Skip to content

Version 24.11.0

Compare
Choose a tag to compare
@odudex odudex released this 11 Nov 19:28
8b00482

This release contains a new experimental tamper detection tool, Japanese Translation and other reliability improvements. Here's an in-depth review of the key updates:

Changes

Tamper Check Flash Hash and Tamper Check Code (Experimental)

The Tamper Check Flash Hash (TC Flash Hash) feature verifies the integrity of the device's flash memory by generating a unique tamper indicator that relies on hash properties. After setting up a Tamper Check Code (TC Code), this check can be performed at every boot or manually via Tools -> Flash Tools. The TC Code is a key component, required to execute the verification and detect unauthorized changes to the device's memory. Users can also fill unused memory blocks with camera-generated entropy to further mitigate tampering attempts.

Flash Map

Flash Map is an auxiliary tool that allows users to visualize the regions of the device's memory that are empty. This helps users verify the results of actions such as:

  • Wiping the device's memory
  • Erasing the user's area
  • Saving settings and encrypted mnemonics
  • Filling empty blocks with camera-generated entropy

Japanese Translation

Japanese translation has been added.

BIP85: Allow Export Base64 Passwords

In addition to BIP39 Mnemonics, users can now derive Base64 passwords from their keys. These passwords, which can be used in standard logins, can be noted down, saved to an SD card, or exported as a QR code.

Vulnerability Fix: Block Import of Python Modules from SD Card

A feature of MicroPython, commonly used for general-purpose development, is the ability to run Python code directly from an SD card. However, with the recent implementation of tamper detection tools, this behavior is now considered a vulnerability. It was discovered that MicroPython would prioritize importing .mpy (Python frozen modules) from an SD card before checking the internal flash, which could be exploited to run unintended code from the SD card. To address this, a block has been implemented in MicroPython to prevent running any code from the SD card, enhancing the overall security of the device.

Add Compatibility to Partial Text Mnemonic QR Codes

Partial Text Mnemonic QR Codes, like Coldcard's backups, where mnemonics words are cropped and contain only the first 3 or 4 letters, are now auto-completed and loaded.

Multi-keypad Position Indicator

An indicator has been added to the bottom of keypads to help users identify the keypad index while swiping between them.

WonderMV Simulator

Computer simulator for WonderMV device has been added.

Krux Ethos

Guidelines have been created to assist with decision-making regarding the Krux project's interactions with contributors, users, and businesses that may create products or services related to Krux.

Minor Bugfixes and Refactors

Several code improvements for better reliability and efficiency.

Krux Community

Special thanks to:
@jdlcdl for consistent contributions as code, insights and reviews of all new features and improvements.
@tadeubas for the contributions, insights, reviews, and the discovery on frozen modules import from SD cards behavior, crucial TC Flash Hash solution to work.
@qlrd for constant improvements on Krux-Installer, which can now aid on air-gapped firmware updates.
@3rdIteration for the precious insights on TC Flash Hash possible vulnerabilities.
@BitCoisas for the Japanese translation.
@kkdao for spreading the word about Krux around the world.
Krux community for the great ideas, tests and feedback.