Bitcoin Forum
November 16, 2024, 12:36:06 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: How to Verify BitHD Wallet Firmware Source Code?  (Read 210 times)
Bitpie Wallet (OP)
Member
**
Offline Offline

Activity: 157
Merit: 12

Safe&easy multi-blockchain wallet from Bither Team


View Profile WWW
March 27, 2020, 10:09:11 AM
 #1

“Don’t trust. Verify.”



The best way to prove you didn`t has a backdoor of your product is to make it Open Source. It doesn`t means that will be 100% safe but means we can work with the whole geek community to avoid any attack.

Open Source means any users can compile the firmware by themselves. Therefore, BitHD hardware wallet team prepared this tutorial to guide you to verify the consistency of the codes between the firmware on GitHuband the actual firmware on the BitHD hardware wallet product being sold on Amazon and eBay.

Before We Start:
This tutorial is based on mac system operation, windows system users can download linux system to complete the operation process.

During the compilation process, please do not close the terminal program.



Open Terminal

You can find Terminal by search ‘Terminal’ in the Launchpad.



2. Install the compilation environment

2.1 Install Docker

https://docs.docker.com/install/


2.2 Input the following command in the terminal and hit ‘enter’ to install homebrew

ruby -e “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"



2.3 Paste the following command in the terminal to install python3 and pipenv through homebrew

brew install python3 pipenv



Get BITHD firmware open source code
Create a new folder on the desktop and name it “BITHD”



2. Open terminal and input the following command to enter the folder directory

cd ./Desktop/BITHD/



3. Continue to input the following command in the terminal to get the open source code on GitHub

git clone https://github.com/bithd/bithd-mcu.git



4. After successful acquisition, a BITHD-mcu folder will be generated in the BITHD file



This folder is the open source BITHD firmware code on GitHub, and subsequent compilation operations will be performed in this file directory.

Compilation
This step requires high computer performance, and some steps will take a long time. Please do not close the terminal before the terminal completes the operation, and wait patiently for the terminal to finish compiling.

Input the following command in the terminal to enter the firmware code root directory

cd bithd-mcu



2. Input the following command in the terminal to compile the corresponding version firmware.

export TAG=v2.7.4; ./build-firmware.sh $TAG



After the compilation is completed, the compiled firmware file will be generated in the BITHD / BITHD-mcu / build folder. At this time, the compilation steps for the GitHub open source code have been completed.

Sign the compiled firmware
Input the following command to install designated python environment.

pipenv — python 3 install



2. Input the following command to generate a bin file to sign

pipenv run ./script/prepare_firmware.py -f ./build/bithd-$TAG-unsigned.bin



A file named bithd-v2.7.4-prepared.bin will be created in the folder BITHD/BITHD-mcu/build.

3. Input the following command at the terminal. Sign this file with the signing file provided by BITHD official.

The signing file is saved in the folder BITHD/BITHD-mcu/signatures

export TAG=v2.7.4
pipenv run ./script/build_signed_firmware.py -f ./build/bithd-$TAG-prepared.bin -s . signatures/$TAG.csv



After signing, a new file bithd-v2.7.4-signed will be generated in BITHD/BITHD-mcu/build. This file is the firmware we compiled and signed with the GitHub source coded and official signing file.

So far, we have completed all the steps of getting code from GitHub, compiling and signing. Then, we will verify the firmware.

Firmware Verification
Connect BITHD, choose to export the firmware in Bitpie APP. Tip: this exporting is only about firmware information and has nothing to do with your assets.



2. Through comparison, verify the consistency between the firmware in your hardware and the GitHub open-source firmware.

Input the following command in the terminal, and the comparison result will be shown as export

TAG=v2.7.4diff <(xxd build/bithd-$TAG-prepared.bin) <(xxd build/bithd-$TAG-firmware.bin)

Tip: please move the exported firmware file into folder BITHD/BITHD-mcu/build and edit the file name as same as the name in the command. E.g. the exported file name is bithd-wallet-firmware, we need to rename it as bithd-v2.7.4-firmware and put it into folder “build”. Otherwise the command would report an error.



By comparing the compiled firmware and the exported firmware, we can find the only difference is the first 256 signing information is different. Apart from that, all the remaining codes are all idential. That’s proved the two firmwares are totally the same.

3. Through Hash computing, verify the consistency between the firmware in hardware and the open-source firmware codes on GitHub.

