a payment address or an extended public key, a partially-signed Bitcoin transaction (PSBT), a text file, or a transaction file.

Coinkite founder NVK told Bitcoin Magazine that the goal with NFC is to lower cost, improve UX, and further adoption.

“Imagine hardware wallets being able to just tap-to-pay,” he said.

Although QR codes have recently become popular in some hardware wallets, NVK said they haven’t been adopted in the larger payment industries because they have extremely low data bandwidth, are more complex and not human readable, and require more expensive hardware.

“This feature was added to improve phone-wallet UX as all modern phones have NFC, free, already sitting unused,” NVK said. “NFC will be available to all COLDCARD functions we are able to send or receive data, just like the SD card or USB cable.”

In addition to requiring NFC to be turned on for usage, NVK told Bitcoin Magazine that the Mk4 will also enable the user to permanently disable the feature by scratching a PCB trace exposed on the MicroSD opening.

“Imagine hardware wallets being able to just tap-to-pay,” he said.

Its very weird to me, that coldcard advertises the NFC feature (that I would appreciate) but nobody seems to question that in reality it is impossible to use. Even on their website where you can find manuals for every last bit of the device they don't even mention the feature.

I put in my reservation for a mk4 a couple of weeks ago.  I paid for it, and then a few days later I got an email stating my reservation has been turned into an order, and I should pay shipping.  I still haven't heard from them whether it has shipped or not, but I expect to receive it in the next few weeks.  I'm planning to do a thorough review of the wallet including it's NFC capacities once I get it.

I didn't buy it for it's NFC capabilities, and honestly I don't plan to use that feature much if at all after playing with it, I just want get a picture of it's functionality.

Still the MK4 is a very nice device that I can recommend.

How can you recommend it if you didn't even receive (or order?) it and test it thoroughly?

Since the beginning of this thread I have receive my coldcard Mk4 (actually two of them) and used it quiete a lot. If you have any questions feel free to ask but other then the NFC feature everything is as I would have expected it to be.

Yes there was quiete a long preorder period but now I think it is officially on sale and you can get it in aroubd 3 weeks.

Since the beginning of this thread I have receive my coldcard Mk4 (actually two of them) and used it quiete a lot. If you have any questions feel free to ask but other then the NFC feature everything is as I would have expected it to be.

I think that new NFC tap feature is disabled by default, but someone from coldcard said that you can even destroy it if you want to disable it forever.

I think that new NFC tap feature is disabled by default, but someone from coldcard said that you can even destroy it if you want to disable it forever.

e quantities they sell and probably not very high quality components they use, it's to be expected. You know best about how many issues Ledger had with screens in the past.
But that's the difference between a $1 one-inch LCD from China and a $30 state-of-the-art (in terms of hardware security) memory LCD from sharp.

Unfortunately the ColdCard hardware doesn't seem to be open-source, so I can't check their BOM, but from pictures they seem to be using a simple, cheap off-the-shelf LCD as I mentioned. If we assume 1,000 units, it's $0.50 per display instead of $30 so it's kind of clear that the quality has to be lower.

For contrast, this is the higher-quality LCD I keep mentioning.
https://github.com/Foundation-Devices/passport-assembly/blob/main/Bill%20of%20Materials/BOM.pdf

Here's more information about the screen (the timestamp is important; no need to watch all 43 minutes.. ;))
https://youtu.be/mrKBKZ0RJAo?t=1491

We will likely be fully caught up by end of day today and update to no lead time "in stock"

Already broken screens sounds bad. But honestly with the quantities they sell and probably not very high quality components they use, it's to be expected. You know best about how many issues Ledger had with screens in the past.

At the moment it is possible to send the transaction from the iPhone to the coldcard via NFC. -> The coldcard then signs the transaction and will automatically try to send it back via NFC. This is not possible since the wallet can not recive it (blue wallet etc.)

Yes that is correct, you can scratch off a trace on the PCB to disable it. Im not an expert but all the attacks on hardware wallets that I have seen anyways solder some stuff on the PCB so I would assume that at least the hardware part could be restored by soldering a new trace.

