Wallet Logo

Blockstream Jade

Latest Release: v 1.0.21 1st August 2023

Our wallet review process

We examine wallets starting at the code level and continue all the way up to the finished app that lives on your device. Provided below is an outline of each of these steps along with security tips for you and general test results.

Developer

Website Twitter LinkedIn Facebook Telegram YouTube

Custody

Private keys generated and held by user

As part of our Methodology, we ask: Is the provider ignorant of the keys?

The answer is "yes". Private keys are generated by the user on the wallet.
Read more

Source code

Public on github

Released

1st January 2021

Application build

The binary provided was reproducible from the code provided.
See the last Issue we created.

See test result
Tested 7th August 2023

Platform notes

There is no globally accepted definition of a hardware wallet. Some consider a paper with 12 words a hardware wallet - after all paper is a sort of hardware or at least not software and the 12 words are arguably a wallet(‘s backup). For the purpose of this project we adhere to higher standards in the hardware wallet section. We only consider a hardware wallet if dedicated hardware protects the private keys in a way that leaves the user in full and exclusive control of what transactions he signs or not. That means:

  • The device allows to create private keys offline * The device never shares private key material apart from an offline backup mechanism
  • The device displays receive addresses for confirmation * The device shares signed transactions after informed approval on the device without reliance on insecure external hardware

Passed all 12 tests

We answered the following questions in this order:

Is this product the original?

The answer is "yes".
If the answer was "no", we would mark it as "Fake" and the following would apply:

The answer is "no". We marked it as "Fake".

We did not ask this question because we failed at a previous question.
If the answer was "no", we would mark it as "Fake" and the following would apply:

The bigger wallets often get imitated by scammers that abuse the reputation of the product by imitating its name, logo or both.

Imitating a competitor is a huge red flag and we urge you to not put any money into this product!

The product cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The product might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late.
Can we expect the product to ever be released?

The answer is "yes".
If the answer was "no", we would mark it as "Announced but never delivered" and the following would apply:

The answer is "no". We marked it as "Announced but never delivered".

We did not ask this question because we failed at a previous question.
If the answer was "no", we would mark it as "Announced but never delivered" and the following would apply:

Some products are promoted with great fund raising, marketing and ICOs, to disappear from one day to the other a week later or they are one-man side projects that get refined for months or even years to still never materialize in an actual product. Regardless, those are projects we consider “vaporware”.

Is this product available yet?

The answer is "yes".
If the answer was "no", we would mark it as "Un-Released" and the following would apply:

The answer is "no". We marked it as "Un-Released".

We did not ask this question because we failed at a previous question.
If the answer was "no", we would mark it as "Un-Released" and the following would apply:

We focus on products that have the biggest impact if things go wrong and while pre-sales sometimes reach many thousands to buy into promises that never materialize, the damage is limited and there would be little definite to be said about an unreleased product anyway.

If you find a product in this category that was released meanwhile, please contact us to do a proper review!

Is it a wallet?

The answer is "yes".
If the answer was "no", we would mark it as "Not a wallet" and the following would apply:

The answer is "no". We marked it as "Not a wallet".

We did not ask this question because we failed at a previous question.
If the answer was "no", we would mark it as "Not a wallet" and the following would apply:

If it’s called “wallet” but is actually only a portfolio tracker, we don’t look any deeper, assuming it is not meant to control funds. What has no funds, can’t lose your coins. It might still leak your financial history!

If you can buy Bitcoins with this app but only into another wallet, it’s not a wallet itself.

Is it for bitcoins?

The answer is "yes".
If the answer was "no", we would mark it as "A wallet but not for Bitcoin" and the following would apply:

The answer is "no". We marked it as "A wallet but not for Bitcoin".

We did not ask this question because we failed at a previous question.
If the answer was "no", we would mark it as "A wallet but not for Bitcoin" and the following would apply:

At this point we only look into wallets that at least also support BTC.

Is the provider ignorant of the keys?

The answer is "yes".
If the answer was "no", we would mark it as "Provided private keys" and the following would apply:

The answer is "no". We marked it as "Provided private keys".

We did not ask this question because we failed at a previous question.
If the answer was "no", we would mark it as "Provided private keys" and the following would apply:

The best hardware wallet cannot guarantee that the provider deleted the keys if the private keys were put onto the device by them in the first place.

There is no way of knowing if the provider took a copy in the process. If they did, all funds controlled by those devices are potentially also under the control of the provider and could be moved out of the client’s control at any time at the provider’s discretion.

The product cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The product might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late.
Does the device hide your keys from other devices?

The answer is "yes".
If the answer was "no", we would mark it as "Leaks Keys" and the following would apply:

The answer is "no". We marked it as "Leaks Keys".

We did not ask this question because we failed at a previous question.
If the answer was "no", we would mark it as "Leaks Keys" and the following would apply:

Some people claim their paper wallet is a hardware wallet. Others use RFID chips with the private keys on them. A very crucial drawback of those systems is that in order to send a transaction, the private key has to be brought onto a different system that doesn’t necessarily share all the desired aspects of a hardware wallet.

Paper wallets need to be printed, exposing the keys to the PC and the printer even before sending funds to it.

Simple RFID based devices can’t sign transactions - they share the keys with whoever asked to use them for whatever they please.

There are even products that are perfectly capable of working in an air-gapped fashion but they still expose the keys to connected devices.

This verdict is reserved for key leakage under normal operation and does not apply to devices where a hack is known to be possible with special hardware.

The product cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The product might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late.
Can the user verify and approve transactions on the device?

The answer is "yes".
If the answer was "no", we would mark it as "Bad Interface" and the following would apply:

The answer is "no". We marked it as "Bad Interface".

We did not ask this question because we failed at a previous question.
If the answer was "no", we would mark it as "Bad Interface" and the following would apply:

These are devices that might generate secure private key material, outside the reach of the provider but that do not have the means to let the user verify transactions on the device itself. This verdict includes screen-less smart cards or USB-dongles.

The wallet lacks either an output device such as a screen, an input device such as touch or physical buttons or both. In consequence, crucial elements of approving transactions is being delegated to other hardware such as a general purpose PC or phone which defeats the purpose of a hardware wallet.

Another consquence of a missing screen is that the user is faced with the dilemma of either not making a backup or having to pass the backup through an insecure device for display or storage.

The software of the device might be perfect but this device cannot be recommended due to this fundamental flaw.

The product cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The product might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late.
Is the source code publicly available?

The answer is "yes".
If the answer was "no", we would mark it as "No source for current release found" and the following would apply:

The answer is "no". We marked it as "No source for current release found".

We did not ask this question because we failed at a previous question.
If the answer was "no", we would mark it as "No source for current release found" and the following would apply:

A wallet that claims to not give the provider the means to steal the users’ funds might actually be lying. In the spirit of “Don’t trust - verify!” you don’t want to take the provider at his word, but trust that people hunting for fame and bug bounties could actually find flaws and back-doors in the wallet so the provider doesn’t dare to put these in.

Back-doors and flaws are frequently found in closed source products but some remain hidden for years. And even in open source security software there might be catastrophic flaws undiscovered for years.

An evil wallet provider would certainly prefer not to publish the code, as hiding it makes audits orders of magnitude harder.

For your security, you thus want the code to be available for review.

If the wallet provider doesn’t share up to date code, our analysis stops there as the wallet could steal your funds at any time, and there is no protection except the provider’s word.

“Up to date” strictly means that any instance of the product being updated without the source code being updated counts as closed source. This puts the burden on the provider to always first release the source code before releasing the product’s update. This paragraph is a clarification to our rules following a little poll.

We are not concerned about the license as long as it allows us to perform our analysis. For a security audit, it is not necessary that the provider allows others to use their code for a competing wallet. You should still prefer actual open source licenses as a competing wallet won’t use the code without giving it careful scrutiny.

The product cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The product might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late.
Is the decompiled binary legible?

The answer is "yes".
If the answer was "no", we would mark it as "Obfuscated" and the following would apply:

The answer is "no". We marked it as "Obfuscated".

We did not ask this question because we failed at a previous question.
If the answer was "no", we would mark it as "Obfuscated" and the following would apply:

When compiling source code to binary, usually a lot of meta information is retained. A variable storing a masterseed would usually still be called masterseed, so an auditor could inspect what happens to the masterseed. Does it get sent to some server? But obfuscation would rename it for example to _t12, making it harder to find what the product is doing with the masterseed.

In benign cases, code symbols are replaced by short strings to make the binary smaller but for the sake of transparency this should not be done for non-reproducible Bitcoin wallets. (Reproducible wallets could obfuscate the binary for size improvements as the reproducibility would assure the link between code and binary.)

Especially in the public source cases, obfuscation is a red flag. If the code is public, why obfuscate it?

As obfuscation is such a red flag when looking for transparency, we do also sometimes inspect the binaries of closed source apps.

As looking for code obfuscation is a more involved task, we do not inspect many apps but if we see other red flags, we might test this to then put the product into this red-flag category.

The product cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The product might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late.
Can the product be built from the source provided?

The answer is "yes".
If the answer was "no", we would mark it as "Failed to build from source provided!" and the following would apply:

The answer is "no". We marked it as "Failed to build from source provided!".

We did not ask this question because we failed at a previous question.
If the answer was "no", we would mark it as "Failed to build from source provided!" and the following would apply:

Published code doesn’t help much if the app fails to compile.

We try to compile the published source code using the published build instructions into a binary. If that fails, we might try to work around issues but if we consistently fail to build the app, we give it this verdict and open an issue in the issue tracker of the provider to hopefully verify their app later.

The product cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The product might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late.
Does the published binary match the published source code?

The answer is "yes".
If the answer was "no", we would mark it as "Not reproducible from source provided" and the following would apply:

The answer is "no". We marked it as "Not reproducible from source provided".

We did not ask this question because we failed at a previous question.
If the answer was "no", we would mark it as "Not reproducible from source provided" and the following would apply:

Published code doesn’t help much if it is not what the published binary was built from. That is why we try to reproduce the binary. We

  1. obtain the binary from the provider
  2. compile the published source code using the published build instructions into a binary
  3. compare the two binaries
  4. we might spend some time working around issues that are easy to work around

If this fails, we might search if other revisions match or if we can deduct the source of the mismatch but generally consider it on the provider to provide the correct source code and build instructions to reproduce the build, so we usually open a ticket in their code repository.

In any case, the result is a discrepancy between the binary we can create and the binary we can find for download and any discrepancy might leak your backup to the server on purpose or by accident.

As we cannot verify that the source provided is the source the binary was compiled from, this category is only slightly better than closed source but for now we have hope projects come around and fix verifiability issues.

The product cannot be independently verified. If the provider puts your funds at risk on purpose or by accident, you will probably not know about the issue before people start losing money. If the provider is more criminally inclined he might have collected all the backups of all the wallets, ready to be emptied at the press of a button. The product might have a formidable track record but out of distress or change in management turns out to be evil from some point on, with nobody outside ever knowing before it is too late.

Application build test result

Blockstream Jade made a big jump in versioning last week - from 0.1.48 to now 1.0.21. Maybe now things are reproducible?

Running our script as is, gave us this diff:

