LedgerHQ / ledgerjs

⛔️ MOVED to monorepo "ledger-live"
https://github.com/LedgerHQ/ledger-live
Apache License 2.0
572 stars 374 forks source link

Chromium 72+ has broken Ledger U2F support #306

Closed gre closed 4 years ago

gre commented 5 years ago

Any users that comes on a web app using @ledgerhq/hw-transport-u2f on Chromium 72+ will fall into a bug that breaks Ledger device communication. (U2F TIMEOUT error).

What happened?

Chrome 72+ has started being rolled out around February 21th, 2019. This new version has changes in the U2F protocol implementation that is breaking Ledger's.

What solutions

In the short term, Users can be advised to switch to Opera or Brave but it's probable that these browsers will upgrade Chromium as well.

In the mid term, we are working on a fix for U2F. It will only be a fix on the Ledger device side, meaning users will have to upgrade (the apps). If you are a developer of one of these applications, you can take a look at this for reference, for further questions please get in touch with @btchip or discuss on our Slack Devs.

In the long term, switching to WebUSB is probably going to be the good plan. At the moment, this API is still a draft spec but we anticipate it will be more widely supported in the future. It is much more relevant for Ledger devices (more performant, more features like being able to detect disconnection,..)

Regarding @ledgerhq/hw-transport-webusb current implementation, it works on latest firmware / apps but there are some slight different in the way it works (coming from u2f) which have some UI/UX implication. We'll try to document it better in the next weeks.

dschuermann commented 5 years ago

Hi @gre, do you know if the blocking of CCID and HID classes in Chrome (https://www.yubico.com/support/security-advisories/ysa-2018-02/) affects your plans to use WebUSB?

gre commented 5 years ago

it shouldn't be a problem.

Luganova commented 5 years ago

Hi!I know how to get around this error when signing transactions!

Luganova commented 5 years ago

everything works fine for binance DEX!

BrendanEich commented 5 years ago

https://bugs.chromium.org/p/chromium/issues/detail?id=935131

Luganova commented 5 years ago

We are talking about windows or Linux?

gre commented 5 years ago

@Luganova from what we have seen it affects all platform.

Luganova commented 5 years ago

I agree! It is necessary to confirm the transaction in a split second! I did not have time-time out!

gre commented 5 years ago

It appears that a Chrome update may have solved the problem. Waiting for more confirmations.

harshjv commented 5 years ago

Working on latest chromium's latest revision 637660. https://download-chromium.appspot.com/

monokh commented 5 years ago

On chrome 72, this also causes the error Invalid data received (0x6a80) when using btc.signMessageNew with certain sizes of message.

brunobar79 commented 5 years ago

Still seeing this in the latest version of chrome - 73.0.3683.86 (Official Build) (64-bit) Also tried it with the latest firmware + ledger lib and the timeout issue after ~3 seconds is still happening.

giankotarola commented 5 years ago

On chrome 72, this also causes the error Invalid data received (0x6a80) when using btc.signMessageNew with certain sizes of message.

I get the same error with eth.signTransaction with chrome - 73.0.3683.86

kjarada commented 5 years ago

I'm having the same issue, despite the fact that ledger support advised using brave and opera browser but it's still not working in all these platforms with same error U2F Timeout.

JeanoLee commented 5 years ago

1.1.8

ianaz commented 5 years ago

that ledger support advised using brave and opera browser but it's still not working in all these platforms with same error U2F Timeout.

Same here. It used to work with Brave a couple of weeks back but not it's broken there too

dzsobacsi commented 5 years ago

Here too. For me it used to work with Opera some weeks ago but now that does not work either.

georgeliuyu commented 5 years ago

It still timeout when I use the brave

iicc1 commented 5 years ago

Not working for me too, I have tried Opera, Brave, last Chromium... How can I send tokens?

poserr commented 5 years ago

@iicc1 for us the workaround was to quickly (during 1 second) confirm twice

iicc1 commented 5 years ago

Thanks for you reply @poserr, I didn't see it. I was finally able to do with an old Brave release that I downloaded here: https://github.com/brave/browser-laptop/releases

dzsobacsi commented 5 years ago

@iicc1 which one did you download from those?

iicc1 commented 5 years ago

@dzsobacsi v0.25.300

CiviStation commented 5 years ago

Version 73.0.3683.103 (Official Build) (64-bit) U2F timeout still exists

jakestpeter commented 5 years ago

v.0.25.300 didn't work for me ...

dzsobacsi commented 5 years ago

Just realized that I made a stupid mistake. Once you update the Ethereum app on the Ledger, you have to go to settings and set "Contract data" to YES (again). With that setting, it worked for me with the latest release of Brave.

jakestpeter commented 5 years ago

@dzsobacsi - this seems to have fixed the problem ... THANK YOU!

poserr commented 5 years ago

For all users experiencing this issue - try to update Firmware on your device to the latest version (1.5.5) and update your Ethereum app as well (1.2.4)

intsol commented 5 years ago

This problem exists also with the NEO app with 1.5.5 I have found that closing the ledger app, requesting the signing, then opening the app and signing works every time. While not ideal, it seems consistent.

kjarada commented 5 years ago

the problem is still there and driving me mad,i cant access my wallet. i updated to latest firmware ,done everything ,downloaded older releases of chrome,brave and opera nothing is working. please help

ianaz commented 5 years ago

I confirm what @dzsobacsi said. By updating the application you will have to re activate "Contract data"

FabriceDautriat commented 5 years ago

Hello,

u2f time out error should be solved with the latest release of the applications and firmware (1.5.5).