MY problem with the feature is that there is no wallet at the moment that can recive the signed transaction via NFC. If you look in blue wallet you can only upload a file from your file explorer or use a QR Code. There is no such option like "recive transaction via NFC". The problem with that is that you could only recive a transaction with a 3rd party NFC app that allows you to store the data that you recive on your device. Then you could go into blue wallet to upload that data and broadcast the transaction. But with my testing I could not get this to work, since the NFC receiver app could not handle the kind of data from coldcard so it was not saved properly. Other than that the coldcard seems to send the data correctly. If somebody from coldcard ready it correctly my solution would be:

I don't think that screen was broken on image I posted, but it was some other internal problem that showed weird characters on screen, so replacing screen wont fix anything.
Something similar happening a lot on ledger nono x hardware wallet, that is more likely some problem with one of their microchips new Coldcard mk4 have now or firmware problem.
I wont speaculate much until NVK posts more details about this, and this was not the only case I noticed, but I was busy to record this on time with link proof.

Thanks for the feedback! It's a bit weird shipping a product for which the software doesn't exist (yet?), let's see what happens on that front in the future. If CoinKite fully rely on wallet developers to implement this, I'm not sure it will actually happen. ColdCard is the only popular wallet with NFC that I know of; app developers would literally be going to need to implement this just for ColdCard for the time being.

ColdCard is the only popular wallet with NFC that I know of; app developers would literally be going to need to implement this just for ColdCard for the time being.

Seems like so far there is really no NFC support anywhere and we can only hope that it will be integrated in wallet apps later on

I disagree with adding things like this to security devices and appreciate the fact that you can cut the trace.
Think it would be better if you had to force enable it instead of force disable.

I don't think that Coldcard is the only hardware wallet with NFC support.
Many credit card format hardware wallets have been using NFC for some time, like CoolWallet, Satochip, Tangem, Keycard, Sugi, etc. but it was never so popular.

What software do those use then, though? If there are no wallet applications that support it yet?

One of these guys. The device is chunky anyway; I'm sure they would have made space for such a jumper and two THT pins.

https://i.postimg.cc/G3Hzvkx4/image.png

What software do those use then, though? If there are no wallet applications that support it yet?

It supports both NFC and ISO7816 physical interfaces, meaning that it is compatible with any Android phone equipped with NFC and all USB Smartcard readers.

The most obvious case for integration of Keycard is crypto wallets (ETH, BTC, etc), however it can be used in other systems where a BIP-32 key tree is used and/or you perform authentication/identification.

To further simplify integration, we have developed a Java-based API which can be used on both desktop and Android systems. On the desktop it uses the javax.smartcardio to interface with the card, which is compatible with most USB readers. On Android it uses the on-board NFC reader.

[...]
NFC is nothing special really  :P

Here is second example short video of using Tangem NFC card with their Tangem app:
https://www.youtube.com/watch?v=m6xey-172PI

NFC is nothing special really  :P

Sure; that's not the issue, I was just wondering if there's no software for ColdCard mk4 how other, already existing NFC wallets work. But from that video it appears the hardware wallet guys made their own apps until now.
CoinKite could for instance have written the NFC code themselves for BlueWallet (as it's open source) and submitted a pull request.

Or made their own little app like Foundation's 'Envoy' app (https://foundationdevices.com/envoy/).
Keep in mind they only sold around 2,000 devices so far (and shipped 1,000) and they managed to write a simple wallet application that even allows to update the device firmware without a PC. The beta is supposed to come next week and I'll definitely give it a try! I'm surprised that the much more popular ColdCard doesn't have their own app, after 4 revisions, especially if available apps don't support their 'killer feature' for the mk4 that is NFC.

Or made their own little app like Foundation's 'Envoy' app (https://foundationdevices.com/envoy/).

It is not very special in regards to hardware wallets, but it is very special if it would be usable in combination with coldcard.

It's nothing special for me, with or without coldcard wallet, I wouldn't use NFC feature at all and it has zero value for me.
I agree with you that with NFC chip this can't really be considered as air-gapped wallet, but people tend to twist definition of airgap according to their needs.

It is not special in a way that I think everyone should be using it, but it is special in a way that it is much better than other hardware wallets that are using NFC. The other wallets are created 100 % on the smartphone and then loaded on the NFC chip. Coldcard is created 100 % on the coldcard hardware and only the transaction is send.

I think that it's not so hard to make or fork app if your smartphone already has NFC support.
Speaking about that, did you finally receive your Passport batch2 hardware wallet or you are still waiting for delivery?

I have one idea how to make my own DIY device that looks similar like Passport, but it can also be used for making calls (sort off), and I will probably post more information about that next week.

Coldcard is created 100 % on the coldcard hardware and only the transaction is send. This is very convenient for small amounts. I would use a special coldcard that has only few coins on it but because of coldcard + NFC it is still much more secure than just a mobile wallet for example that many people would use for small amounts.

If I understand correctly, all hardware wallets need to have NFC chip built inside them, so Coldcard is not different from them in some special way.

The thing is that many NFC wallets are only basically and smartphone app and a card that has a writable NFC chip in it. So all the wallet management is done on the smartphone (creating the seed, signing transaction etc.): Basically the NFC chip is only a more fancy way to store a password. With coldcard this is different since all the wallet management is done offline and then sent via NFC to the smartphone.

If I understand correctly, all hardware wallets need to have NFC chip built inside them, so Coldcard is not different from them in some special way.
You need to have two devices with NFC chips that can communicate with antennas between each other, first device is smartphone with NFC chip, and second device is hardware wallet with NFC chip.
Good thing would be to make some comparison review and see how all NFC wallets work in real life scenarios.

The thing is that many NFC wallets are only basically and smartphone app and a card that has a writable NFC chip in it. So all the wallet management is done on the smartphone (creating the seed, signing transaction etc.): Basically the NFC chip is only a more fancy way to store a password. With coldcard this is different since all the wallet management is done offline and then sent via NFC to the smartphone.

Ledger was about to launch one but the cards weren't very useful as the chips require too much power for NFC.

Yes it is quiete disappointing that NVK is in this forum and apparently reads also this topic but doesn’t take the time to reply to the really important questions. Also they seem timbale some good support employees on Reddit but they also do not reply here and in general they don’t go into the more deeper technical details that we talk about.

Honestly, that doesn't mean ColdCard is exceptionally good; it just means the other NFC wallets are exceptionally bad. It's absolutely unacceptable for any hardware wallet to create the seed on a mobile phone.
Especially since ColdCard mk1-3 already existed, which all (correctly) created the seed on-device, it shouldn't be surprising or a novelty / security feature / selling point that they continue to do so. This should be one of the core essential aspects of a hardware wallet.
An argument such as 'other hardware wallets with NFC technology are super terrible' doesn't make the ColdCard a great product. You really shouldn't compare your product to the bottom-of-the-barrel ones as a means of marketing, that's not a good look.

I couldn't find a Samsung app, nor a Google app that does what I would need.

I haven't gotten to the point of creating any transactions in my Mk4 just yet, but I assume you can use NFC to send and receive P/SBTs.  

Well I guess NVK is busy and bitcointalk forum is not high on his priority task list, but look what some new Coldcard Mk4 owners are reporting with their devices.
THeir reddit channel is not very much active and I think they are posting most things related with Coldcard wallet and other devices on their Twitter channel @COLDCARDwallet.
This is not the first time we see people received mk4 broken  factory defect devices that needs to be replaced with new one.

https://i.imgur.com/EDGnkzT.jpg

Unless I'm missing something, the NFC feature on the ColdCard is only used to send (and possibly receive) files to the mobile device.

As long as there is a mobile app for that; which it doesn't.

I haven't gotten to the point of creating any transactions in my Mk4 just yet, but I assume you can use NFC to send and receive P/SBTs.  My unlocked Galaxy S21 is the global version which came with no bloatware installed.  It doesn't have an NFC file transfer app integral to the OS (that I now of) and I'm reluctant to install a third party app for the purpose.  I couldn't find a Samsung app, nor a Google app that does what I would need.

Is it known if you could fix it by replacing the screen so it could be a DIY or is also the controller broken?

You can't fix this with display replacement, and you would probably void your warranty by opening it to do this, but good thing is that I heard Coldcard is accepting this as factory defect and they are replacing them with new devices.

Is there a Bitcoin testnet option available for Coldcard, like there is for Trezor and some other hardware wallets?

I just want to correct what I had written about the ColdCard and testnet; there is indeed a testnet mode.  Since the ColdCard doesn't sign transactions via USB, it must be in Testnet mode to create a wallet to export.

I wonder why I can't find anything about that testnet functionality anywhere on Coldcard website FAQ page or documentation:/
I looked everywhere on internet and only thing I could find is few words mentioned on their website saying that XTN is testnet.
Theer are some mentiones about this in their github issues, and that's it.

EDIT:
Maybe this is connected with previous isolation bypass bug from 2020 that could be exploited using fake testnet transactions:

https://i.imgur.com/8zIshRv.jpg
https://benma.github.io/2020/11/24/coldcard-isolation-bypass.html

I've found the documentation to be a bit misleading in some circumstances.  There seems to be some that's still pertaining to the Mk3 or possibly older wallets, and some has been updated to relate to the Mk4.

I tried to trick it, but I can't sign Testnet transactions unless the device is set to Testnet mode.

I've played with hardware wallets and Testnet before, and I was sure I had done so with my Trezors, but I realized it was in one of my old KeepKey seeds that I had all my tesnet coins locked up.  I fired up my old KeepKey (which works much like the Trezor) and confirmed it doesn't have a specific testnet mode.

Do you know how the testnet mode does actually work?

Does it create a new seed that is shown to you or does it create a testnet wallet based on your normal seed?

If I select testnet it seems that nothing happens to my device  ???

$ electrum --testnet

I would say that Coldcard documentation is probably outdated, and they need to have separate page for mk4, especially if it has new functions like NFC.

I think that even ledger and Trezor hardware wallets support testnet.
You can add this to ledger with separate app and in trezor just by enabling testnet in Trezor Suite.

Other than the checkmark indicating that your ColdCard is in test-net mode, there won't be any changes to the device.  It functions just like it would normally.  To use test-net you'll need to export a wallet for the preferred client you want to use.  I use Electrum, so I exported an Electrum wallet from the ColdCard, and used Electrum Testnet client.  You must use the test-net client, Electrum's main-net client will not open a test-net wallet file, you'll get a warning.

Thank you I had the time to try it again and it indeed worked this time. I think the first time I simply didn't correctly choose testnet. Now that everything works I will try some stuff with multisig which is very nice implemented if you have access to more than one ColdCard.

You don't need a second ColdCard to play with multi-sig, you can have one signer from on the ColdCard and the other on a desktop wallet or a different brand of hardware wallet. 

Have you had a chance to play with the Bip85 seed generator?  That's a pretty darn cool feature, and perfect for secondary seed phrases.  I didn't even know about that bip until I got my ColdCard and started researching the implementation of that feature. 

Our team found a bug in the new Mk4 VirtDisk feature

We are investigating if it could have security  implications, as abundance of caution we strongly recommend disabling VirtDisk feature on Mk4

It has no affect on other Mk4 operations

Settings > Hardware On/Off > Virtual Disk

And this is why you don't add features you don't need.

Why can't developers keep it simple anymore?

The NFC feature is another one that I would suggest should be shelved.  It's not only not needed, it's effectively useless without a compatible app.

Coldcard no longer states open source on their webpage but instead says verifiable source code

Coldcard hardware wallet removed because code is not Open Source anymore, but MIT+CC license and it can't be reproduced anymore.

