Ledger MCU Backdoor
Proof-of-concept exploit for the Ledger Nano S that hides the non-genuine user interface confirmation. Intentionally unreliable to avoid weaponization.
It should be trivial to adapt to the Ledger Blue.
Install UX application
Build the modified application (
nanos-131is for firmware 1.3.1)
git clone https://github.com/LedgerHQ/nanos-ui.git -b nanos-131 cd nanos-ui git apply ../backdoor-recovery-seed-generation.patch make
Turn on the Ledger Nano S with the right button held until "Recovery" is displayed
Install the modified application
- (To remove the modified application)
Install MCU firmware
Turn on the Ledger Nano S with the left button held until "Bootloader" is displayed
Build and install the modified firmware
make vendor make load
- (To restore the official firmware)