$ docker run --rm -t -w $(pwd) -v $(pwd):$(pwd):ro       registry.salsa.debian.org/reproducible-builds/diffoscope downloaded-firmware.bin build/jade_signed.bin
--- downloaded-firmware.bin
+++ build/jade_signed.bin
@@ -1,20 +1,20 @@
 00000000: e906 0220 1816 0840 ee00 0000 0000 032c  ... ...@.......,
 00000010: 018f 0100 0000 0001 2000 403f 881c 0600  ........ .@?....
 00000020: 3254 cdab 0000 0000 0000 0000 0000 0000  2T..............
-00000030: 312e 302e 3231 0000 0000 0000 0000 0000  1.0.21..........
+00000030: 3100 0000 0000 0000 0000 0000 0000 0000  1...............
 00000040: 0000 0000 0000 0000 0000 0000 0000 0000  ................
 00000050: 0000 0000 0000 0000 0000 0000 0000 0000  ................
 00000060: 0000 0000 0000 0000 0000 0000 0000 0000  ................
 00000070: 0000 0000 0000 0000 0000 0000 0000 0000  ................
 00000080: 0000 0000 0000 0000 0000 0000 0000 0000  ................
 00000090: 7635 2e30 2e32 0000 0000 0000 0000 0000  v5.0.2..........
 000000a0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
-000000b0: 13ff 01da d1c5 9c74 a3ab a843 8e6c bdd4  .......t...C.l..
-000000c0: 6d24 968c 84bf 3b5e eb3d 4487 c66c 10de  m$....;^.=D..l..
+000000b0: 3c01 4de3 3b6d 94a9 aef5 b35c 053a cdaa  <.M.;m.....\.:..
+000000c0: 2b80 7fb0 cf37 d273 ed24 1f16 6f89 849b  +....7.s.$..o...
 000000d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
 000000e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
 000000f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
 00000100: 0000 0000 0000 0000 0000 0000 0000 0000  ................
 00000110: 0000 0000 0000 0000 0000 0000 0000 0000  ................
 00000120: 014a 4144 4500 0000 0000 0000 0000 0000  .JADE...........
 00000130: 0000 0000 0000 0000 0000 0000 0000 0000  ................
@@ -81911,92 +81911,92 @@
 0013ff60: 0000 0000 0000 0000 0000 0000 0000 0000  ................
 0013ff70: 0000 0000 0000 0000 0000 0000 0000 0000  ................
 0013ff80: 0000 0000 0000 0000 0000 0000 0000 0000  ................
 0013ff90: 0000 0000 0000 0000 0000 0000 0000 0000  ................
 0013ffa0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
 0013ffb0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
 0013ffc0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
-0013ffd0: 0000 0000 0000 0000 0000 0000 0000 0089  ................
-0013ffe0: 945b 7754 129e 0237 d19c 0470 1259 e0a3  .[wT...7...p.Y..
-0013fff0: 4316 ea36 cccc ee95 9107 f0f8 ce63 e4a7  C..6.........c..
-00140000: e702 0000 1b22 5429 2da7 0dcf 25fa ebd2  ....."T)-...%...
-00140010: c1d0 2fd5 393a c1f4 375d fa7d a0e6 d373  ../.9:..7].}...s
-00140020: 16ab 5454 4fe0 c1fc f6b3 5755 1848 ba39  ..TTO.....WU.H.9
-00140030: 5a4a dd66 5657 9401 97d7 74a6 b293 1776  ZJ.fVW....t....v
-00140040: d8b3 ae10 2722 94fb 2f3d 6975 bc1c ce35  ....'"../=iu...5
-00140050: 7be3 2ddc b54c 213a b80e 9664 48cd c978  {.-..L!:...dH..x
-00140060: 632c 5dcf 0d59 3f26 ec41 65d5 8dbf d986  c,]..Y?&.Ae.....
-00140070: 0b9b 2441 8f6c 0f34 8d05 9ac4 a885 99d1  ..$A.l.4........
-00140080: ad4f f758 858f 0909 459a 2a0c b22e 275f  .O.X....E.*...'_
-00140090: 84de 69e3 ad53 2f7d ad05 db07 f834 ffa5  ..i..S/}.....4..
-001400a0: 4de7 c8d0 29c4 cccf 9005 0ca1 6862 5989  M...).......hbY.
-001400b0: 3e2a 938b a0c5 1bcd 8812 490d 4a67 1a17  >*........I.Jg..
-001400c0: 8759 7cec 0f46 bbe9 8d0f 1939 5547 6f7a  .Y|..F.....9UGoz
-001400d0: 6e5c a581 17f2 beb7 ee7b 1715 1277 b9d7  n\.......{...w..
-001400e0: 9913 322b c7ba 8312 65e4 42d2 aea7 b82c  ..2+....e.B....,
-001400f0: 17d8 c23d 3a38 ea8f 66cc 8873 2831 7b47  ...=:8..f..s(1{G
-00140100: d0f7 09d2 5407 02f8 639a 4d9a 69b6 f886  ....T...c.M.i...
-00140110: 6ac0 71a0 2296 ceb3 6d6f 135e 92f7 46c8  j.q."...mo.^..F.
-00140120: 44c3 b4c4 6d4d ef4f 2eeb 0c37 0fd7 64cc  D...mM.O...7..d.
-00140130: 3120 cdf7 b6cd 1499 561e 11fc 7be5 c686  1 ......V...{...
-00140140: 2fc9 1bb1 3971 a1ac e698 78ce 957a 9b5e  /...9q....x..z.^
-00140150: 6acc eb52 f647 b3fc d0f0 630c 6dba 5096  j..R.G....c.m.P.
-00140160: 5fa9 6d38 76f2 3e47 5d69 e600 3c07 fc40  _.m8v.>G]i..<..@
-00140170: 74cc 0905 e5ec dc05 12b2 4def 1560 562b  t.........M..`V+
-00140180: 77a8 7705 b0da 5b88 5f65 398f a8c3 a66c  w.w...[._e9....l
-00140190: 073c 4e37 c68d ccb5 ed12 13c1 d482 5331  .<N7..........S1
-001401a0: 600c 0bd7 0100 0100 1538 3ccd f9d1 742d  `........8<...t-
-001401b0: dab7 6317 6fdb 4b47 f83d 7676 8d23 353b  ..c.o.KG.=vv.#5;
-001401c0: 97cf 8aba 5b73 26c7 15f7 7390 197a 10e4  ....[s&...s..z..
