"Check BIP39 recovery phrase" from the NanoS app freezes.

[InfiniteQE]

I on my NanoS (fw 2.0.0) I installed the v1.4.0 that I had built in my debian VM.
(with git clone https://github.com/aido/app-sskr-check)

I did this mainly to test if the check sskr shares choose a different word # bug was still there (it is) and if the choose word # 1 bug is still there when you have already entered > 5 words (it is).

Using the other function Check BIP39 seed is also broken. I entered my 12 word mnemonic seed, and get to "Processing". The loading animation briefly turns, then the whole NanoS freezes. I waited >30 mins, and the screen remains frozen on Processing.

I then uninstalled v1.4.0 and reinstalled the v1.3.2 github release binary

Same result, app SSKR Check on NanoS (fw 2.0.0) freezes on "Processing" after a very brief circle animation

[aido]

Nearly all testing was done using Speculos and this behaviour was not seen. I may have to test some more on an actual device not an emulator

Meanwhile, try updating your device to the latest version of the firmware and see what happens.

[InfiniteQE]

Same result with Ledger NanoS firmware 2.1.0. Updating via Ledger Live, the update removed all apps from NanoS.

$ python3 -m ledgerblue.loadApp --appFlags 0x10 --tlv --targetId 0x31100004 --targetVersion="2.1.0" --delete --fileName nanos/bin/app.hex --appName "SSKR Check" --appVersion "1.3.2" --dataSize 0 --icon 0100000000ffffff00ffffffffffffffc3f1c1c3c083e107fb0fff3ffe7ffe7ffe7ffe7ffeffffffff --curve secp256k1 --path ""

Generated random root public key : b'04061afc36158ffe4a126d64411935ce8dae1fca422ff1ae764ab33815062a12f5dfaa654cb69771c1a6b3dce4c1668c8f9832fc395d0ecf86ac214ee2b3c649b5'
Using test master key b'04061afc36158ffe4a126d64411935ce8dae1fca422ff1ae764ab33815062a12f5dfaa654cb69771c1a6b3dce4c1668c8f9832fc395d0ecf86ac214ee2b3c649b5'
Using ephemeral key b'045bfb72d93281de22b70a198272155278ff9f98a36c32eb33a0b69b685597e125840d3100f66e35e7dbd54f5291437962ae6927e73dd4e553f9c1be2c74bd8612'
Broken certificate chain - loading from user key
Application full hash : b448806cf44c22186b9303c62f3991a5d79fe098946155c70ae43f6b71849c8d

"Check BIP39 recovery phrase" freezes after entering my 12 words mnemonic on NanoS

Update : I left it connected for 10+ hours and it remained stuck on Processing.

[aido]

OK, I'll look into it.
This definitely does not happen when using automated testing on Speculos. and ragger.

Here's the results of the automated tests for 12 word, 18 word and 24 word BIP39 phrases ... all pass:
https://github.com/aido/app-sskr-check/actions/runs/5029228287/jobs/9020670231

[InfiniteQE]

Have you managed to try app-sskr-check on a NanoS or NanoS+ ?

[aido]

Hi @InfiniteQE ,

No, I have not tested on a physical Nano S or S+ yet.

However, I have raised an issue with Ledger to see if I can get a lot or all of the finite field processes performed by syscalls rather than writing our own code to do it. Maybe this will affect the issue you are having.

See the issue I raised here:
Additional syscalls for finite field operations

[aido]

The gf_syscalls branch makes a significant change to how the app generates Shamir's Secret Shares. It changes the interpolate function to use syscalls for Galois Field operations. There are pros and cons to these changes.

The following could be argued:

• Using syscalls is more secure
• I am not familiar with the inner working of the Secure Element on each device but using syscalls may give the possibility of using a hardware accelerator if one is present
• The resulting binaries are slightly smaller which is important as the app is already almost at the limit of the flash size of a nano device.

It could also be argued:

• The original code performing interpolation uses bit slicing for the Galois Field operations. This may be more efficient even if the Secure Element has a hardware accelerator.

The syscall used to rewrite the interpolate functionality is called cx_bn_gf2_n_mul(). This syscall is currently not available on Ledger nano devices but is available on the other devices. I have raised an issue with nanos-secure-sdk to see if it can be added: LedgerHQ/nanos-secure-sdk#64

[aido]

app-seed-tool is forked from Ledger's app-recovery-check. I have encountered this same issue when sideloading app-recovery-check onto a Nano S device. The strange thing about it is that if app-recovery-check is installed from the Ledger Live this issue is not encountered.

I have raised an issue with app-recovery-check: LedgerHQ#15