Yea it's really great to have lots of options that don't require any soldering or assembly at all. Blockstream have really knocked it out of the park in terms of their support for DIY.
Just saw that Lilygo came out with the T-Display S3 Pro which now includes a camera. This could be the ultimate "Jade Plus" device for $46. Can't wait to have this tested. Cheers!
Excellent video. I have a few home-made Nerdminers that I keep around as educational tools - obviously they are not going to mine any bitcoin! I've now flashed Jade onto two of them so I can walk people through the basics of hardware wallets. Perfect and cheap as chips. I was also looking at the T-Display S3 Pro which has a built-in battery and camera, but for the price ($50) it makes more sense to buy a Jade and support the developers.
Yea the T-Camera Pro is great and gets you basically to feature parity with the Jade. At the same time, it also ends up being much the same price, so it really illustrates that Blockstream are doing a great job of making the Jade at an accessible price point and it's worth supporting that if you can.
Thanks for putting together and sharing this fantastic video! Your detailed walkthrough provides an excellent example for building a DIY Bitcoin Hardware Wallet using Blockstream Jade Firmware. The information you’ve shared is incredibly valuable and offers great insights for anyone embarking on a Bitcoin Hardware Wallet project.
Thank you for the video. I am interested in the Core S3. Can we flash the "No-Radio" firmware? I don't want Bluetooth, Wi-Fi, speaker and dual microphone.
Yes you can, basically the process uses the same script that is used for modifying it for secure boot, but with different arguments (So the NORADIO argument, it can be used together with any other build type). See here: github.com/Blockstream/Jade/tree/master/diy#disabling-bluetooth
The next video will be on Specter Shield lite, as the boards I sent out to beta testers are all basically arriving this week. Can look at some simpler context like new Keystone features after that :)
I saw that and will pick one up when I get back from vacation in a few weeks :) The Jade Plus stuff was there when I made this video and I recall that it was slightly different to the T-display S3.
Can we attach a camera modulo on this pcb with those pins? I Was trying to follow your older video but only got errors and error lol. Trying now with this new video of yours. Thanks already!
Yea most of the original ESP32 boards like the T-Display didn't have the PSRAM that the need for the camera, whereas these newer boards all do, so should actually work fine with an appropriate camera connected.
HI!!! awesome video I have a question, how you flash or configure waveshare 1.3" LCD HAT (used in seedsigner) with jade firmware? I dont find config por buttons and sticks
Where can we learn more about the risks if we are using DIY Jade which was flashed with just a web flasher? It's the simplest step I have ever seen. It's just plug and push the btn.
Basically it's not tamper resistant, there is nothing stopping someone from flashing malicious firmware into it. (And this doesn't wipe the device, so you might not notice)
The only reason holding me back from buying jade is the small size and tiny characters. Getting old socks. Maybe I’ll play with one of these DIY options.
Hi since I can't find anything Ill ask here, is there a discord or something for the jade project? Because I wanted to try and add support for the waveshare 2.8 oled screen devkit and I wanted to know if there is dev channel or something
Hello friend. So, to have a secure boot/encryption, I would have to do this entire process. The programming method through the web application does not provide this security, right? I have little programming knowledge and have never used the systems you showed in the video. Do you think I can do it?
That's right, secure boot requires the full process. Basically your best bet is to just flash it with the debug profiles first and only once you are familiar with how it is all working, would you attempt to lock it down.
@@CryptoGuide Hi, I have a T-Display S3, and I saw somewhere that it is compatible. Is there anywhere that has a really easy step-by-step guide to install it? Can you point me where I should start? Thank you.
@@CryptoGuide I'm doing it friend, I got confused in the signing file, but I'm now with a big question, if I accomplish all this and sign, if I need to use this board to another application, burn another program in it or sell it to another person use in another way, I will be able to? How can I unmake this protection? Thank you.
