Loading fails for Nano S Plus on Mac

[siy]

I'm using a modified cargo-ledger(see this PR) to load the firmware to Ledger Nano S Plus. I'm trying to do this on two different Mac's with ARM CPU. On one system, everything works fine, but the other shows the following error:

➜  babylon-ledger-app git:(feature/sign-transaction) ./flash-nanos-plus.sh
   text    data     bss     dec     hex filename
  58880       0    1904   60784    ed70 /Users/dawidsowa/work/babylon-ledger-app/target/nanosplus/debug/babylon-ledger-app
Traceback (most recent call last):
  File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.9/lib/python3.9/runpy.py", line 197, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.9/lib/python3.9/runpy.py", line 87, in _run_code
    exec(code, run_globals)
  File "/Users/dawidsowa/Library/Python/3.9/lib/python/site-packages/ledgerctl.py", line 358, in <module>
    cli()
  File "/Users/dawidsowa/Library/Python/3.9/lib/python/site-packages/click/core.py", line 1130, in __call__
    return self.main(*args, **kwargs)
  File "/Users/dawidsowa/Library/Python/3.9/lib/python/site-packages/click/core.py", line 1055, in main
    rv = self.invoke(ctx)
  File "/Users/dawidsowa/Library/Python/3.9/lib/python/site-packages/click/core.py", line 1657, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/Users/dawidsowa/Library/Python/3.9/lib/python/site-packages/click/core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/Users/dawidsowa/Library/Python/3.9/lib/python/site-packages/click/core.py", line 760, in invoke
    return __callback(*args, **kwargs)
  File "/Users/dawidsowa/Library/Python/3.9/lib/python/site-packages/click/decorators.py", line 38, in new_func
    return f(get_current_context().obj, *args, **kwargs)
  File "/Users/dawidsowa/Library/Python/3.9/lib/python/site-packages/ledgerctl.py", line 150, in install_app
    client.install_app(app_manifest)
  File "/Users/dawidsowa/Library/Python/3.9/lib/python/site-packages/ledgerwallet/client.py", line 319, in install_app
    self.apdu_secure_exchange(LedgerSecureIns.CREATE_APP, data)
  File "/Users/dawidsowa/Library/Python/3.9/lib/python/site-packages/ledgerwallet/client.py", line 230, in apdu_secure_exchange
    data = self.apdu_exchange(
  File "/Users/dawidsowa/Library/Python/3.9/lib/python/site-packages/ledgerwallet/client.py", line 216, in apdu_exchange
    raise CommException(
ledgerwallet.client.CommException: Exception : Invalid status 6512 (Unknown reason)

Systems configures identically (as far as I can see), the only difference is the firmware versions of the Nano S Plus device.

Working one has: Secure element - 1.0.2 Microcontroller - 4.02 Bootloader - 3.12

Failing one has: Secure element - 1.1.0 Microcontroller - 4.03 Bootloader - 3.12

Another observed difference is that failing system asks for "allow unsafe manager", while working one goes directly to deletion of existing app and loading a new one.

Any ideas what could be the cause of the issue?

[siy]

Manifest generated by cargo-ledger looks so:

{
  "binary": "target/nanosplus/debug/app.hex",
  "dataSize": 0,
  "derivationPath": {
    "curves": [
      "secp256k1",
      "ed25519"
    ],
    "paths": [
      "44'/1022'"
    ]
  },
  "flags": "0x240",
  "icon": "icons/nanox_app_radix.gif",
  "name": "Radix Babylon",
  "targetId": "0x33100004",
  "version": "0.0.1"
}

[yhql]

Indeed, known difference between 1.1.0 version and others: a new flag needs to be defined. https://github.com/LedgerHQ/cargo-ledger/pull/21 should fix your problem. If you need a quick fix instead, add a field in the generated manifest "apiLevel": "1",

[yhql]

About the other difference: one device has most likely already installed a "custom CA" that allows bypassing the usual screens and warnings for custom apps.

[siy]

Indeed, known difference between 1.1.0 version and others: a new flag needs to be defined. #21 should fix your problem. If you need a quick fix instead, add a field in the generated manifest "apiLevel": "1",

I'd prefer to see both PR's (#19 and #21) merged.

[siy]

About the other difference: one device has most likely already installed a "custom CA" that allows bypassing the usual screens and warnings for custom apps.

