The goal of this project is to emulate Ledger Nano S, Nano X and Blue apps on standard desktop computers, without any hardware device. More information can be found here in the documentation website (or in the docs/ folder directly).
./speculos.py apps/btc.elf # ... and open a browser on http://127.0.0.1:5000
Bugs and contributions
Feel free to open issues and create pull requests on this GitHub repository.
master branch is protected to disable force pushing. Contributions should
be made through pull requests, which are reviewed by @LedgerHQ members before
being merged to
- @LedgerHQ members can create branches directly on the repository (if member of a team with write access to the repository)
- External contributors should fork the repository
The emulator handles only a few syscalls made by common apps; for instance, syscalls related to app install, firmware update or OS info can't be implemented.
There is absolutely no guarantee that apps will have the same behavior on hardware devices and Speculos:
- Invalid syscall parameters might throw an exception on a real device while being ignored on Speculos.
- Attempts to perform unaligned accesses when not allowed (eg. dereferencing a misaligned pointer) will cause an alignment fault on a hardware device.
Apps can make arbitrary Linux system calls (and use QEMU semihosting features), thus don't run Speculos on untrusted apps.
It's worth noting that the syscall implementation (
src/) doesn't expect
malicious input. By the way, in Speculos, there is no privilege separation
between the app and the syscalls. This doesn't reflect the security of the
firmware on hardware devices where app and OS isolation is enforced.
Speculos is not part of Ledger bug bounty program.