-001401d0: 0b1b 8f94 4154 bc70 7588 d988 1754 a38a  ....AT.pu....T..
-001401e0: 3347 a8e5 7202 67ec 805a cd4f ee74 e20e  3G..r.g..Z.O.t..
-001401f0: 3e1d e47d ba13 40f5 8ed9 4e4e 934b 963b  >..}..@...NN.K.;
-00140200: 31c4 e861 23f4 fb5a f708 66c7 6b1e 20c1  1..a#..Z..f.k. .
-00140210: 69b6 ad49 293f 83fd ab28 370c ff02 d37e  i..I)?...(7....~
-00140220: 15ab 8a1e 06f9 b606 0892 3ef2 2715 9c83  ..........>.'...
-00140230: 5ca4 5fb9 8f7d 5751 618e 1a0a 5e7b ed3c  \._..}WQa...^{.<
-00140240: df5a c96c 94c0 2787 0704 c2a1 b857 b569  .Z.l..'......W.i
-00140250: 34ea 6b71 010e 11aa 89ad 3804 679e b5ac  4.kq......8.g...
-00140260: e027 ea9d 9d5c f33c 652b db1a 7cc4 bd73  .'...\.<e+..|..s
-00140270: 5ed1 ea10 7355 d69d b361 bec3 0c9e 4266  ^...sU...a....Bf
-00140280: 78e6 f39c 5365 09eb 0790 30c1 2082 1ff0  x...Se....0. ...
-00140290: f338 966f ad21 c273 3c5a 79df 8d3d b06f  .8.o.!.s<Zy..=.o
-001402a0: b5ed 809d 76d7 2ed4 0260 1fe3 657e 0c81  ....v....`..e~..
-001402b0: 642e 74ec da14 0b2b 38f6 443d 90e2 5c22  d.t....+8.D=..\"
-001402c0: be2e e249 f75d 76ef 9f14 20ca 1f8c ccc2  ...I.]v... .....
-001402d0: d09c 4120 0101 5a63 e12f c07b 7954 edb3  ..A ..Zc./.{yT..
-001402e0: 95d6 a541 822c 4630 c0b7 7f20 d649 fca0  ...A.,F0... .I..
-001402f0: 4304 f91a a7e7 6b55 5e78 f182 a637 1f7a  C.....kU^x...7.z
-00140300: 4eb7 2bac 3d18 f812 62c3 109f 7b38 e6ff  N.+.=...b...{8..
-00140310: 452f 7079 dfae 5ea9 e329 72f9 9f69 c4d4  E/py..^..)r..i..
-00140320: 4e42 bb08 5511 f816 51c9 569d 3e20 965a  NB..U...Q.V.> .Z
-00140330: 4a9c f718 b9fc 85a1 7055 ce5d d112 7cad  J.......pU.]..|.
-00140340: 0b9a a1e8 bfec 30f4 7c4e 2622 688f 6505  ......0.|N&"h.e.
-00140350: 3c2a 5742 48ac df67 6234 285e 5453 eee3  <*WBH..gb4(^TS..
-00140360: e454 dbd3 3ac5 38d5 686d 3b05 3aab 47bd  .T..:.8.hm;.:.G.
-00140370: 8ed0 d987 acd4 653a 84e7 e3b6 891d acec  ......e:........
-00140380: 80a6 3a15 7a75 b67a 8997 853f 804f 42b9  ..:.zu.z...?.OB.
-00140390: d81f 5b52 11ea 117c d089 ecc3 5389 7473  ..[R...|....S.ts
-001403a0: e7f1 9318 79bb 772f 0be3 edec 243d 745a  ....y.w/....$=tZ
-001403b0: 0369 037f f54a cf97 2e74 12ef 83f6 1a2f  .i...J...t...../
-001403c0: 9e1b 9df7 f689 91c6 ddf5 b4f8 9487 cc49  ...............I
-001403d0: 34d8 447b 6787 754b ee81 85fc 977f edc9  4.D{g.uK........
-001403e0: ba05 a54b 960c b25f 64af 4a94 9922 05cd  ...K..._d.J.."..
-001403f0: 6db8 f3e7 fddc f11f 70c5 0d83 a6cb fcbe  m.......p.......
-00140400: 8066 7ddb 8430 e2ba e95c 4c7e 0f36 d7d2  .f}..0...\L~.6..
-00140410: 4773 b316 1dac f165 a8ee 4eaa 190e 85e8  Gs.....e..N.....
-00140420: 6f86 505c 60f6 e6f9 a17f 1a21 9072 5b80  o.P\`......!.r[.
-00140430: bdca 37d0 0196 19b3 7b86 d026 6d2b 59d2  ..7.....{..&m+Y.
-00140440: 4235 541b 6dde 6f69 c6c7 b1f5 df92 ed2e  B5T.m.oi........
-00140450: 673e 78cb 558d 09cd 2231 0832 955a 2749  g>x.U..."1.2.Z'I
-00140460: db96 98b1 0ee4 acca 4c03 4ec5 8527 3a73  ........L.N..':s
-00140470: 3273 f816 c2d1 3a5d a19f 5f88 6b59 7680  2s....:].._.kYv.
-00140480: 121b 6e29 18b8 614f 7054 f8f6 1e1e d3b0  ..n)..aOpT......
-00140490: 03e0 669f 7b1d b8bc 9680 c4a6 c8ed ae05  ..f.{...........
-001404a0: 4fbf baab b58e f921 23fe 0d75 5c4e 22c6  O......!#..u\N".
+0013ffd0: 0000 0000 0000 0000 0000 0000 0000 0075  ...............u
+0013ffe0: 61bb 2128 d7ad b7cd 0c4b 5837 839e dd8f  a.!(.....KX7....
+0013fff0: d6a8 08d5 4106 6651 cb7a 5b47 58ac bb9e  ....A.fQ.z[GX...
+00140000: e702 0000 23ba fa05 b6f0 a054 556f 4a69  ....#......TUoJi
+00140010: 71f3 8768 0f22 213b f2f8 6e5f f6a1 195b  q..h."!;..n_...[
+00140020: 3ddb 1a91 2f1d 5fa4 a018 a49a d321 d9cd  =.../._......!..
+00140030: b0f8 b4d0 e123 a8ef 9a5e 14be 9b65 8fc6  .....#...^...e..
+00140040: dbc9 8d91 0b30 7452 11b9 7351 40ca 003c  .....0tR..sQ@..<
+00140050: fac1 f5d3 8a67 2397 5e2d 2025 89ec 1ff1  .....g#.^- %....
+00140060: 72a8 347f b0f1 26e7 ed72 9030 765c 7cc1  r.4...&..r.0v\|.
+00140070: db95 85f9 4126 62b8 bcbf d0c4 6b5a 9296  ....A&b.....kZ..
+00140080: bab2 c072 be52 af50 51b4 833c 46c9 517f  ...r.R.PQ..<F.Q.
+00140090: 9bd5 9ac3 7ec6 e894 bde3 fc1e 0915 233f  ....~.........#?
+001400a0: 2fa4 1a92 4e26 b16a 8528 ff4e 6f6c 9675  /...N&.j.(.Nol.u
+001400b0: a132 dbdd b464 dfd7 59d7 81b5 5827 a1e2  .2...d..Y...X'..
+001400c0: b2fb 2e78 0c6c 45e9 2b67 b2ed 4ab9 0e02  ...x.lE.+g..J...
+001400d0: 9acd 3a08 d0f2 625b 8082 d46b a272 a97d  ..:...b[...k.r.}
+001400e0: 12aa 54a0 764b a36d d71b fdf8 def7 1de3  ..T.vK.m........
+001400f0: 53c8 cf70 621a 4d83 97ce c126 105c 2ede  S..pb.M....&.\..
