saleemrashid/ledger-mcu-backdoor saleemrashid/ledger-mcu-backdoor

  • Stars
    star
    167
  • Rank 225,298 (Top 5 %)
  • Language
    C
  • License
    MIT License
  • Created over 6 years ago
  • Updated over 6 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
saleemrashid/ledger-mcu-backdoor
github

saleemrashid

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Proof of Concept for Ledger Nano S MCU exploit

Ledger MCU Backdoor

Proof-of-concept exploit for the Ledger Nano S that hides the non-genuine user interface confirmation. Intentionally unreliable to avoid weaponization.

It should be trivial to adapt to the Ledger Blue.

More information

Install UX application

  1. Set up the ARM toolchain

  2. Build the modified application (nanos-131 is for firmware 1.3.1)

git clone https://github.com/LedgerHQ/nanos-ui.git -b nanos-131
cd nanos-ui
git apply ../backdoor-recovery-seed-generation.patch
make

  1. Turn on the Ledger Nano S with the right button held until "Recovery" is displayed

  2. Install the modified application

make load
  1. (To remove the modified application)
make delete

Install MCU firmware

  1. Set up the ARM toolchain

  2. Turn on the Ledger Nano S with the left button held until "Bootloader" is displayed

  3. Build and install the modified firmware

make vendor
make load
  1. (To restore the official firmware)
make delete

More Repositories

1

sudo-cve-2019-18634

Proof of Concept for CVE-2019-18634
C
205
star
2

frida-sslkeylog

Frida tool to dump an NSS Key Log for Wireshark, from a process using dynamically linked OpenSSL (or BoringSSL)
Python
108
star
3

badecparams

Proof of Concept for CVE-2020-0601
Python
65
star
4

mediatek_flash_tool

Library and command line tool for interacting with the MediaTek bootloader, for dumping and flashing firmware
C
61
star
5

evilrouterlogin

Proof of Concept for Netgear Routerlogin.com exploit
HTML
17
star
6

changemac

MAC address randomizer for the Qualcomm WCNSS Platform Driver
C
15
star
7

sha2-const

const fn implementation of the SHA-2 family of hash functions
Rust
14
star
8

nem-trezor-standalone

Offline tool for recovering NEM private keys from BIP39 mnemonics and importing them into NanoWallet
HTML
13
star
9

iota-eu-cma

Go
8
star
10

is-this-a-pigeon

Twitter bot for generating "Is this a pigeon?" memes
Python
7
star
11

pebble-libopencm3

Custom firmware for Pebble Time and Pebble Time Steel
C
5
star
12

rmupdate

Utility for fetching software updates from the reMarkable update server
Go
5
star
13

EmailX

Gradle project for building the AOSP Email and Exchange2 applications
Java
4
star
14

trezor-debug

Python REPL for accessing memory-mapped registers on a TREZOR
Python
4
star
15

android_log-rs

📒 Logger which writes to Android logging subsystem
Rust
4
star
16

unsafeless

Transmuting types in Go without using unsafe or reflect
Go
3
star
17

kard-rs

Chip card interface device (CCID) implementation for embedded devices
Rust
3
star
18

do-i-need-a-blockchain

JavaScript
2
star
19

text-maze

🍀 Proof-of-concept maze game written in Python
Python
2
star
20

android_device_amazon_soho

2
star
21

trezor-webusb

JavaScript
1
star
22

binary-ff1

Optimized Rust implementation of FF1 encryption with radix 2
Rust
1
star
23

slack-emoji-maker

JavaScript
1
star
24

bitcoin-block-hash

💰 Calculate the Genesis Block hash in a number of programming languages
C
1
star
25

twitter-punchcard

Python script to generate Twitter "punchcards"
Python
1
star
26

python-windows-scripts

Python
1
star
27

simplehttpserver

C
1
star
28

pyemv

A transport-agnostic Python library for interacting with ISO 7816 and EMV cards
Python
1
star