"Cypherpunks write code. We know that someone has to write software to defend privacy,
and since we can't get privacy unless we all do, we're going to write it."
A Cypherpunk's Manifesto - Eric Hughes - 9 March 1993
...and Cypherpunks do build their own Bitcoin Hardware Wallets.
The idea of the project is to build a hardware wallet from off-the-shelf components. Even though we have an extension board that puts everything in a nice form-factor and helps you to avoid any soldering, we will continue supporting and maintaining compatibility with standard components.
We also want to keep the project flexible such that it can work on any other set of components with minimal changes. Maybe you want to make a hardware wallet on a different architecture (RISC-V?), with an audio modem as a communication channel - you should be able to do it. It should be easy to add or change functionality of Specter and we try to abstract logical modules as much as we can.
QR codes are a default way for Specter to communicate with the host. QR codes are pretty convenient and allow the user to be in control of the data transmission - every QR code has a very limited capacity and communication happens unidirectionally. And it's airgapped - you don't need to connect the wallet to the computer at any time.
For secret storage we support agnostic mode (wallet forgets all secrets when turned off), reckless mode (stores secrets in flash of the application microcontroller) and secure element integration is coming soon.
Our main focus is multisignature setup with other hardware wallets, but wallet can also work as a single signer. We try to make it compatible with Bitcoin Core where we can - PSBT for unsigned transactions, wallet descriptors for importing/exporting multisig wallets. To communicate with Bitcoin Core easier we are also working on Specter Desktop app - a small python flask server talking to your Bitcoin Core node.
The project has significantly matured, to the extent that the security level of Specter-DIY is now comparable to commercial hardware wallets on the market. We implemented a secure bootloader that verifies firmware upgrades, so you can be sure that only signed firmware can be uploaded to the device after initial setup. However, unlike with commercial signing devices the bootloader has to be installed manually by the user and is not set in the factory of the device vendor. Thus, pay extra attention during the initial firmware installation and make sure you verified PGP signatures and flash the firmware from a secure computer.
If something doesn't work open an issue here or ask a question in our Telegram group.
All the docs are stored in the
shopping.mdexplains what to buy
assembly.mdshows how to put everything together.
quickstart.mdguides you through the initial steps how to get firmware on the board
reproducible-build.mddescribes how to build the initial firmware and upgrade files with the same hash as in the release using Docker
build.mddescribes how to build the firmware and the simulator yourself
security.mdexplains possible attack vectors and security model of the project
development.mdexplains how to start developing on Specter
simulator.mdshows how to run a simulator on unix/macOS
communication.mddefines communication protocol with the host over QR codes and USB
roadmap.mdexplains what we need to implement before we can consider the wallet be ready to use with real funds.
Specter-Shield documentation and all the files are available in the
Supported networks: Mainnet, Testnet, Regtest, Signet.
USB communication on Linux
You may need to set up udev rules and add yourself to
dialout group. Read more in
Video and screenshots
Check out this video to get an idea how to assemble it and how it works.
Here is a Gallery with devices assembled by the community.
A few pictures of the UI: