Skip to content
Browse files
Changes for 3.0.6
  • Loading branch information
doc-hex committed Dec 19, 2019
1 parent 38c822e commit 55f7cfd8ff6223a8f2a119519de2ee3c969bc06f
Show file tree
Hide file tree
Showing 18 changed files with 572 additions and 94 deletions.
@@ -63,6 +63,8 @@
- we always store xpubs in BIP32 format, although we can read SLIP132 format (Ypub/Zpub/etc)
- if XPUB values are in the PSBT, we assume it's going to be a multisig transaction signing, so
there must be an unsigned input with M-of-N script
- change outputs (indicated with paths, scripts in output section) must correspond to
the active multisig wallet, and cannot be used to describe an unrelated (multisig) wallet.

# SIGHASH types

@@ -1,4 +1,18 @@
- Bugfix: need blank line between addresses shown if sending to multiple destinations.
## 3.0.6 - Dec 19, 2019

- Security Bugfix: Fixed a multisig PSBT-tampering issue, that could allow a MitM to
steal funds. Please upgrade ASAP.
- Enhancement: Sign a text file from MicroSD. Input file must have extension .TXT and
contain a single line of text. Signing key subpath can also provided on the second line.
- Enhancement: Now shows the change outputs of the transaction during signing
process. This additional data can be ignored, but it is useful for those who
wish to verify all parts of the new transaction.
- Enhancement: PSBT files on MicroSD can now be provided in base64 or hex encodings. Resulting
(signed) PSBT will be written in same encoding as the input PSBT.
- Bugfix: crashed on entry into the Address Explorer (some users, sometimes).
- Bugfix: add blank line between addresses shown if sending to multiple destinations.
- Bugfix: multisig outputs were not checked to see if they are change (would have been
shown as regular outputs), if the PSBT did not have XPUB data in globals section.

## 3.0.5 - Nov 25, 2019

@@ -1076,7 +1076,14 @@ def is_psbt(filename):
return False

with open(filename, 'rb') as fd:
return == b'psbt\xff'
taste =
if taste[0:5] == b'psbt\xff':
return True
if taste[0:10] == b'70736274ff': # hex-encoded
return True
if taste[0:6] == b'cHNidP': # base64-encoded
return True
return False

choices = await file_picker(None, suffix='psbt', min_size=50,
max_size=MAX_TXN_LEN, taster=is_psbt)
@@ -1109,6 +1116,29 @@ def is_psbt(filename):
await sign_psbt_file(input_psbt)

async def sign_message_on_sd(*a):
# Menu item: choose a file to be signed (as a short text message)
def is_signable(filename):
if '-signed' in filename.lower():
return False
with open(filename, 'rt') as fd:
lines = fd.readlines()
return (1 <= len(lines) <= 5)

fn = await file_picker('Choose text file to be signed.',
suffix='txt', min_size=2,
max_size=500, taster=is_signable,
none_msg='No suitable files found. Must be one line of text, in a .TXT file, optionally followed by a subkey derivation path on a second line.')

if not fn:

# start the process
from auth import sign_txt_file
await sign_txt_file(fn)

async def pin_changer(_1, _2, item):
# Help them to change pins with appropriate warnings.
# - forcing them to drill-down to get warning about secondary is on purpose

0 comments on commit 55f7cfd

Please sign in to comment.