Surely this is a infringement of a Trezor patent? or are they operating from a country where the patent is not registered?
The 100% Trezor compatible, should mean that they collaborated with Trezor on this product? I am all for NEW and improved innovation, but it has to come from a trusted company before I would store my money on it.
It will be bad for BTC if we allow companies to bring products to market and consumers lose money because of it.
Anyone use this device? { I like the smaller features, but I have my doubts about the security }
Trezor code is licenced GPLv3, which roughly means that anyone can do whatever they want with the code (including producing and selling clones) Check out http://stellaw.info for some brief analysis |
|
|
|
Also, where can I download your firmware binaries?
Yes, we've changed the logo and the name in order not to infringe any trademarks. Please update from Trezor's website with their own binaries if you are not happy with it. Due to lack of time we have not set up (yet) a git repository or the ledwallet.com website. We'll do that soon. Please also include Bootloader source. |
|
|
|
|
Also, where can I download your firmware binaries?
|
|
|
|
Its pretty clear to me that you have made modifications to SatoshiLabs' (Trezor's) code. Where can I see these modifications (enough to compile your firmware myself) Thanks! |
|
|
|
Not sure what the license issue might be. Its GPLv3. |
|
|
|
|
Well, I've got a tracking number from them. So they are shipping me something. Should be here by the middle of next week.
|
|
|
|
Trezor Plugin is closed
Sheesh, open all the things, or stop selling your product as 'open source' |
|
|
|
A trezor copy is not a fake, it is free software and free hardware except the bootloader. Someone with capital and skill could do it, but they have to build their own reputation.
Bootloader source is also available now. Also, I don't understand the purpose of the distinction. Perhaps describing this theoretical device as a 'malicious Trezor' would be more accurate. |
|
|
|
A fake Trezor can do anything.... you pulled that out of your FUD hat?  Why couldn't a fake trezor impersonate a real one and do whatever it wants underneath the hood? I'm not saying this is easy to accomplish, but certainly technically possible. |
|
|
|
Even I cannot trust my own computer, because I haven't seen and read sources to all components it is running (BIOS, kernel, hardware drivers, OS, etc.)
oh the irony  |
|
|
|
Why is the modification necessary to compile?
Because stack protector was not enabled in bootloader until now. I don't understand. Can you please explain? |
|
|
|
|
Is the stack protector enabled in the shipping version?
Why is the modification necessary to compile?
|
|
|
|
I'm seeing a different error:
bootloader.o: In function `show_unofficial_warning':
/home/user/Documents/tbootloader/trezor-mcu/bootloader/bootloader.c:55: undefined reference to `__stack_chk_fail'
/home/user/Documents/tbootloader/trezor-mcu/bootloader/bootloader.c:55: undefined reference to `__stack_chk_guard'
bootloader.o: In function `load_app':
/home/user/Documents/tbootloader/trezor-mcu/bootloader/bootloader.c:63: undefined reference to `__stack_chk_fail'
/home/user/Documents/tbootloader/trezor-mcu/bootloader/bootloader.c:63: undefined reference to `__stack_chk_guard'
...
many snipped
...
/home/user/Documents/tbootloader/trezor-mcu//libtrezor.a(fonts.o): In function `fontStringWidth':
/home/user/Documents/tbootloader/trezor-mcu/gen/fonts.c:118: undefined reference to `__stack_chk_fail'
/home/user/Documents/tbootloader/trezor-mcu/gen/fonts.c:118: undefined reference to `__stack_chk_guard'
collect2: error: ld returned 1 exit status
make: *** [bootloader.elf] Error 1
on Ubuntu 14.04 64-bit |
|
|
|
is trezor 100% safe?
against what? against hackers is it safe like a paper wallet? Hard, vague question. Certainly has more electronics than paper. |
|
|
|
I would guess that the code above is a manual translation into python-like language of some part of the executable binary extracted from the bootloader.
How do you come to this conclusion? Its just python code that verifies signatures on a firmware image. nothing more. |
|
|
|
for what it's worth as an independant audit, the bootloader functionally does what it's supposed to do and doesn't contain a backdoor. (+ proof of RE) Who performed this audit? What exactly was audited? Where are the results? How is that code proof of RE (I assume you mean 'reverse engineering')? It appears to only check the signatures. |
|
|
|
|
Show Posts