Why can't developers keep it simple anymore?

It's shame since they also could use Foundation source code to create better/different hardware wallet.

[5] A random Bitcointalk user starts a DIY hardware wallet project that utilizes all of the above projects' open-source hardware and software which allows people to build their own wallets from off-the-shelf components and still has like a 90% 'trusted' codebase, due to having been battle-tested in 3 reputable wallets.

[6] A random Bitcointalk user starts a small company that buys those off-the-shelf components in large quantities and assembles them, to make this easily available for everyone. The components can be easily replaced/can easily be bought, even if you use the wallet as cold storage and only find out after 10 years in a safe that your display is broken.

Sadly NVK does not provide the right informations for Coldcard even if also components like the display are clearly off-the-shelf aliexpress components.

I have not checked the MK4 (since I don't have to to check against) but the MK3 diagrams / BoM were accurate as to what was posted on line vs the coldcard that was shipped to me.

Also did not check the trace layout but don't see why it would be inaccurate.

Where did you find hardware information? Nothing on their GitHub, for sure. I was under the impression that ColdCard was open software and hardware - even after a license change; but now that I'm actually looking for it, I can't find datasheets.
https://github.com/orgs/Coldcard/repositories

Sure, in theory, even with whatever non-open-source license they moved to, 'Verifiable Source Code' of both software and hardware, should be accurate and allow users to source parts for repairs if needed.

Here you go:
https://github.com/Coldcard/firmware/tree/master/hardware

No idea why they stuck it there but since the link is on their blog: https://blog.coinkite.com/coldcard-hardware-shared/ and mentioned in a few other spots, I actually think it was posted somewhere on bitcointalk too.
But, it is there and public and somewhat up to date.

-Dave

⁃ NFC tools menu, msg signing and enhancements
⁃ Temporary/Ephemeral Seed Signing
⁃ Many HSM enhancements
⁃ Menu wrap around UX
⁃ Descriptor type improvement
⁃ Bug fixes and more...

Thanks for the update! Is there also news about an application that can actually support ColdCard in an easy way with NFC signing?

Thanks for the update! Is there also news about an application that can actually support ColdCard in an easy way with NFC signing?

I don't really know much infiormation about that, but you can ask NVK and coldcard team.
There are few videos Coinkite-Coldcard released on their youtube channel explaining how NFC feature works, showing address via NFC, and signing a text message using NFC.
BTC Sessions also released full 30 minute tutorial how to use Coldcard with NFC feature, so you can check out both of this channels.
https://www.youtube.com/watch?v=eLG8Atcd-l4
https://www.youtube.com/channel/UCqMPBcyg_wemgvC1jDI3EIw

There are a few of "App Wallets" working on NFC support for both COLDCARD Mk4 and TAPSIGNER/SATSCARD. Like the years we had to push PSBT to be adopted, we expect NFC will take its time too. Not in a hurry. Nunchuk has integrated it well for both COLDCARD and TAPSIGNER/SATSCARD. It's working fairly well with the latest version and they keep on improving it.

Our approach to NFC is simple, almost anything you can do with the MicroSD/USB you can do with the NFC (signing, exporting data, etc...)

Cheers.

Thanks for the information about Nunchuk, I never heard of that one before. I will definitely give it a try, since NFC was the reason to get the MK4 and not the MK3.

Honestly I think NFC is not a necessary feature and will probably even scare people away from buying the MK4, but since it is there I want to give it a try.

What I dont really understand is, why you can scrape away the NFC link on the PCB, since it seems like an attacker could easily replace this link if he has physical access to the coldcard.

In any case I like the coldcard so far and use it regularly.

Thanks for the information about Nunchuk, I never heard of that one before. I will definitely give it a try, since NFC was the reason to get the MK4 and not the MK3. Honestly I think NFC is not a necessary feature and will probably even scare people away from buying the MK4, but since it is there I want to give it a try.
What I dont really understand is, why you can scrape away the NFC link on the PCB, since it seems like an attacker could easily replace this link if he has physical access to the coldcard.

