Skip to content

DIY airgapped hardware wallet that uses QR codes for communication with the host

License

Notifications You must be signed in to change notification settings

cryptoadvance/specter-diy

Repository files navigation

Specter-DIY

"Cypherpunks write code. We know that someone has to write software to defend privacy, 
and since we can't get privacy unless we all do, we're going to write it."
A Cypherpunk's Manifesto - Eric Hughes - 9 March 1993

...and Cypherpunks do build their own Bitcoin Hardware Wallets.

The idea of the project is to build a hardware wallet from off-the-shelf components. Even though we have an extension board that puts everything in a nice form-factor and helps you to avoid any soldering, we will continue supporting and maintaining compatibility with standard components.

We also want to keep the project flexible such that it can work on any other set of components with minimal changes. Maybe you want to make a hardware wallet on a different architecture (RISC-V?), with an audio modem as a communication channel - you should be able to do it. It should be easy to add or change functionality of Specter and we try to abstract logical modules as much as we can.

QR codes are a default way for Specter to communicate with the host. QR codes are pretty convenient and allow the user to be in control of the data transmission - every QR code has a very limited capacity and communication happens unidirectionally. And it's airgapped - you don't need to connect the wallet to the computer at any time.

For secret storage we support agnostic mode (wallet forgets all secrets when turned off), reckless mode (stores secrets in flash of the application microcontroller) and secure element integration is coming soon.

Our main focus is multisignature setup with other hardware wallets, but wallet can also work as a single signer. We try to make it compatible with Bitcoin Core where we can - PSBT for unsigned transactions, wallet descriptors for importing/exporting multisig wallets. To communicate with Bitcoin Core easier we are also working on Specter Desktop app - a small python flask server talking to your Bitcoin Core node.

Most of the firmware is written in MicroPython which makes the code easy to audit and change. We use secp256k1 library from Bitcoin Core for elliptic curve calculations and LittlevGL library for GUI.

DISCLAIMER

The project has significantly matured, to the extent that the security level of Specter-DIY is now comparable to commercial hardware wallets on the market. We implemented a secure bootloader that verifies firmware upgrades, so you can be sure that only signed firmware can be uploaded to the device after initial setup. However, unlike with commercial signing devices the bootloader has to be installed manually by the user and is not set in the factory of the device vendor. Thus, pay extra attention during the initial firmware installation and make sure you verified PGP signatures and flash the firmware from a secure computer.

If something doesn't work open an issue here or ask a question in our Telegram group.

Documentation

All the docs are stored in the docs/ folder:

  • shopping.md explains what to buy
  • assembly.md shows how to put everything together.
  • quickstart.md guides you through the initial steps how to get firmware on the board
  • reproducible-build.md describes how to build the initial firmware and upgrade files with the same hash as in the release using Docker
  • build.md describes how to build the firmware and the simulator yourself
  • security.md explains possible attack vectors and security model of the project
  • development.md explains how to start developing on Specter
  • simulator.md shows how to run a simulator on unix/macOS
  • communication.md defines communication protocol with the host over QR codes and USB
  • roadmap.md explains what we need to implement before we can consider the wallet be ready to use with real funds.

Specter-Shield documentation and all the files are available in the shield/ folder:

Supported networks: Mainnet, Testnet, Regtest, Signet.

USB communication on Linux

You may need to set up udev rules and add yourself to dialout group. Read more in udev folder.

Video and screenshots

Check out this video to get an idea how to assemble it and how it works.

Here is a Gallery with devices assembled by the community.

A few pictures of the UI:

Wallet screens

Key generation and recovery

About

DIY airgapped hardware wallet that uses QR codes for communication with the host

Resources

License

Security policy

Stars

Watchers

Forks

Packages

No packages published

Languages