+00140100: 8753 d5ae 1760 43bc 1cc5 24c2 ecbe abc1  .S...`C...$.....
+00140110: 844e d3f6 1d2c 41b1 548e d9c1 8250 cbc6  .N...,A.T....P..
+00140120: 6f48 d8d5 217d ad18 c408 d04b f06f 5199  oH..!}.....K.oQ.
+00140130: 7912 71ea cc63 125a c19d d68b a799 069e  y.q..c.Z........
+00140140: 562d f756 9d2e 53f1 82d6 73e0 5456 e5dc  V-.V..S...s.TV..
+00140150: 1591 ef2e e87e 995b 9b9b e28f ed31 a9cb  .....~.[.....1..
+00140160: d031 fef5 30e6 e642 1f9e 67ac 7ed6 5962  .1..0..B..g.~.Yb
+00140170: 12cb 3cf7 cbcb 1bc3 6e6d 4977 cce7 b43a  ..<.....nmIw...:
+00140180: 1926 ad9a 0e53 8b12 aba8 1952 79a8 c65e  .&...S.....Ry..^
+00140190: 350e c438 e430 6f49 9273 dcb9 e74a 05df  5..8.0oI.s...J..
+001401a0: 3c5f eea3 0100 0100 457f eea2 34ee 9530  <_......E...4..0
+001401b0: 9b03 c83f caac 8cd3 e428 83f8 c93b 0698  ...?.....(...;..
+001401c0: 38a8 2a1c e3f7 aa58 4e46 4ea4 7aac 0c76  8.*....XNFN.z..v
+001401d0: 5b62 4ed0 0253 9502 5fc1 93a8 4029 39c9  [bN..S.._...@)9.
+001401e0: c284 2481 5ab1 ae0a 09c0 d802 9898 12f6  ..$.Z...........
+001401f0: 14dc c4c3 791f aa9d cc1a 2f44 3147 a617  ....y...../D1G..
+00140200: 0f52 816b be21 a4df dfe4 201a d800 4a87  .R.k.!.... ...J.
+00140210: 7e52 2566 26b3 08b4 b23a e262 8324 7f80  ~R%f&....:.b.$..
+00140220: 2111 3cc3 5f88 e1df 1484 09de 9e5a bb35  !.<._........Z.5
+00140230: 5338 c37a 43f8 4793 b86e c443 e9cf dddc  S8.zC.G..n.C....
+00140240: 1e8a a5bd 30b7 2d16 3601 a6e1 d233 b46e  ....0.-.6....3.n
+00140250: c1c2 f928 9bc7 3099 9665 833b eeda 18c3  ...(..0..e.;....
+00140260: 7852 d7c0 ed0a e3c3 f4b4 b180 43e1 15e5  xR..........C...
+00140270: b437 96e0 871a 646d b798 7126 9e81 d63a  .7....dm..q&...:
+00140280: 97f4 9e44 1769 f435 9eb9 1f71 680b 7058  ...D.i.5...qh.pX
+00140290: 9a1f ed01 3236 d4f1 673b dd44 cf97 edc0  ....26..g;.D....
+001402a0: 49ce d04e 2f27 e9d5 6cb6 b3a1 4247 2200  I..N/'..l...BG".
+001402b0: dcb0 024c 52c7 c4f0 1a92 14b7 f191 0494  ...LR...........
+001402c0: 8e20 41df cd2f 7d56 fa3f 7222 624a da3f  . A../}V.?r"bJ.?
+001402d0: 79b0 8521 6a9e a8ee caff 65b4 e8d3 8c8b  y..!j.....e.....
+001402e0: 18fe 618e 4510 a101 9708 2601 1513 ccfb  ..a.E.....&.....
+001402f0: cce6 49cf 5c0f 41e3 9417 43d0 eb82 7847  ..I.\.A...C...xG
+00140300: 69c6 5414 9d06 311c 4ab9 0e9e a757 0ad9  i.T...1.J....W..
+00140310: b45d f785 ad6e d44d 69a3 976a 3a92 afda  .]...n.Mi..j:...
+00140320: 4fac 422c 40cc b05b 31b6 b47a 58be f3f7  O.B,@..[1..zX...
+00140330: 5cb9 12c6 fc9f ce2e ff06 8fe8 eb59 8d33  \............Y.3
+00140340: e146 1967 cd25 7cb4 0eb8 cfb4 0804 a55c  .F.g.%|........\
+00140350: b939 c1c5 c134 eb6c 443e 603d 0970 82f4  .9...4.lD>`=.p..
+00140360: eaaf 48bc a71e f88b 5f5e 5839 c1b1 a012  ..H....._^X9....
+00140370: c0e0 ca42 6e37 9cd1 a09b 31ef f105 f99b  ...Bn7....1.....
+00140380: 6019 9741 5fb6 6f19 423a 2426 af29 4b93  `..A_.o.B:$&.)K.
+00140390: 1e16 d98b f43d 00d3 091e 4605 94f2 bdc9  .....=....F.....
+001403a0: a0aa 376a 3272 43bc 8e67 a7ab 8909 7137  ..7j2rC..g....q7
+001403b0: 7e95 04ac 21ef ab39 2dee 8ed1 21f4 94ad  ~...!..9-...!...
+001403c0: aa62 e846 224a 7780 a1bc c703 da2f 71df  .b.F"Jw....../q.
+001403d0: 79d0 d00c eca6 d326 8b55 cddd 0f0f 77e2  y......&.U....w.
+001403e0: 69ff 57ed ee3a cbcd d74a 5ef4 5e25 7611  i.W..:...J^.^%v.
+001403f0: 82f6 dec8 2344 c72e cf52 18b8 4ff3 f2a6  ....#D...R..O...
+00140400: e8d8 2389 922b e424 d023 0dda f0b5 36b4  ..#..+.$.#....6.
+00140410: 6b9a a557 d37c 1b09 4e63 57dd 19cb 4552  k..W.|..NcW...ER
+00140420: a0a4 f3f3 6859 c294 ff6c c1ab d03d f9bf  ....hY...l...=..
+00140430: 2beb 00ef 1d8c fdae de2f 6392 8051 8f22  +......../c..Q."
+00140440: 3c69 1800 3a63 4e6c ce34 36a1 83be e24f  <i..:cNl.46....O
+00140450: 6262 9d11 00bb 09d6 5055 8058 b5e6 8484  bb......PU.X....
+00140460: ec05 db23 a068 2048 3318 87b0 d27b e0b3  ...#.h H3....{..
+00140470: 9907 266e ae41 3485 441a 73a4 9009 bfba  ..&n.A4.D.s.....
+00140480: 3855 3585 412f a62e bb0c 3a1d 0f40 e2e8  8U5.A/....:..@..
+00140490: ea38 6039 8908 7593 5e8b 1f5b 80d2 84a7  .8`9..u.^..[....
+001404a0: e04e 6587 8499 286c 4d41 b6a1 4435 bd29  .Ne...(lMA..D5.)
 001404b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
 001404c0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
 001404d0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
 001404e0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
 001404f0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
 00140500: ffff ffff ffff ffff ffff ffff ffff ffff  ................
 00140510: ffff ffff ffff ffff ffff ffff ffff ffff  ................

That is a big block of 1234B that differ and some smaller diffs. The former might be signatures. The latter certainly not. For example the downloaded file contains the version number where the compiled file does not.

Let’s see if things improve if we run the script again, with some small modifications following changes in the build instructions.

The following is a diff of the downloaded file and the unsigned file we compiled:

$ docker run --rm -t -w $(pwd) -v $(pwd):$(pwd):ro registry.salsa.debian.org/reproducible-builds/diffoscope downloaded-firmware.bin build/jade.bin
--- downloaded-firmware.bin
+++ build/jade.bin
@@ -81914,263 +81914,7 @@
 0013ff90: 0000 0000 0000 0000 0000 0000 0000 0000  ................
 0013ffa0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
 0013ffb0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
 0013ffc0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
 0013ffd0: 0000 0000 0000 0000 0000 0000 0000 0089  ................
 0013ffe0: 945b 7754 129e 0237 d19c 0470 1259 e0a3  .[wT...7...p.Y..
 0013fff0: 4316 ea36 cccc ee95 9107 f0f8 ce63 e4a7  C..6.........c..
-00140000: e702 0000 1b22 5429 2da7 0dcf 25fa ebd2  ....."T)-...%...
-00140010: c1d0 2fd5 393a c1f4 375d fa7d a0e6 d373  ../.9:..7].}...s
-00140020: 16ab 5454 4fe0 c1fc f6b3 5755 1848 ba39  ..TTO.....WU.H.9
-00140030: 5a4a dd66 5657 9401 97d7 74a6 b293 1776  ZJ.fVW....t....v
-00140040: d8b3 ae10 2722 94fb 2f3d 6975 bc1c ce35  ....'"../=iu...5
-00140050: 7be3 2ddc b54c 213a b80e 9664 48cd c978  {.-..L!:...dH..x
-00140060: 632c 5dcf 0d59 3f26 ec41 65d5 8dbf d986  c,]..Y?&.Ae.....
-00140070: 0b9b 2441 8f6c 0f34 8d05 9ac4 a885 99d1  ..$A.l.4........
-00140080: ad4f f758 858f 0909 459a 2a0c b22e 275f  .O.X....E.*...'_
-00140090: 84de 69e3 ad53 2f7d ad05 db07 f834 ffa5  ..i..S/}.....4..
-001400a0: 4de7 c8d0 29c4 cccf 9005 0ca1 6862 5989  M...).......hbY.
-001400b0: 3e2a 938b a0c5 1bcd 8812 490d 4a67 1a17  >*........I.Jg..
-001400c0: 8759 7cec 0f46 bbe9 8d0f 1939 5547 6f7a  .Y|..F.....9UGoz
-001400d0: 6e5c a581 17f2 beb7 ee7b 1715 1277 b9d7  n\.......{...w..
-001400e0: 9913 322b c7ba 8312 65e4 42d2 aea7 b82c  ..2+....e.B....,
-001400f0: 17d8 c23d 3a38 ea8f 66cc 8873 2831 7b47  ...=:8..f..s(1{G
-00140100: d0f7 09d2 5407 02f8 639a 4d9a 69b6 f886  ....T...c.M.i...
-00140110: 6ac0 71a0 2296 ceb3 6d6f 135e 92f7 46c8  j.q."...mo.^..F.
-00140120: 44c3 b4c4 6d4d ef4f 2eeb 0c37 0fd7 64cc  D...mM.O...7..d.
-00140130: 3120 cdf7 b6cd 1499 561e 11fc 7be5 c686  1 ......V...{...
-00140140: 2fc9 1bb1 3971 a1ac e698 78ce 957a 9b5e  /...9q....x..z.^
-00140150: 6acc eb52 f647 b3fc d0f0 630c 6dba 5096  j..R.G....c.m.P.
-00140160: 5fa9 6d38 76f2 3e47 5d69 e600 3c07 fc40  _.m8v.>G]i..<..@
-00140170: 74cc 0905 e5ec dc05 12b2 4def 1560 562b  t.........M..`V+
-00140180: 77a8 7705 b0da 5b88 5f65 398f a8c3 a66c  w.w...[._e9....l
-00140190: 073c 4e37 c68d ccb5 ed12 13c1 d482 5331  .<N7..........S1
-001401a0: 600c 0bd7 0100 0100 1538 3ccd f9d1 742d  `........8<...t-
-001401b0: dab7 6317 6fdb 4b47 f83d 7676 8d23 353b  ..c.o.KG.=vv.#5;
-001401c0: 97cf 8aba 5b73 26c7 15f7 7390 197a 10e4  ....[s&...s..z..
-001401d0: 0b1b 8f94 4154 bc70 7588 d988 1754 a38a  ....AT.pu....T..
-001401e0: 3347 a8e5 7202 67ec 805a cd4f ee74 e20e  3G..r.g..Z.O.t..
-001401f0: 3e1d e47d ba13 40f5 8ed9 4e4e 934b 963b  >..}..@...NN.K.;
-00140200: 31c4 e861 23f4 fb5a f708 66c7 6b1e 20c1  1..a#..Z..f.k. .
-00140210: 69b6 ad49 293f 83fd ab28 370c ff02 d37e  i..I)?...(7....~
-00140220: 15ab 8a1e 06f9 b606 0892 3ef2 2715 9c83  ..........>.'...
-00140230: 5ca4 5fb9 8f7d 5751 618e 1a0a 5e7b ed3c  \._..}WQa...^{.<
-00140240: df5a c96c 94c0 2787 0704 c2a1 b857 b569  .Z.l..'......W.i
-00140250: 34ea 6b71 010e 11aa 89ad 3804 679e b5ac  4.kq......8.g...
-00140260: e027 ea9d 9d5c f33c 652b db1a 7cc4 bd73  .'...\.<e+..|..s
-00140270: 5ed1 ea10 7355 d69d b361 bec3 0c9e 4266  ^...sU...a....Bf
-00140280: 78e6 f39c 5365 09eb 0790 30c1 2082 1ff0  x...Se....0. ...
-00140290: f338 966f ad21 c273 3c5a 79df 8d3d b06f  .8.o.!.s<Zy..=.o
-001402a0: b5ed 809d 76d7 2ed4 0260 1fe3 657e 0c81  ....v....`..e~..
-001402b0: 642e 74ec da14 0b2b 38f6 443d 90e2 5c22  d.t....+8.D=..\"
-001402c0: be2e e249 f75d 76ef 9f14 20ca 1f8c ccc2  ...I.]v... .....
-001402d0: d09c 4120 0101 5a63 e12f c07b 7954 edb3  ..A ..Zc./.{yT..
-001402e0: 95d6 a541 822c 4630 c0b7 7f20 d649 fca0  ...A.,F0... .I..
-001402f0: 4304 f91a a7e7 6b55 5e78 f182 a637 1f7a  C.....kU^x...7.z
-00140300: 4eb7 2bac 3d18 f812 62c3 109f 7b38 e6ff  N.+.=...b...{8..
-00140310: 452f 7079 dfae 5ea9 e329 72f9 9f69 c4d4  E/py..^..)r..i..
-00140320: 4e42 bb08 5511 f816 51c9 569d 3e20 965a  NB..U...Q.V.> .Z
-00140330: 4a9c f718 b9fc 85a1 7055 ce5d d112 7cad  J.......pU.]..|.
-00140340: 0b9a a1e8 bfec 30f4 7c4e 2622 688f 6505  ......0.|N&"h.e.
-00140350: 3c2a 5742 48ac df67 6234 285e 5453 eee3  <*WBH..gb4(^TS..
-00140360: e454 dbd3 3ac5 38d5 686d 3b05 3aab 47bd  .T..:.8.hm;.:.G.
-00140370: 8ed0 d987 acd4 653a 84e7 e3b6 891d acec  ......e:........
-00140380: 80a6 3a15 7a75 b67a 8997 853f 804f 42b9  ..:.zu.z...?.OB.
-00140390: d81f 5b52 11ea 117c d089 ecc3 5389 7473  ..[R...|....S.ts
-001403a0: e7f1 9318 79bb 772f 0be3 edec 243d 745a  ....y.w/....$=tZ
-001403b0: 0369 037f f54a cf97 2e74 12ef 83f6 1a2f  .i...J...t...../
-001403c0: 9e1b 9df7 f689 91c6 ddf5 b4f8 9487 cc49  ...............I
-001403d0: 34d8 447b 6787 754b ee81 85fc 977f edc9  4.D{g.uK........
-001403e0: ba05 a54b 960c b25f 64af 4a94 9922 05cd  ...K..._d.J.."..
-001403f0: 6db8 f3e7 fddc f11f 70c5 0d83 a6cb fcbe  m.......p.......
-00140400: 8066 7ddb 8430 e2ba e95c 4c7e 0f36 d7d2  .f}..0...\L~.6..
-00140410: 4773 b316 1dac f165 a8ee 4eaa 190e 85e8  Gs.....e..N.....
-00140420: 6f86 505c 60f6 e6f9 a17f 1a21 9072 5b80  o.P\`......!.r[.
-00140430: bdca 37d0 0196 19b3 7b86 d026 6d2b 59d2  ..7.....{..&m+Y.
-00140440: 4235 541b 6dde 6f69 c6c7 b1f5 df92 ed2e  B5T.m.oi........
-00140450: 673e 78cb 558d 09cd 2231 0832 955a 2749  g>x.U..."1.2.Z'I
-00140460: db96 98b1 0ee4 acca 4c03 4ec5 8527 3a73  ........L.N..':s
-00140470: 3273 f816 c2d1 3a5d a19f 5f88 6b59 7680  2s....:].._.kYv.
-00140480: 121b 6e29 18b8 614f 7054 f8f6 1e1e d3b0  ..n)..aOpT......
-00140490: 03e0 669f 7b1d b8bc 9680 c4a6 c8ed ae05  ..f.{...........
-001404a0: 4fbf baab b58e f921 23fe 0d75 5c4e 22c6  O......!#..u\N".
-001404b0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
-001404c0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001404d0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001404e0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001404f0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140500: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140510: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140520: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140530: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140540: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140550: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140560: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140570: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140580: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140590: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001405a0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001405b0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001405c0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001405d0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001405e0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001405f0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140600: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140610: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140620: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140630: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140640: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140650: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140660: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140670: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140680: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140690: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001406a0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001406b0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001406c0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001406d0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001406e0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001406f0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140700: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140710: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140720: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140730: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140740: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140750: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140760: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140770: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140780: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140790: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001407a0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001407b0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001407c0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001407d0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001407e0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001407f0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140800: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140810: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140820: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140830: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140840: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140850: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140860: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140870: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140880: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140890: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001408a0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001408b0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001408c0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001408d0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001408e0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001408f0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140900: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140910: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140920: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140930: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140940: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140950: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140960: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140970: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140980: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140990: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001409a0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001409b0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001409c0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001409d0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001409e0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-001409f0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140a00: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140a10: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140a20: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140a30: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140a40: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140a50: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140a60: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140a70: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140a80: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140a90: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140aa0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140ab0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140ac0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140ad0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140ae0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140af0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140b00: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140b10: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140b20: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140b30: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140b40: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140b50: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140b60: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140b70: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140b80: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140b90: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140ba0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140bb0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140bc0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140bd0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140be0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140bf0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140c00: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140c10: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140c20: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140c30: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140c40: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140c50: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140c60: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140c70: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140c80: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140c90: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140ca0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140cb0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140cc0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140cd0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140ce0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140cf0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140d00: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140d10: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140d20: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140d30: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140d40: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140d50: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140d60: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140d70: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140d80: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140d90: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140da0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140db0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140dc0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140dd0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140de0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140df0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140e00: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140e10: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140e20: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140e30: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140e40: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140e50: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140e60: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140e70: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140e80: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140e90: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140ea0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140eb0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140ec0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140ed0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140ee0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140ef0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140f00: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140f10: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140f20: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140f30: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140f40: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140f50: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140f60: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140f70: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140f80: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140f90: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140fa0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140fb0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140fc0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140fd0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140fe0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
-00140ff0: ffff ffff ffff ffff ffff ffff ffff ffff  ................

The downloaded and the self-signed files are 4096 bytes longer than the unsigned file. These bytes are all appended to the unsigned file in the signing step:

espsecure.py sign_data \
    --keyfile ./release/scripts/dev_fw_signing_key.pem \
    --version 2 \
    --output ./build/jade_signed.bin \
    ./build/jade.bin

With all but the signature matching, this product is reproducible.

Update 2023-06-29: We used a test script to build the firmware based on the the provided instructions. After running the script we get this result for version 0.1.48 (BLE-Enabled):

$ ./scripts/test/hardware/blockstreamjade.sh 0.1.48

...

d329dbf4fea13c6cde7df9682febae15e162947dc5a747aae98540f69e1a25d3  downloaded-firmware.bin
a249638d43723e21927610f208727eda585e569f384cf14944297aedb85d66d1  build/jade_signed.bin
b74dc0d9df905f53097f3dfe66b62798257e9e7ae52a10815ec6d9f3ab2c2d89  build/jade.bin

Obviously the hashes wouldn’t be the same because of the difference in signatures. So we converted binaries to hex to see the diff. Unfortunately the diff was something more than signatures:

$ xxd downloaded-firmware.bin > downloaded-firmware.hex
$ xxd build/jade_signed.bin > jade_signed.hex
$ diff downloaded-firmware.hex jade_signed.hex

4c4
< 00000030: 302e 312e 3438 0000 0000 0000 0000 0000  0.1.48..........
---
> 00000030: 3100 0000 0000 0000 0000 0000 0000 0000  1...............
12,13c12,13
< 000000b0: 0c00 a08c c9d3 f9ef 58bd 2405 e51c d269  ........X.$....i
< 000000c0: 194e 435e 6818 56ea 80ec c5aa 0259 2c1c  .NC^h.V......Y,.
---
> 000000b0: c250 4a04 278e 4d62 9f4d 6ba2 0e03 f187  .PJ.'.Mb.Mk.....
> 000000c0: d606 74fa 6ed5 0ccb 19e2 fa08 05a2 524e  ..t.n.........RN
24941c24941
< 000616c0: 60db fb3f c088 fc3f 0000 803f 0000 c03f  `..?...?...?...?
---
> 000616c0: 60db fb3f e0a3 fc3f 0000 803f 0000 c03f  `..?...?...?...?
26982c26982
< 00069650: 0000 0000 2000 0000 0800 803f 0000 0000  .... ......?....
---
> 00069650: 0000 0000 2000 0000 407e fc3f 0000 0000  .... ...@~.?....
27277c27277
< 0006a8c0: b468 fc3f 0080 f43f c088 fc3f a068 fc3f  .h.?...?...?.h.?
---
> 0006a8c0: b468 fc3f 0080 f43f e0a3 fc3f a068 fc3f  .h.?...?...?.h.?
27279c27279
< 0006a8e0: 2c00 f03f 8815 0840 201b 803f 0000 803f  ,..?...@ ..?...?
---
> 0006a8e0: 2c00 f03f 8815 0840 0000 803f 0000 803f  ,..?...@...?...?
27352,27353c27352,27353
< 0006ad70: 6458 0d40 c40c 803f d801 803f dc09 803f  dX.@...?...?...?
< 0006ad80: 580c 803f 500c 803f c80c 803f 95f4 413f  X..?P..?...?..A?
---
> 0006ad70: 6458 0d40 fc8a fc3f 1080 fc3f 1488 fc3f  dX.@...?...?...?
> 0006ad80: 908a fc3f 888a fc3f 008b fc3f 95f4 413f  ...?...?...?..A?
27356c27356
< 0006adb0: 81f4 413f 26f6 413f 0c13 803f ecf7 413f  ..A?&.A?...?..A?
---
> 0006adb0: 81f4 413f 26f6 413f 4491 fc3f ecf7 413f  ..A?&.A?D..?..A?
27358c27358
< 0006add0: 7074 1040 780f 803f 9bf4 413f a0f7 413f  pt.@x..?..A?..A?

... and the diff goes on...

This wallet has different version of firmwares. We just tried the BLE-Enabled firmware, But the diff shows there are some differences between our build and the provided firmware. We are still investigating the problem here with Blockstream. So for now it’s not reproducible.

Update 2022-03-08: On March 3rd version 0.1.33 was released. If you are running version 0.1.32 which was released December 23rd, you might or might not be able to verify what you are updating to, depending on the companion app being updated, too or not. Check this issue for details.

Update 2021-11-02: We are in touch with the provider and while the firmware was updated two weeks ago already, their latest comment on the issue was a day after the last release, so we assume the problem persists.

Original Analysis

Blockstream Jade is one of the newer hardware wallets but provided by Blockstream which is a very well known player in this space.

On the product website, the Blockstream Jade is advertised as

The first purpose-built hardware wallet for Liquid.
Blockstream Jade is a purely open-source hardware wallet for the storage of bitcoin and Liquid assets.

Liquid is a sidechain developed by Blockstream, mostly used for quick settlement between centralized exchanges with some advanced features like “confidential transactions”.

This hardware wallet works with Green: Bitcoin Wallet    and its iPhone and desktop counterparts as its companion app.

The provider makes no claims about the firmware being reproducible and neither can we find the binaries for download. Given the companion app does have a good track record of being reproducible, we assume this issue to be resolved quickly and being more about documentation but as with half an hour of searching we could not find the answers to these questions:

  • Where can I download the firmware binary?
  • Does the Jade display the binary’s hash prior to installation?

the firmware of this device is currently not verifiable.

Code and Reproducible Builds

So as we learned in this issue, the provider doesn’t easily offer the firmware for download but we came up with a convenient script to download the latest version. As there are two slightly different versions of the Blockstream Jade and the firmware comes in two flavors - with or without radio - this script downloads four firmware binaries:

withoutWheel="jade1.1"
withWheel="jade"
for model in $withoutWheel $withWheel; do
	files=$( wget --output-document=- https://jadefw.blockstream.com/bin/$model/index.json | jq '.stable.full[].filename' --raw-output )
	for file in $files; do
		wget https://jadefw.blockstream.com/bin/$model/$file
	done
done

So we have something to check. On to compilation:

As always we prefer compilation in containers, so we go with the Use docker instructions:

$ git clone --recursive https://github.com/Blockstream/Jade.git
$ cd Jade
$ docker-compose up -d
$ docker-compose exec dev bash

From here, the Build the firmware part should work, right?

root@5d8f6ff15ec2:/jade# git clone --recursive https://github.com/Blockstream/Jade.git $HOME/jade
root@5d8f6ff15ec2:/jade# cd $HOME/jade
root@5d8f6ff15ec2:~/jade# cp configs/sdkconfig_jade.defaults sdkconfig.defaults
root@5d8f6ff15ec2:~/jade# idf.py flash monitor
...
-- Configuring done
-- Generating done
-- Build files have been written to: /root/jade/build
Serial port /dev/ttyS0
Connecting.......................
/dev/ttyS0 failed to connect: Failed to connect to Espressif device: No serial data received.
For troubleshooting steps visit: https://github.com/espressif/esptool#troubleshooting
No serial ports found. Connect a device, or use '-p PORT' option to set a specific port.
root@5d8f6ff15ec2:~/jade#

The error doesn’t come as a surprise as we have no Blockstream Jade connected. But -- Build files have been written to: /root/jade/build looks promising.

Sadly this is “Build files” not “Built files”. None of the 769 files contains “firmware” and the two “.bin” files “build/CMakeFiles/3.18.4/CMakeDetermineCompilerABI_C*.bin” don’t look promising neither.

So what’s probably going on is that the above command idf.py flash monitor would determine the configuration of a connected Blockstream Jade to then compile exactly for this device.

Under Build configurations they explain:

The menuconfig tool can also be used to adjust the build settings.

idf.py menuconfig

Running this command, we get a huge menu with tons of sub-menus allowing to configure what exactly to compile which is where we give up for now and hope to get easy steps on how to reproduce exactly the four files we downloaded above. In the mean time, this remains not verifiable for us.

Tests performed by Matthew Lamb, Leo Wandersleb

Previous application build tests

29th June 2023 0.1.48  
7th August 2022 0.1.33  

Disclaimer

Our Analysis is not a full code review! We plan to make code reviews available in the future but even then it will never be a stamp of approval but rather a list of incidents and questionable coding practice. Nasa sends probes to space that crash due to software bugs despite a huge budget and stringent scrutiny.

Do your own research

In addition to reading our analysis, it is important to do your own checks. Before transferring any bitcoin to your wallet, look up reviews for the wallet you want to use. They should be easy to find. If they aren't, that itself is a reason to be extra careful.