In any case I like the coldcard so far and use it regularly.

However, if someone gets physical access to your unit and there is another security issue, if the chip is active or not or even there or not makes little difference.

Correct; cutting the trace will protect you against a 'remote' attacker that will have 0 attack surface to try anything on.
But a hardware attack directly on the PCB (connection to buses & probing side-channels) is much more likely to be successful than exploiting NFC. So an attacker with hardware access won't probably bother reconnecting the antenna.

Coinkite just released some infos about their new product, the ColdCard Q1: https://coldcard.com/docs/coldcard-q1
Seems like it is basically a tuned version of the CC Mk4, with some feature that people requested (like QR Scanner, Battery, etc.)

Yes, we are still making a few tweaks but some good info here https://coldcard.com/docs/coldcard-q1

Are you going to paint the plastic in different colors like you did with Coldcard mk4? :)
I can't find model Q1 in Coinkite store except for reservations, and I see release was planned for Q4 this year, that means it could happen even in 2024.

Mk4: Version 5.1.4 - Sept 8, 2023

    New Feature: Batch sign multiple PSBT files. Advanced/Tools -> File Management -> Batch Sign PSBT
    Enhancement: Sparrow Wallet added as an individual export option (same file contents)
    Enhancement: change key origin information export format in multisig addresses.csv to match BIP-0380 was (m=0F056943)/m/48'/1'/0'/2'/0/0 now [0F056943/48'/1'/0'/2'/0/0]
    Enhancement: Address explorer UX cosmetics, now with arrows and dots.
    Enhancement: Linked settings (multisig, trick pins, backup password, hsm users and utxo cache) separation for new main secret.
    Rename Unchained Capital to Unchained
    Bugfix: Correct scriptPubkey parsing for segwit v1-v16
    Bugfix: Do not infer segwit just by availability of PSBT_IN_WITNESS_UTXO in PSBT.
    Bugfix: Remove label from Bitcoin Core importdescriptors export as it is no longer supported with ranged descriptors in version 24.1 of Core.
    Bugfix: Empty number during BIP-39 passphrase entry could cause crash.
    Bugfix: Signing with BIP39 Passphrase showed master fingerprint as integer. Fixed to show hex.
    Bugfix: Fixed inability to generate paper wallet without secrets
    Bugfix: Activating trick pin duress wallet copied multisig settings from main wallet
    Bugfix: SD2FA setting is cleared when seed is wiped after failed login due to policy SD2FA enforce. Prevents infinite seed wipe loop when restoring backup after 2FA MicroSD lost or damaged. SD2FA is not backed up and also not restored from older backups. If SD2FA is set up, it will not survive restore of backup.
    Bugfix: Terms only presented if main PIN was not chosen already.
    Bugfix: Preserve defined order of Login Countdown settings list.
    Bugfix: Remove unsupported trick pin option Look Blank from if wrong (not supported by bootrom).
    Bugfix: v5.1.3 release had padding issue which causes red light on install.

    New Feature: Temporary Seed import from a COLDCARD encrypted backup.
    New Feature: Export seed words in SeedQR format (on screen QR).
    New Feature: Provide user with info about transaction level timelocks (nLockTime, nSequence) when signing.
    Enhancement: New submenu for saved BIP-39 Passphrases allowing delete of saved entries.
    Enhancement: Add current temporary seed to Seed Vault from within Seed Vault menu. If current seed is temporary and not saved yet, Add current tmp menu item is shown in Seed Vault menu.
    Enhancement: Speed up opening Passphrase menu when MicroSD card is available, by deferring card read (and decryption) until after Restore Saved menu item is selected.
    Enhancement: 12 Words menu option preferred on the top of the menu in all the seed menus (rather than 24 words).
    Enhancement: Allow passphrase via USB if passphrase already set - operates on master seed.
    Enhancement: Improve BIP39 Passphrase UX when temporary seed is active and applicable.
    Enhancement: Continuation of removal of obsolete Mk2/Mk3 code-paths from master branch.
    Bugfix: Confusing first-time UX replaced with simple welcome screen.
    Bugfix: One instant retry on SE1 communication failures
    Bugfix: Handle any failures in slot reading when loading settings
    Bugfix: Add missing "First Time UX" for extended key import as master seed
    Bugfix: Hide Upgrade Firmware menu item if temporary seed is active (it cannot work)
    Bugfix: Disallow using master seed as temporary seed
    Bugfix: Do not allow APPLY of empty BIP-39 passphrase. Use "Restore Master" instead.
    Bugfix: Fix yikes in Clone Coldcard (thanks to AnchorWatch)