3.1 Input the following command to compute the hash value of the exported firmware file.

shasum -a 256 ./build/bithd-$TAG-firmware.bin


3.2 Compare the hash value with the firmware codes on GitHub.



GitHud Address:https://github.com/bithd/bithd-mcu/releases

We can find the two hash values are identical. That demonstrates that the two firmware are exactly the same.

Find us on:

👉Twitter 👉 Telegram 👉Facebook 👉 Telegram HK 👉 News
dkbit98
Legendary
*
Offline Offline

Activity: 2422
Merit: 7578



View Profile WWW
March 27, 2020, 11:44:13 PM
 #2

Is it possible to sign/verify message from BitHD wallet?
Trezor wallet have this option and from desktop wallets Electrum also have this option

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Rath_
aka BitCryptex
Legendary
*
Offline Offline

Activity: 1876
Merit: 3139



View Profile
March 28, 2020, 12:09:19 AM
 #3

Is it possible to sign/verify message from BitHD wallet?

You can sign a message using the bitpie app which is also used for device management. As for verifying a signed message, I think you have to use some third-party software. I received a BitHD Razor for a review so I can answer your further questions.
BITHD Cold Wallet
Newbie
*
Offline Offline

Activity: 65
Merit: 0


View Profile WWW
March 30, 2020, 02:04:20 AM
 #4

Is it possible to sign/verify message from BitHD wallet?
Trezor wallet have this option and from desktop wallets Electrum also have this option

Yes, BitHD products can sign&verify message. you can find in Me-Setting-Message
Bitpie Wallet (OP)
Member
**
Offline Offline

Activity: 157
Merit: 12

Safe&easy multi-blockchain wallet from Bither Team


View Profile WWW
March 30, 2020, 02:05:12 AM
 #5

BITHD Cold Wallet
Newbie
*
Offline Offline

Activity: 65
Merit: 0


View Profile WWW
March 30, 2020, 02:06:50 AM
 #6

Is it possible to sign/verify message from BitHD wallet?

You can sign a message using the bitpie app which is also used for device management. As for verifying a signed message, I think you have to use some third-party software. I received a BitHD Razor for a review so I can answer your further questions.

Nice try.
dkbit98
Legendary
*
Offline Offline

Activity: 2422
Merit: 7578



View Profile WWW
March 30, 2020, 11:38:37 PM
 #7

Thank you for answering.
I would also like to see Bitpie wallet for desktop with Widnows and LInux support, and not just mobile.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Bitpie Wallet (OP)
Member
**
Offline Offline

Activity: 157
Merit: 12

Safe&easy multi-blockchain wallet from Bither Team


View Profile WWW
March 31, 2020, 03:08:02 AM
 #8

Thank you for answering.
I would also like to see Bitpie wallet for desktop with Widnows and LInux support, and not just mobile.

Interesting, seems people like to use desktop than mobile App. But, why? Isn`t mobile App much more easy to use?
dkbit98
Legendary
*
Offline Offline

Activity: 2422
Merit: 7578



View Profile WWW
March 31, 2020, 08:59:48 AM
 #9

Interesting, seems people like to use desktop than mobile App. But, why? Isn`t mobile App much more easy to use?

Give people more options to choose.
Some prefer mobile, but others like to use desktop and PC, maybe they are thinking that it is easier to lose mobile than pc Smiley

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
CucakRowo
Hero Member
*****
Offline Offline

Activity: 994
Merit: 593


aka JAGEND.


View Profile WWW
April 03, 2020, 05:49:31 AM
 #10

Interesting, seems people like to use desktop than mobile App. But, why? Isn`t mobile App much more easy to use?
Agree with @dkbit98 suggestion, give more option for people to choose. I will choose the desktop apps rather than mobile tbh. I'm not comfortable for using mobile phone for crypto things.


dkbit98
Legendary
*
Offline Offline

Activity: 2422
Merit: 7578



View Profile WWW
April 03, 2020, 05:57:53 PM
 #11

Agree with @dkbit98 suggestion, give more option for people to choose. I will choose the desktop apps rather than mobile tbh. I'm not comfortable for using mobile phone for crypto things.

You are not using any cable for connecting, and you use your mobile only for confirming things and for interface.
Crypto and private key is not stored on your mobile device.
Just use some old smartphone.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!