search

trezor / trezord-go

:smiling_imp: Trezor Communication Daemon (written in Go)
GNU Lesser General Public License v3.0
245 stars 148 forks source link

Transport error in browser #193

Closed 4NobleTruths closed 4 years ago

4NobleTruths commented 4 years ago

Problem: Browser in appVM doesn't detect Trezor and gives "Transport error Error details: WebUSB is not available on this browser." and prompts to download the bridge.

(Other brands of hardware wallets work with their apps through same cable and configuration, in same appVM.)

Hardware: Trezor 1, unknown firmware version.

Environment: Qubes OS 4, Debian 9 appVM and sys-usb VM, Firefox-ESR 68.10.0esr (Dark Reader is the only extension installed.)

Configuration: https://wiki.trezor.io/Qubes_OS

Steps to replicate:

  1. Connect Trezor to USB-C port.
  2. sys-usb VM detects the device properly, and trezord service runs.
  3. Connect the Trezor device to appVM though widget.
  4. Device connects to appVM.
  5. Open browser and go to Trezor web wallet.

udev rules in sys-usb VM:

Trezor

SUBSYSTEM=="usb", ATTR{idVendor}=="534c", ATTR{idProduct}=="0001", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n" KERNEL=="hidraw*", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl"

Trezor v2

SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c0", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n" SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c1", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n" KERNEL=="hidraw*", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl"

dmesg in appVM:

[Wed Jul 22 12:01:50 2020] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(0) [Wed Jul 22 12:01:50 2020] vhci_hcd vhci_hcd.0: devid(131124) speed(2) speed_str(full-speed) [Wed Jul 22 12:01:50 2020] vhci_hcd: vhci_device speed not set [Wed Jul 22 12:01:50 2020] usb 1-1: new full-speed USB device number 4 using vhci_hcd [Wed Jul 22 12:01:50 2020] vhci_hcd: vhci_device speed not set [Wed Jul 22 12:01:50 2020] usb 1-1: SetAddress Request (4) to port 0 [Wed Jul 22 12:01:50 2020] usb 1-1: New USB device found, idVendor=1209, idProduct=53c1, bcdDevice= 1.00 [Wed Jul 22 12:01:50 2020] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [Wed Jul 22 12:01:50 2020] usb 1-1: Product: TREZOR [Wed Jul 22 12:01:50 2020] usb 1-1: Manufacturer: SatoshiLabs [Wed Jul 22 12:01:50 2020] usb 1-1: SerialNumber: XXXXXXXXXXXXXXXXXXXXXXX [Wed Jul 22 12:01:50 2020] hid-generic 0003:1209:53C1.0003: hiddev96,hidraw0: USB HID v1.11 Device [SatoshiLabs TREZOR] on usb-vhci_hcd.0-1/input1

prusnak commented 4 years ago

Are you running Trezor Bridge in the sys-usb vm?

4NobleTruths commented 4 years ago

Are you running Trezor Bridge in the sys-usb vm?

Yes, it's running only in sys-usb.

systemctl status trezord ● trezord.service - Trezor Bridge Loaded: loaded (/usr/lib/systemd/system/trezord.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2020-07-23 04:17:34 BST; 1 day 6h ago Main PID: 450 (trezord) Tasks: 7 (limit: 4915) CGroup: /system.slice/trezord.service └─450 /usr/bin/trezord

Jul 23 04:17:34 sys-usb-deb systemd[1]: Started Trezor Bridge. Jul 23 04:17:34 sys-usb-deb trezord[450]: 2020/07/23 04:17:34 trezord v2.0.27 is starting.