Still nothing for the Mk3 I guess they are just going to keep them as is unless something bad happens and perhaps not even then.

Mk3 is most likely going to graveyard soon, unless master NVK shows some mercy.

btw do you by any chance know what is going on with biggest ever giant hardware wallet in the world aka Coldcard Q... that thing to me appears to have reservation status for eons, or it must be only available for special VIPs  ::)

But you can get your Mk 4 in a bunch of different colors. Because you need that......

Yeah, I guess it's colorful holiday season for coldcard, and nvk is getting active again spreading hate and false information on social media.
Would you even buy that coldcard kingkongQ device if available?
I know I wouldn't.

https://images2.imgbox.com/91/66/DOELgiNx_o.jpg

I hope nvk feels safe and secure in his mental asylum eco chamber.  :P
Luckily I can still follow whatever I want using nitter  ;)

dkbit98 2
nvk 1

@DaveF
The Mk3 and Mk4 already have plenty of qualities if you are looking for an airgapped signing device. If open-source isn't a priority for you, of course.
The Q model introduces a better keyboard and QR code scanning. Those are useful features to have, but not essential.

Below are relevant specs laid out in comparison

@satscraper
The separation of unsigned and signed transactions isn't an important feature. You can name the files however you want. Just name then accordingly if you have problems differentiating one type from the other.

@satscraper
The separation of unsigned and signed transactions isn't an important feature. You can name the files however you want. Just name then accordingly if you have problems differentiating one type from the other.

@DaveF
I wouldn't worry too much about missing support. Don't forget, it's an airgapped wallet. All you need is for it to sign your transactions properly so you can export the files to your online device for broadcasting. Unless there is a vulnerability found in the older models and versions, everything is ok.

Time marches on and things will get outdated and no longer supported I get that. But come out and say it. Don't just ignore it and hope we forget about it.

-Dave

I  am quiet on this and take it for granted.

Even leather wallets for bills  are wearing out and  we need to acquire new ones.

Mark 1 was released somewhere about 5-6 years ago.  Over the years things has been changed dramatically in both field software (consider   the occurrence of taproot  for instance ) and hardware (new chips, fabricated with nano-lithography). Thus, new models develop features that can not be supported  by old flavors.  

@DaveF
If you think that Taproot and any upcoming features will be important to you, then I can only suggest that you abandon Coldcard that has already let you down several times in the past. It still remains a safe signing device for regular transactions, though.

I have yet to make and use a Taproot transaction. Have you ever used them?

Sincere ColdCard is one of the more expensive wallets that you can buy I would also think it is a shame if they would stop the support of the MK3 so quickly. In some European countries you are now even allowed to request a full refund if there are no software updates for at least 2 years after purchase.

That's interesting... IIRC, they had ^{[probably still have]} a strict no-refund policy for their products, so you're telling us there's a law that can overwrite the terms end-users agree to before purchasing the products?
^{- I had no luck in finding anything on Google (can you point me in the right direction?).}

That's interesting... IIRC, they had ^{[probably still have]} a strict no-refund policy for their products, so you're telling us there's a law that can overwrite the terms end-users agree to before purchasing the products?
^{- I had no luck in finding anything on Google (can you point me in the right direction?).}

It is actually totally normal in Germany and most of Europe that there are very strict laws that overwrite the end-user agreement. This means that you can write a lot of stuff in the end-user agreement but only the parts that are not covered by these laws are actually in effect. If there is a law that disagrees with part of the end-user agreement you can refer to that law as the user.