You can't remove the protection, that's the entire point. (Though you could load some other firmware onto it, provided that you signed it with your signing key)
Hi there. Out of curiosity, once Jade Firmware is flashed to ESP32, how does it protect its storage from being able to be read in some way and get access to the seed phrase or private key stored there. Do you know what exactlly does it use to encrypt the content written to its flash memory ? Is it just the PIN set at the first time or anything else ? I understand that if the Secure Boot option is used no malicious firmware can be flashed in order to do something unauthorised, but disregarding it for a moment and thinking about the content written to the flash how exactly it is secured in Jade firmware ?
The process in this video enables both secure boot and flash encryption. (The specifics of both are well documented in the esp32 developers docs) Protection of the private keys themselves is provided by the PIN server
@CryptoGuide Right, but what key is used to emcrypt rhe flash or the file containing the seed ? I found documentation for Secure Boot for ESP32, but I understans the process for encrypting the key would me more a Jade think than a ESP32.
Those are two separate things. Flash encryption happens on device with a key generated by the esp32 and is covered in the esp32 docs. Encryption of the key itself is handled by the firmware and can be reviewed on GitHub or in the documentation for blind pin server.
@@CryptoGuide right. Have read about flash encryption on ESP32 documentation But didn't understand if that is enabled when Jade code is written to the ESP32. If I understand correctly it uses the key stored in the eFuse (the same used for Secure Boot - if used). If not used it generates an AES-256 key which is written to eFUse and cannot be read by software. Regarding Jade code and blind pin server didn't look the code yet, but I wouldn't think the PIN only is used for encryption of the seed as it is very weak by itself. There should bet something else on that other than the PIN digits only right ?
Jade doesn't just use a local PIN only, but stores the decryption keys remotely on a blind pin server. (This approach is actually unique to Jade) It's explained here help.blockstream.com/hc/en-us/articles/9639949755673-How-does-Blockstream-Jade-s-oracle-enforced-PIN-protection-work
Esp32s3 improved the security of the hardware countermeasures when compared to the earlier esp32 boards. The Jade also requires data from an external blind oracle to be able to decrypt the private keys, so even if someone can extract and decrypt it all, they can't access your funds.
@ thank you for the answer, but I don’t quite understand how “The Jade also requires data from an external blind oracle to be able to decrypt the private keys” works, could you explain this or post a link about this feature? Again, thanks a lot for your great DIY videos and replies.
No worries. You can find an explanation of what the pin server does here help.blockstream.com/hc/en-us/articles/15884462476953-Blockstream-Jade-Security-Model-FAQs
Yea Green doesn't currently recognise the device identifier when connecting over USB, so it is hard to check. (I'll bring the PRs for other wallets for the new ones shortly) That said, the issue with the original T-Display was probably limited to the specific hardware used, so I would be surprised if it is an issue here too.
@ yes even try web flasher. enable Bluetooth, setup new wallet after verify seeds connect to phone it show All tries ended in the error: "Something went wrong when pairing Jade. Remove your Jade from iOS bluetooth settings and try again
Glad to see that so many diy options available now.
Yea it's really great to have lots of options that don't require any soldering or assembly at all. Blockstream have really knocked it out of the park in terms of their support for DIY.
I am crying (not exactly, but my wallet does). You have more DIY hardware than me! I am already preparing a shopping list for the incoming holidays 🙂
At least Jade can be done very cheaply ;)
Just saw that Lilygo came out with the T-Display S3 Pro which now includes a camera. This could be the ultimate "Jade Plus" device for $46. Can't wait to have this tested. Cheers!
Yea I'll certainly pick one up and look at it along side a review of a retail Jade Plus
Excellent video. I have a few home-made Nerdminers that I keep around as educational tools - obviously they are not going to mine any bitcoin! I've now flashed Jade onto two of them so I can walk people through the basics of hardware wallets. Perfect and cheap as chips. I was also looking at the T-Display S3 Pro which has a built-in battery and camera, but for the price ($50) it makes more sense to buy a Jade and support the developers.