It might be. Can't answer for sure because just don't remember all the details. My feeling is that all I did was quick setup of fresh device directly from the device - set PIN and install 12-word seed phrase (this one: "equip will roof matter pink blind book anxiety banner elbow sun young"). I'll try to reset the device and try to reproduce device setup steps.

[siy]

After reset and configuration, device started asking about unsafe manager, so seems I had custom CA installed.

[siy]

I've combined PR #19 and #21, now manifest contains "apiLevel" field as necessary, but error remains the same - 6512.

[yhql]

Is your ledgerctl up to date? https://github.com/LedgerHQ/ledgerctl It requires also a more or less recent patch for this api_level

[siy]

ledgerctl is up-to-date. Tried to update it once again, but no updates in terms of ledgerctl.

[siy]

Just for information: I've updated the other device to firmware 1.1.0, and it started triggering the same error code - 6512. Any other ideas why this can happen?

[williamrobertson13]

+1, I updated ledgerctl and my application manifest to include apiLevel however I get a 6512 error when trying to load an application onto my Ledger Nano S+ with firmware 1.1.0

[yhql]

Hi, could I get a link to your app so I can reproduce the problem?

[williamrobertson13]

@yhql https://www.dropbox.com/s/d5eg9w99ee7b0cc/sui-nanosplus.zip?dl=0

[yhql]

Thanks @williamrobertson13 ledgerctl install app_nanosplus.json worked on my 1.1.0 device with no modification. I tried from a fresh manual install of ledgerctl with python -m pip install git+https://github.com/LedgerHQ/ledgerctl which might be more up to date (if you tried upgrading from pypi for example)

[williamrobertson13]

That did the trick 😄, I guess I wasn't pulling in the most up-to-date version of ledgerctl. Thank you very much for the help!

[siy]

Strangely enough, with ledgerctl installed directly from repo, I have problems flashing old Nano S on Linux Ubuntu 22.04:

$ledgerctl install app_nanos.json 
[WARNING] JSON files will be deprecated in future version
Traceback (most recent call last):
  File "/home/siy/.local/bin/ledgerctl", line 8, in <module>
    sys.exit(cli())
  File "/usr/lib/python3/dist-packages/click/core.py", line 1128, in __call__
    return self.main(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/click/core.py", line 1053, in main
    rv = self.invoke(ctx)
  File "/usr/lib/python3/dist-packages/click/core.py", line 1659, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python3/dist-packages/click/core.py", line 1395, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/lib/python3/dist-packages/click/core.py", line 754, in invoke
    return __callback(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/click/decorators.py", line 38, in new_func
    return f(get_current_context().obj, *args, **kwargs)
  File "/home/siy/.local/lib/python3.10/site-packages/ledgerwallet/ledgerctl.py", line 184, in install_app
    client.install_app(app_manifest)
  File "/home/siy/.local/lib/python3.10/site-packages/ledgerwallet/client.py", line 336, in install_app
    self.apdu_secure_exchange(LedgerSecureIns.CREATE_APP, data)
  File "/home/siy/.local/lib/python3.10/site-packages/ledgerwallet/client.py", line 230, in apdu_secure_exchange
    data = self.apdu_exchange(
  File "/home/siy/.local/lib/python3.10/site-packages/ledgerwallet/client.py", line 216, in apdu_exchange
    raise CommException(
ledgerwallet.client.CommException: Exception : Invalid status 6512 (Unknown reason)

[siy]

Actually, updated ledgerctl fails to load any device I have (same error for Nano S Plus). In addition, on Linux I'm ought to run ledgerctl using sudo because it has no corresponding configuration for udev.

[yhql]

The problem now is that the Nano S does not require the api_level field for loading an app, because it's an older version. So I'll modify my current PR to not generate that field for ledgerctl when targetting Nano S

[siy]

Solved issue with Nano S Plus - it was caused by the updated protobuf: during installation of ledgerctl current version (4.xx) is get uninstalled and 3.20.xx installed instead. Only this combination works.

[SWvheerden]

wait which version of protobuf do we need, 4.xx or 3.20.xx?

My build is finishing but it stops are

    Finished release [optimized] target(s) in 0.16s
   text    data     bss     dec     hex filename
  77312       0    1904   79216   13570 /Users/s.....
thread 'main' panicked at 'Missing field', src/main.rs:222:17

[SWvheerden]

Nvm, looks like case sensitivity is the issue: api_level was there but was spelled as api_Level