Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Ledger MCU Backdoor

Proof-of-concept exploit for the Ledger Nano S that hides the non-genuine user interface confirmation. Intentionally unreliable to avoid weaponization.

It should be trivial to adapt to the Ledger Blue.

More information

Install UX application

  1. Set up the ARM toolchain

  2. Build the modified application (nanos-131 is for firmware 1.3.1)

git clone -b nanos-131
cd nanos-ui
git apply ../backdoor-recovery-seed-generation.patch
  1. Turn on the Ledger Nano S with the right button held until "Recovery" is displayed

  2. Install the modified application

make load
  1. (To remove the modified application)
make delete

Install MCU firmware

  1. Set up the ARM toolchain

  2. Turn on the Ledger Nano S with the left button held until "Bootloader" is displayed

  3. Build and install the modified firmware

make vendor
make load
  1. (To restore the official firmware)
make delete