Open source code verification for firmware installed on OneKey hardware wallet devices

This article provides you with a step-by-step guide to help you authenticate the consistency of the firmware installed on your OneKey hardware wallet device with its corresponding open source code on GitHub.

Important

The security chip embedded in the OneKey hardware wallet is signed with an official multi-signature at the time of manufacture. If the hardware wallet's firmware is maliciously tampered with by a hacker, a message saying 'Unofficial Firmware Detected' will be displayed upon startup.

Process

System Firmware Bluetooth Firmware
Step 1: Download and install the latest firmware
  • Visit the official OneKey Firmware Update Website.
  • Connect your OneKey hardware wallet to your computer via the USB cable.
  • Once your hardware wallet device is detected, you will be able to see the wallet information displayed on the website.
  • Select and download the latest version of your hardware wallet firmware.
  • Install the firmware by following the provided instructions on the website and confirming on your OneKey hardware wallet.
Step 2: Obtain Checksum on your OneKey hardware wallet
  • Navigate to "About Device" on your OneKey hardware wallet.
  • Find the detailed firmware information on your OneKey hardware wallet device.
  • You can obtain the first seven digits of the checksum for your device firmware from the firmware information.
    • For example, 4.9.0[fccbac8-5ff2c88]
    • "fccbac8" is the version ID of your device firmware.
    • "5ff2c88" is the first seven digits of the checksum for your device firmware.
Step 3: Calculate Checksum for GitHub source code

github release bin.png

  • Open the Terminal in your operating system (macOS/Linux required).
  • Based on your OneKey hardware wallet model, select and run the corresponding command below to calculate the Checksum.
    • OneKey Classic & OneKey Mini: 
    • tail -c +1025 /path/to/(file path) | shasum -a 256 -b
    • OneKey Touch:
    • tail -c +2561 /path/to/(file path) | shasum -a 256 -b
Step 4: Compare Checksums
  • Compare the first seven digits of the manually calculated checksum from Step 3 with the device checksum obtained in Step 2.
  • If the two values match, it indicates that the installed firmware is consistent with the open-source code on GitHub.

If you wish to verify the consistency of firmware files signed and published on GitHub Release by the OneKey team with the corresponding open-source codes publicly stored on the OneKey GitHub repositories, refer to this article.

Was this article helpful?
0 out of 0 found this helpful