journalctl -f
Jul 24 10:47:15 sys-usb-deb kernel: usb 1-1: USB disconnect, device number 12 Jul 24 10:47:19 sys-usb-deb kernel: usb 1-1: new full-speed USB device number 13 using xhci_hcd Jul 24 10:47:19 sys-usb-deb kernel: usb 1-1: New USB device found, idVendor=1209, idProduct=53c1, bcdDevice= 1.00 Jul 24 10:47:19 sys-usb-deb kernel: usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 Jul 24 10:47:19 sys-usb-deb kernel: usb 1-1: Product: TREZOR Jul 24 10:47:19 sys-usb-deb kernel: usb 1-1: Manufacturer: SatoshiLabs Jul 24 10:47:19 sys-usb-deb kernel: usb 1-1: SerialNumber: XXXXXXXXXXXXXXXXXXX Jul 24 10:47:19 sys-usb-deb kernel: hid-generic 0003:1209:53C1.000E: hiddev98,hidraw4: USB HID v1.11 Device [SatoshiLabs TREZOR] on usb-0000:00:06.0-1/input1

prusnak commented 4 years ago

Can you open the following in your browser? http://127.0.0.1:21325/ - this is a status page from the Bridge

4NobleTruths commented 4 years ago

There is no browser in the sys-usb VM, but netstat says it's listening:

netstat -a | grep 21325 tcp 0 0 localhost:21325 0.0.0.0:* LISTEN

In the appVM, the browser on that URL says "The connection was reset", but netstat says also listen:

netstat -a | grep 21325 tcp 0 0 0.0.0.0:21325 0.0.0.0:* LISTEN
tcp 0 0 localhost:21325 localhost:42346 TIME_WAIT
tcp 0 0 localhost:21325 localhost:42350 TIME_WAIT
tcp 0 0 localhost:21325 localhost:42348 TIME_WAIT
tcp 0 0 localhost:21325 localhost:42362 TIME_WAIT
tcp 0 0 localhost:21325 localhost:42356 TIME_WAIT
tcp 0 0 localhost:21325 localhost:42352 TIME_WAIT
tcp 0 0 localhost:21325 localhost:42360 TIME_WAIT
tcp 0 0 localhost:21325 localhost:42364 TIME_WAIT
tcp 0 0 localhost:21325 localhost:42358 TIME_WAIT
tcp 0 0 localhost:21325 localhost:42354 TIME_WAIT

prusnak commented 4 years ago

Try asking @Kixunil - he seems to have trezor-bridge running on QubesOS: https://github.com/trezor/trezord-go/issues/163

4NobleTruths commented 4 years ago

Try asking @Kixunil - he seems to have trezor-bridge running on QubesOS: #163

He didn't respond. Maybe you @prusnak should ask him, so that you can answer this question when it comes up again?

So, the issue is really not closed - it's just punted. For me, the workaround is to migrate to other wallets.

Ranguvar commented 3 years ago

Similarly after setting up as described at https://wiki.trezor.io/Qubes_OS I am unable to connect to the device from the separate VM.

I can see trezord service is running on sys-usb and http://127.0.0.1:21325/ shows connected to device and working.

However, http://127.0.0.1:21325/ is not working on the AppVM which has the socat TCP-LISTEN:21325,fork EXEC:"qrexec-client-vm sys-usb trezord-service" & line in rc.local.

Neither does the https://wallet.trezor.io/ page detect any device.

If I first start the AppVM or explicitly run socat TCP-LISTEN:21325,fork EXEC:"qrexec-client-vm sys-usb trezord-service" in the AppVM I can then see it listening on port 21325 in `netstat -pln', but if I try to connect with browser it crashes:

socat[3835] E waitpid(): child 3878 exited with status 127

I then must restart the socat to get the port listening again, but I can never get any status page or the primary software to work.

@prusnak Sorry to bother -- any tips or hints for debugging this please?

prusnak commented 3 years ago

Sorry to bother -- any tips or hints for debugging this please?

Sorry. No clue. Please debug this with the Qubes OS community.

Kixunil commented 3 years ago

Wow, this flew over my head. I managed to get Trezor One running but without the bridge - I attach Trezor to my Electrum VM directly. I have no experience with any other configuration.