Skip to content
Ledger Nano/Blue apps emulator
Objective-C Python C CMake Shell Makefile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
apps init Nov 12, 2019
doc doc: update build.md Nov 13, 2019
mcu
scripts init Nov 12, 2019
sdk init Nov 12, 2019
src Pad secret x/y length to 32 in secp256k1 ecdh Nov 25, 2019
tests
tools init Nov 12, 2019
vnc vnc: winamp: make the skin argument optional Nov 14, 2019
.clang-format init Nov 12, 2019
.dockerignore init Nov 12, 2019
.gitignore init Nov 12, 2019
.gitmodules
CMakeLists.txt Install OpenSSL without man pages Nov 13, 2019
COPYING init Nov 12, 2019
COPYING.LESSER
Dockerfile init Nov 12, 2019
Pipfile init Nov 12, 2019
Pipfile.lock
README.md init Nov 12, 2019
run.sh init Nov 12, 2019
speculos.py speculos.py: fix retrieval of stack address on some apps Nov 25, 2019

README.md

Speculos

screenshot btc nano s

The goal of this project is to emulate Ledger Nano and Ledger Blue apps on standard desktop computers, without any hardware device. More information can be found here:

Usage example: ./speculos.py apps/btc.elf.

Bugs and contributions

Feel free to open issues and create pull requests on this GitHub repository.

Please ensure that tests still pass.

Limitations

The emulator handles only a few syscalls made by common apps; for instance, syscalls related to app install, firmware update or OS info can't be implemented.

There is absolutely no guarantee that apps will have the same behavior on hardware devices and Speculos.

Security

Apps can make arbitrary Linux system calls, thus don't run Speculos on untrusted apps.

It's worth noting that the syscall implementation (src/) doesn't expect malicious input. By the way, in Speculos, there is no privilege separation between the app and the syscalls. This doesn't reflect the security of the firmware on hardware devices where app and OS isolation is enforced.

Speculos is not part of Ledger bug bounty program.

You can’t perform that action at this time.