If you still experience issues with applications, please confirm in your message :

We'll make sure to try to reproduce on your end.

Thanks a lot for your help.

AdvocateOne commented 5 years ago

I'm having this error as well. Have tried all suggestions above and no luck. Ledger Nano S Firmware: 1.5.5 Ethereum App: 1.2.7 Tried using Chrome, Opera, and Brave Windows 7 Professional (up-to-date security patches) Tried with MEW and MyCrypto

Please help since I am effectively unable to access any of my tokens except for ETH (using Ledger Live)

jakestpeter commented 5 years ago

@AdvocateOne did you do what @dzsobacsi suggested above? (5 days ago) - That seemed to have done the trick for me ...

AdvocateOne commented 5 years ago

@AdvocateOne did you do what @dzsobacsi suggested above? (5 days ago) - That seemed to have done the trick for me ...

Yes I did-- contract data set to yes. Still get the timeout, unfortunately. This is extremely frustrating.

harshjv commented 5 years ago

See https://github.com/LedgerHQ/ledgerjs/issues/332 for a possible workaround.

FabriceDautriat commented 5 years ago

@AdvocateOne, thank you for the information you provided.

We suspect this is related to USB driver on Windows 7. Can you try updating them ?

https://support.ledger.com/hc/en-us/articles/115005165269-Fix-connection-issues

Thanks a lot.

AdvocateOne commented 5 years ago

@AdvocateOne, thank you for the information you provided.

We suspect this is related to USB driver on Windows 7. Can you try updating them ?

https://support.ledger.com/hc/en-us/articles/115005165269-Fix-connection-issues

Thanks a lot.

That was the problem. Thanks!

jakestpeter commented 5 years ago

I should have stated I was on a Mac - didn't even occur to me.

intsol commented 5 years ago

I have a reproducible case:

If the signing is approved within 1 second of appearing on the Ledger display, it works. If signing is delayed over 5 seconds, the result is a U2F timeout by the dApp.

I am part of the support team at Switcheo, so if you require further info please advise.

intsol

FabriceDautriat commented 5 years ago

Hello @intsol ,

Indeed the version 1.3.3 of the NEO app may induce error when used with a web browser. This is the standard u2f issue and will be solved with version 1.3.5 (compiled with new SDK and to be released soon).

However, we don't officially support https://switcheo.exchange.

The main reason is that DEX operations are not correctly displayed within the NEO application. Users are required to sign without verifying any transaction details.

I advise you to contact the NEO app developer to implement the necessary features to get validated.

So far the only wallet Ledger tested is https://neonwallet.com/.

Regards,

Fabrice Dautriat

kjarada commented 5 years ago

@AdvocateOne thank you very much, I only needed to update the USB drivers on windows 7 and now is working perfectly on chrome.

fuorissimo commented 5 years ago

With Opera, the same problem. Nano X don't work with MEW.

Considering that you don't add erc20 native, i ask refund and i back you Nano X. Useless wallet

amukhanchikov commented 5 years ago

Same problem

Everywhere above U2F TIMEOUT error. Nothing helps.

Windows 10 64-bit with all drivers up-to-date.

The same error on Brave browser.

gre commented 5 years ago

@fuorissimo if you can afford to wait ~1 month , we will have LedgerLive supporting erc20 soon

fuorissimo commented 5 years ago

Ok, this is a good news. Thanks for your support

amukhanchikov commented 5 years ago

https://github.com/LedgerHQ/ledgerjs/issues/306#issuecomment-498055291

After updating to Chrome 75 - nothing changed. Still doesn't work. Any help or comment?

On windows 7 - all the same.

marcinsx commented 5 years ago

Ledger Nano S Operating system: MS Windows 10. Firmware: 1.4.2-das MCU 1.6 (it is Ledger Nano S modified for DasCoin)

Hi, what are my options to transfer ETH which are secured with Ledger Nano S?

I already tried MyEtherWallet at Chrome, Opera, Brave browsers. It worked in Februwary 2019 without any problems. Now the Ledger can't accept the transaction - I click accept at Ledger but no information goes to the Browser.

I also tried to connect it to Ledger Live app - but I even can't add ETH there - when I'm trying to do it, it discoveres Ledger but it goes back when I enter ETH app on Ledger.

What options do I have to just transfer my ETH? Are there any or I'm now blocked??? Maybe there are any other applications than web browsers and Ledger Live, which allow to access ETH wallet secured with Ledger?

marcinsx commented 5 years ago

OK I will answer myself. The only option I found is to install an OLD version of webbrowser - Opera or Chrome.

OId versions of Opera You can find here: http://get.opera.com/ftp/pub/opera/desktop/ (I chose the 58.0.3135.53 version, You can find it here: http://get.opera.com/ftp/pub/opera/desktop/58.0.3135.53/win/ IMPORTANT: chose Setup version not Autoupdate, because You want to install an OLD version without updating to the newest one)

Old versions of Chrome You can find here (I didn't check downloading from here because I used Opera): https://www.slimjet.com/chrome/google-chrome-old-version.php

After installing an OLD version of web browser, just simply go to mywetherwallet.com and viola! It works!

Good Luck!

fuorissimo commented 5 years ago

@fuorissimo if you can afford to wait ~1 month , we will have LedgerLive supporting erc20 soon

You confirm is on the road, ERC20 support? when do you think is done?