Yea the T-Camera Pro is great and gets you basically to feature parity with the Jade. At the same time, it also ends up being much the same price, so it really illustrates that Blockstream are doing a great job of making the Jade at an accessible price point and it's worth supporting that if you can.
where I am from Jade is 80€ so 50$ is still way cheaper but I agree about the supporting devs
Yea it will vary a lot depending on where you are. (Including places where buying a retail unit isn't an option)
Thanks for putting together and sharing this fantastic video! Your detailed walkthrough provides an excellent example for building a DIY Bitcoin Hardware Wallet using Blockstream Jade Firmware. The information you’ve shared is incredibly valuable and offers great insights for anyone embarking on a Bitcoin Hardware Wallet project.
Glad it helped :)
11:32 - you wrote "montior", this could be the error cause?
What error are you referring to?
Thank you for the video. I am interested in the Core S3. Can we flash the "No-Radio" firmware? I don't want Bluetooth, Wi-Fi, speaker and dual microphone.
Yes you can, basically the process uses the same script that is used for modifying it for secure boot, but with different arguments (So the NORADIO argument, it can be used together with any other build type). See here: github.com/Blockstream/Jade/tree/master/diy#disabling-bluetooth
Could you do a video for the new update that was released for keystone about permit signing? It is very important issue in crypto right now
The next video will be on Specter Shield lite, as the boards I sent out to beta testers are all basically arriving this week. Can look at some simpler context like new Keystone features after that :)
@@CryptoGuide thanks!
:)
Have you see there is a new jade plus, is it same as the t-display s3 pro with camera?
I saw that and will pick one up when I get back from vacation in a few weeks :)
The Jade Plus stuff was there when I made this video and I recall that it was slightly different to the T-display S3.
@CryptoGuide there is S3 pro with camera and battery
Yea I'll pick one of them up too :)
any way to attach a camera to the T-Display-S3? that would be great.. oh and a battery :)
Probably. You can also get the T-Display S3 ProCamera that has the camera built in
Can we attach a camera modulo on this pcb with those pins? I Was trying to follow your older video but only got errors and error lol. Trying now with this new video of yours. Thanks already!
Yea most of the original ESP32 boards like the T-Display didn't have the PSRAM that the need for the camera, whereas these newer boards all do, so should actually work fine with an appropriate camera connected.
@@CryptoGuide Awesome!
It certainly is :)
HI!!! awesome video
I have a question, how you flash or configure waveshare 1.3" LCD HAT (used in seedsigner) with jade firmware? I dont find config por buttons and sticks
Which esp32 board are you using?
Where can we learn more about the risks if we are using DIY Jade which was flashed with just a web flasher? It's the simplest step I have ever seen. It's just plug and push the btn.
Basically it's not tamper resistant, there is nothing stopping someone from flashing malicious firmware into it. (And this doesn't wipe the device, so you might not notice)
The only reason holding me back from buying jade is the small size and tiny characters. Getting old socks. Maybe I’ll play with one of these DIY options.
Yea even just the size bump on the T-Display S3 looks really nice, especially with the vibrant display that the board has.
Hi since I can't find anything Ill ask here, is there a discord or something for the jade project? Because I wanted to try and add support for the waveshare 2.8 oled screen devkit and I wanted to know if there is dev channel or something
Hey sounds great. Best bet is probably this one here t.me/blockstream_jade
Hello friend.
So, to have a secure boot/encryption, I would have to do this entire process. The programming method through the web application does not provide this security, right?
I have little programming knowledge and have never used the systems you showed in the video. Do you think I can do it?
That's right, secure boot requires the full process.
Basically your best bet is to just flash it with the debug profiles first and only once you are familiar with how it is all working, would you attempt to lock it down.
@@CryptoGuide Hi, I have a T-Display S3, and I saw somewhere that it is compatible.
Is there anywhere that has a really easy step-by-step guide to install it?
Can you point me where I should start?
Thank you.
This video runs through it
@@CryptoGuide I'm doing it friend, I got confused in the signing file, but I'm now with a big question, if I accomplish all this and sign, if I need to use this board to another application, burn another program in it or sell it to another person use in another way, I will be able to? How can I unmake this protection?
Thank you.
You can't remove the protection, that's the entire point. (Though you could load some other firmware onto it, provided that you signed it with your signing key)
Hi there.
Out of curiosity, once Jade Firmware is flashed to ESP32, how does it protect its storage from being able to be read in some way and get access to the seed phrase or private key stored there. Do you know what exactlly does it use to encrypt the content written to its flash memory ? Is it just the PIN set at the first time or anything else ?
I understand that if the Secure Boot option is used no malicious firmware can be flashed in order to do something unauthorised, but disregarding it for a moment and thinking about the content written to the flash how exactly it is secured in Jade firmware ?
The process in this video enables both secure boot and flash encryption. (The specifics of both are well documented in the esp32 developers docs)
Protection of the private keys themselves is provided by the PIN server
@CryptoGuide Right, but what key is used to emcrypt rhe flash or the file containing the seed ? I found documentation for Secure Boot for ESP32, but I understans the process for encrypting the key would me more a Jade think than a ESP32.
Those are two separate things.
Flash encryption happens on device with a key generated by the esp32 and is covered in the esp32 docs.
Encryption of the key itself is handled by the firmware and can be reviewed on GitHub or in the documentation for blind pin server.
@@CryptoGuide right. Have read about flash encryption on ESP32 documentation But didn't understand if that is enabled when Jade code is written to the ESP32.
If I understand correctly it uses the key stored in the eFuse (the same used for Secure Boot - if used). If not used it generates an AES-256 key which is written to eFUse and cannot be read by software.
Regarding Jade code and blind pin server didn't look the code yet, but I wouldn't think the PIN only is used for encryption of the seed as it is very weak by itself. There should bet something else on that other than the PIN digits only right ?
Jade doesn't just use a local PIN only, but stores the decryption keys remotely on a blind pin server. (This approach is actually unique to Jade)
It's explained here help.blockstream.com/hc/en-us/articles/9639949755673-How-does-Blockstream-Jade-s-oracle-enforced-PIN-protection-work
Hi, the T-Display S3 contains a “secure boot v2” which is quite good. But can it prevent rom/data/secret extraction if I drop the device accidentally?
Esp32s3 improved the security of the hardware countermeasures when compared to the earlier esp32 boards. The Jade also requires data from an external blind oracle to be able to decrypt the private keys, so even if someone can extract and decrypt it all, they can't access your funds.
@ thank you for the answer, but I don’t quite understand how “The Jade also requires data from an external blind oracle to be able to decrypt the private keys” works, could you explain this or post a link about this feature? Again, thanks a lot for your great DIY videos and replies.
No worries. You can find an explanation of what the pin server does here help.blockstream.com/hc/en-us/articles/15884462476953-Blockstream-Jade-Security-Model-FAQs
@@CryptoGuide the article is very helpful, thank you~
Glad it helped :)
Does the S3 has same bug as t-display with greenwallet on windows?
Which bug is that? (Do you mean the buttons misbehaving?)
@CryptoGuide yes, unable to enter pin code.
Yea Green doesn't currently recognise the device identifier when connecting over USB, so it is hard to check. (I'll bring the PRs for other wallets for the new ones shortly) That said, the issue with the original T-Display was probably limited to the specific hardware used, so I would be surprised if it is an issue here too.
Not working can’t connect to green wallet on iOS
So what device are you using?
@ T-Display S3
So have you worked through the setup to the point that it enables Bluetooth?
@ yes even try web flasher. enable Bluetooth, setup new wallet after verify seeds connect to phone it show All tries ended in the error: "Something went wrong when pairing Jade. Remove your Jade from iOS bluetooth settings and try again
@@RattakornRuay So does it work over USB or via Bluetooth with a different phone?