search

aido / app-seed-tool

A Ledger application that provides some useful seed management utilities
Apache License 2.0
47 stars 3 forks source link

Application freezes my NanoS #8

Closed InfiniteQE closed 1 year ago

InfiniteQE commented 1 year ago

Hello

I have followed these steps and successfully compiled and loaded app-sskr-check on my NanoS (firmware SE 1.6.0, Microcontroller 1.12).

However after BOLOS_SDK=$NANOS_SDK make load running the new application Seed Utilities freezes the NanoS.

I used the same docker command BOLOS_SDK=$NANOS_SDK make load to uninstall Seed Utilities off NanoS, then downloaded your github binaries, moved your NanoS files to ~/Downloads/app-sskr-check/bin

and pasted the long python -m ledgerblue.loadApp .... from make load above

This successfully installed the github app on my NanoS, with the same result, it freezes on app launch.

Any suggestion as to how I fix this ? What version of NanoS Secure Element and Microcontroller firmware are you running ?

aido commented 1 year ago

Hi @InfiniteQE,

It would seem that you are successfully building the app. The latest version of the app on GitHub is 1.4.0 but this is not fully tested or released yet. In version 1.4.0 I changed the name of the app from "SSKR Check" to "Seed Utils" to reflect the plans I have to expand the app into a general seed utility tool. Nonetheless, even with this name change the app should still work fine on a Ledger Nano S.

Here's a procedure I used to confirm that the most recent released version (1.3.2) works OK.

Have a look at the output of make -n load command and you'll see that the actual command that make runs is something like this:

python -m ledgerblue.loadApp --appFlags 0x10 --tlv --targetId 0x31100004 --targetVersion="2.1.0" --delete --fileName bin/app.hex --appName "SSKR Chack" --appVersion "1.3.2" --dataSize $((0x`cat debug/app.map |grep _envram_data | tr -s ' ' | cut -f2 -d' '|cut -f2 -d'x'` - 0x`cat debug/app.map |grep _nvram_data | tr -s ' ' | cut -f2 -d' '|cut -f2 -d'x'`)) `ICONHEX=\`python3 /opt/nanos-secure-sdk/icon3.py --hexbitmaponly glyphs/seed_nanos.gif 2>/dev/null\` ; [ ! -z "$ICONHEX" ] && echo "--icon $ICONHEX"` --curve secp256k1 --path ""

where:

--dataSize (usually = 0):
    echo $((0x$(grep _envram_data debug/app.map | tr -s ' ' | cut -f2 -d' '| cut -f2 -dx) - 0x$(grep _nvram_data debug/app.map | tr -s ' ' | cut -f2 -d' '| cut -f2 -dx)))

--icon (usually = 0100000000ffffff00ffffffffffffffc3f1c1c3c083e107fb0fff3ffe7ffe7ffe7ffe7ffeffffffff):
    python3 /opt/nanos-secure-sdk/icon3.py --hexbitmaponly glyphs/seed_nanos.gif  2>/dev/null

I use this command to manually download and install the latest released app as follows:

mkdir app-sskr-check-1.3.2
cd app-sskr-check-1.3.2
wget https://github.com/aido/app-sskr-check/releases/download/v1.3.2/compiled_app_binaries.v1_3_2.zip
unzip compiled_app_binaries.v1_3_2.zip 
python -m ledgerblue.loadApp --appFlags 0x10 --tlv --targetId 0x31100004 --targetVersion="2.1.0" --delete --fileName nanos/bin/app.hex --appName "SSKR Chack" --appVersion "1.3.2" --dataSize 0 --icon 0100000000ffffff00ffffffffffffffc3f1c1c3c083e107fb0fff3ffe7ffe7ffe7ffe7ffeffffffff --curve secp256k1 --path ""

I did this on my Ledger Nano S with firmware version 2.1.0 and the app works as expected.

Note 1: I removed all other apps from the device before starting manual install procedure. Note 2: You do not need the ledger-app-builder container to run above procedure. You only need python-ledgerblue installed.

InfiniteQE commented 1 year ago

Hello,

I followed your steps for app-sskr-check-1.3.2 above, and confirm this works with my Ledger NanoS on Firmware SE 2.0.0, Microcontroller 1.12, Bootloader 0.11

Thank you

I did this on OSX11.7 Terminal, not parallels/debian this time, using the following string (I made changes to the target version, and appName

$ python3 -m ledgerblue.loadApp --appFlags 0x10 --tlv --targetId 0x31100004 --targetVersion="2.0.0" --delete --fileName nanos/bin/app.hex --appName "SSKR Check" --appVersion "1.3.2" --dataSize 0 --icon 0100000000ffffff00ffffffffffffffc3f1c1c3c083e107fb0fff3ffe7ffe7ffe7ffe7ffeffffffff --curve secp256k1 --path ""

Generated random root public key : b'0495ecd1ac8e610571147490aa5c6e8eb0290fccf54424f39fbb33a40e22cfc00e94fef5ef1366aa6cb71ac42f5e3ddb849ad0749e6b943c9b026e411f1cc8bba2' Using test master key b'0495ecd1ac8e610571147490aa5c6e8eb0290fccf54424f39fbb33a40e22cfc00e94fef5ef1366aa6cb71ac42f5e3ddb849ad0749e6b943c9b026e411f1cc8bba2' Using ephemeral key b'04aa2b8ed83df16efc3f8208a227f4f0fff9e5acf2b857115fb67214704fd0a40ad11f6e0bf6c9939ddb2dd580ca5b20490b5c134b325db55d68581368b08e6cf3' Broken certificate chain - loading from user key Application full hash : 85f9b16a2a1968bf97e7f898815c13dab8c3b0a26d92c03c871501f11498679d

On the NanoS SSKR Check launches correctly (FW SE 2.0.0)

Prior to this, I first tried your instruction on my NanoS running older firmware (SE 1.6.0, Microcontroller 1.12) with the string python3 -m ledgerblue.loadApp --appFlags 0x10 --tlv --targetId 0x31100004 --targetVersion="1.6.0" --delete --fileName nanos/bin/app.hex --appName "SSKR Check" --appVersion "1.3.2" --dataSize 0 --icon 0100000000ffffff00ffffffffffffffc3f1c1c3c083e107fb0fff3ffe7ffe7ffe7ffe7ffeffffffff --curve secp256k1 --path "" On NanoS > Non-Genuine App > confirm Open Application == Frozen NanoS (fw 1.6.0)

Assuming the issue is minimum FW v2.0.0 required, then I now consider this issue to be resolved.

Not sure why the Application full hash is different, perhaps changing the targetVersion changed the hash ?