This article provides you with a step-by-step guide to help you authenticate the consistency of the firmware installed on your OneKey hardware wallet device with its corresponding open source code on GitHub.
Important
The security chip embedded in the OneKey hardware wallet is signed with an official multi-signature at the time of manufacture. If the hardware wallet's firmware is maliciously tampered with by a hacker, a message saying 'Unofficial Firmware Detected' will be displayed upon startup.
Process
Step 1: Download and install the latest firmware
- Visit the official OneKey Firmware Update Website.
- Connect your OneKey hardware wallet to your computer via the USB cable.
- Once your hardware wallet device is detected, you will be able to see the wallet information displayed on the website.
- Select and download the latest version of your hardware wallet firmware.
- Install the firmware by following the provided instructions on the website and confirming on your OneKey hardware wallet.
Step 2: Obtain Checksum on your OneKey hardware wallet
- Navigate to "About Device" on your OneKey hardware wallet.
- Find the detailed firmware information on your OneKey hardware wallet device.
- You can obtain the first seven digits of the checksum for your device firmware from the firmware information.
- For example, 4.9.0[fccbac8-5ff2c88]
- "fccbac8" is the version ID of your device firmware.
- "5ff2c88" is the first seven digits of the checksum for your device firmware.
Step 3: Calculate Checksum for GitHub source code
- Visit the OneKey Firmware GitHub Release website: https://github.com/OneKeyHQ/firmware/releases
- Find the firmware version that you want to calculate the checksum for.
- Click to download the bin file under Assets.
- Open the Terminal in your operating system (macOS/Linux required).
- Based on your OneKey hardware wallet model, select and run the corresponding command below to calculate the Checksum.
- OneKey Classic & OneKey Mini:
-
tail -c +1025 /path/to/(file path) | shasum -a 256 -b
- OneKey Touch:
-
tail -c +2561 /path/to/(file path) | shasum -a 256 -b
Step 4: Compare Checksums
- Compare the first seven digits of the manually calculated checksum from Step 3 with the device checksum obtained in Step 2.
- If the two values match, it indicates that the installed firmware is consistent with the open-source code on GitHub.
Step 1: Download and install the latest bluetooth firmware
- Visit the official OneKey Firmware Update Website.
- Connect your OneKey hardware wallet to your computer via the USB cable.
- Once your hardware wallet device is detected, you will be able to see the wallet information displayed on the website.
- Select and download the latest version of your hardware wallet bluetooth firmware.
- Install the firmware by following the provided instructions on the website and confirming on your OneKey hardware wallet.
Step 2: Obtain Checksum on your OneKey hardware wallet
- Navigate to "About Device" on your OneKey hardware wallet.
- Find the detailed firmware information on your OneKey hardware wallet device.
- You can obtain the first seven digits of the checksum for your device firmware from the bluetooth information.
- For example, 2.3.1[96bb143-5affc8f]
- "96bb143" is the version ID of your device bluetooth firmware.
- "5ff2c8f" is the first seven digits of the checksum for your device firmware.
Step 3: Calculate Checksum for GitHub source code
- Navigate to the official OneKey bluetooth firmware GitHub Release:
- OneKey Classic & Classic 1S: https://github.com/OneKeyHQ/bluetooth-firmware-classic/releases
- OneKey Pro: https://github.com/OneKeyHQ/bluetooth-firmware-pro/releases
- OneKey Touch: https://github.com/OneKeyHQ/bluetooth-firmware-touch/releases
- Find the firmware version that you want to calculate the checksum for.
- Click to download the bin file under Assets.
- Open a terminal in the same folder with the downloaded bin file. (macOS/Linux required)
- Invoke Python with the command:
python3
. (Download Python here) - Copy the command below:
exec("""\nimport struct, hashlib\nwith open("ota.bin", mode="br") as f:\n f.seek(0x0C)\n codelen = struct.unpack("i", f.read(4))[0] - 512\n f.seek(0x600)\n print("".join(format(x, "02x") for x in hashlib.sha256(f.read(codelen)).digest()))\n""")
- Change ota.bin (in the command above) to the name of your downloaded bin file.
- Run the command to get the checksum.
Step 4: Compare Checksums
- Compare the first seven digits of the manually calculated checksum from Step 3 with the device checksum obtained in Step 2.
- If the two values match, it indicates that the installed firmware is consistent with the open-source code on GitHub.
If you wish to verify the consistency of firmware files signed and published on GitHub Release by the OneKey team with the corresponding open-source codes publicly stored on the OneKey GitHub repositories, refer to this article.