Ledger MCU Backdoor

Proof-of-concept exploit for the Ledger Nano S that hides the non-genuine user interface confirmation. Intentionally unreliable to avoid weaponization.

It should be trivial to adapt to the Ledger Blue.

More information

Install UX application

Set up the ARM toolchain
Build the modified application (nanos-131 is for firmware 1.3.1)

git clone https://github.com/LedgerHQ/nanos-ui.git -b nanos-131
cd nanos-ui
git apply ../backdoor-recovery-seed-generation.patch
make

Turn on the Ledger Nano S with the right button held until "Recovery" is displayed
Install the modified application

make load

(To remove the modified application)

make delete

Install MCU firmware

Set up the ARM toolchain
Turn on the Ledger Nano S with the left button held until "Bootloader" is displayed
Build and install the modified firmware

make vendor
make load

(To restore the official firmware)

make delete

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
vendor		vendor
.gitignore		.gitignore
.gitmodules		.gitmodules
LICENSE		LICENSE
Makefile		Makefile
Makefile.include		Makefile.include
README.md		README.md
backdoor-recovery-seed-generation.patch		backdoor-recovery-seed-generation.patch
main.c		main.c
nanos.h		nanos.h
script.ld.S		script.ld.S
stub.c		stub.c
unsec.h		unsec.h
util.h		util.h

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Ledger MCU Backdoor

Install UX application

Install MCU firmware

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

Ledger MCU Backdoor

Install UX application

Install MCU firmware

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages