Proof-of-concept exploit for the Ledger Nano S that hides the non-genuine user interface confirmation. Intentionally unreliable to avoid weaponization.

It should be trivial to adapt to the Ledger Blue.

More information

1. Set up the ARM toolchain

2. Build the modified application (nanos-131 is for firmware 1.3.1)

git clone https://github.com/LedgerHQ/nanos-ui.git -b nanos-131
cd nanos-ui
git apply ../backdoor-recovery-seed-generation.patch
make

3. Turn on the Ledger Nano S with the right button held until "Recovery" is displayed

4. Install the modified application

make load

5. (To remove the modified application)

make delete

1. Set up the ARM toolchain

2. Turn on the Ledger Nano S with the left button held until "Bootloader" is displayed

3. Build and install the modified firmware

make vendor
make load

4. (To restore the official firmware)

make delete