In this case there is a law in Germany § 475b BGB and § 475c BGB that require that you have to release updates for two years. This means that the product must be able to be used in a correct and safe way for two years. If the product can not be operated in a correct and safe way then there needs to be an update or you can return the product for a refund. Vice versa this means that you would not need an update if the products works without any security or functional deficits for two years.
What is also interesting to note is that you start those two years form the day of the sale and not from the day when the product was produced.

Sadly I can’t really find good explanations of this law in English since it is a very new law that went into affect only a year ago (01.01.2023). There a not really cases so far where courts had to fight with big companies about this, since there a probably not to many people right now that request a refund because of it.

This is an official German website where they try to inform people about this new rule: https://www.verbraucherzentrale.de/wissen/vertraege-reklamation/kundenrechte/softwaregewaehrleistung-welche-rechte-habe-ich-bei-fehlenden-updates-74911

In general you can read about German warranty law and AGB-Law

In this case there is a law in Germany § 475b BGB and § 475c BGB that require that you have to release updates for two years. This means that the product must be able to be used in a correct and safe way for two years. If the product can not be operated in a correct and safe way then there needs to be an update or you can return the product for a refund. Vice versa this means that you would not need an update if the products works without any security or functional deficits for two years.
What is also interesting to note is that you start those two years form the day of the sale and not from the day when the product was produced.

How will you be able to request a refund if you buy it from Coldcard.com?

I think that's very easy to side-step, just by continuing to push firmware updates so that they don't have to take people's refunds.

And then if they ever stop selling the Coldcard, just keep pushing firmware updates for two more years and then they can pull the plug on the product.

<Snip>

In this case, Coinkite is from Canada, and they are subject to whatever the law states for Canadian businesses. This is my personal opinion, but it doesn't mean that I am right.

You can easily sue them before any German court and win the case. The issue would be to get the money from them in Canada.
What is the correct way is to buy the ColdCard from a german vendor and then get the refund from this vendor. He will be responsible for the warranty.

If Coinkite is willing to sell Coldcards to european customers they will have to obey national laws. This is what you can see for example with apple and the USB-C stuff and also the App-Store developments.

Sincere ColdCard is one of the more expensive wallets that you can buy I would also think it is a shame if they would stop the support of the MK3 so quickly. In some European countries you are now even allowed to request a full refund if there are no software updates for at least 2 years after purchase.

The intention is that you will have at least 2 year of updates from the day of the purchase.

I am sure that is only for smartphones and maybe computers, not for toasters or wristwatches.  ;)

This is somewhat right but also somewhat wrong. It actually depends on international law and trade agreements between the countries involved. There are even different trade agreements between the same countries about different topics.

It is an interesting subject, though. Too bad that we don't have any legal experts here (that I am aware of) who could tell us more about our rights and obligations. 

As far as I understand all the Coldcards form MK1-MK4 can still be used safely as of now or is that not correct?

But their main (signing) purpose can't and shouldn't simply stop working all of a sudden.

The only thing that I could imagine that would be very bad is if some newer wallet versions would not recognize the transactions from the older ColdCards, because maybe some kind of format change. But that does not seem to be the case in any near future.

As far as I understand all the Coldcards form MK1-MK4 can still be used safely as of now or is that not correct?

There are some really out there attacks that cannot be mitigated such as this one: https://blog.coinkite.com/laser-fault-injection/

or this one: https://blog.coinkite.com/version-3.0.6-released/

All fault injection attacks require physical access to the hardware wallet. If someone gets their hands on your HW device, you should move your coins from it regardless of what model you own. I wouldn't be comfortable with someone, who perhaps knows what they are doing, playing around with my wallet and trying to break into it even if I had the world's safest one.

This particular attack is only possible on multisig wallets. If you are using a standard singlesig wallet, you aren't affected.