BitLox Bitcoin Hardware Wallet First ReviewBitLox is now shipping the BitLox bitcoin hardware wallet. The hardware wallet is available cased in aluminum for $199 or titanium for $299. Our review sample came packaged very professionally. Here is what we received:Besides the Bitlox itself you receive two USB cords (short and long), a leather sheath, several cards on which to write down your seed and a printed copy of the user manual. BitLox is fully BIP32 & BIP39 compliant and the only other hardware wallet than Trezor which supports hidden wallets.The BitLox we received was aluminum cased and weighed 37.7 grams. It was the same credit card size as the Case hardware wallet but was 2/3 the thickness of the Case wallet and 5 grams heavier than the plastic Case shown below.Our review unit was very well finished and impressed us as a luxury product.Quick Start GuideBitlox conveniently provided an extra printed quick start guide which we have reprinted here:Connect to USB power &move the switch to “1”Setup a DEVICE PIN (standard/advanced/expert)Automatically format deviceSetup a WALLET PIN for your first walletWrite down the mnemonic list on the card providedChoose USB (press 1, 2 or 3) for connecting to a computer OR Bluetooth (press 4, 5 or 6) for connecting to your MobileQR code shown on the BitLox screen is your first addressREADY!Download the BitLox app from Google Play or the iOS app store for your mobileORGo to bitlox.io/system for links to the Chrome app and the web app.I also received a tip from the developer:A short note, for the Chrome app, you should power on the device, enter the device PIN, choose USB, connect to the computer THEN (after windows hmmm and haws about installing the drivers – though being HID it should go quickly) fire up the app.Be aware that you must use Google Chrome. We confirmed that BitLox will not work with SRWare Iron.Getting Started With Our BitLoxAfter letting the BitLox charge for an hour I followed the quick start instructions. If you are used to using a Trezor realize that even in standard configuration the BitLox bitcoin hardware wallet requires two PINS. The first PIN unlocks the BitLox while the second unlocks your wallet.One thing I noticed was that the keys at the left and right edge of the keyboard had very little action and were hard to push.The instructions are quite complete and I was able to get the Bitlox working with both the Chrome extension and the Android app on my Nexus 6P in short order. Here is a screen shot of the wallet Chrome extension:Using BitLox With TAILS On TorCurrently BitLox is the only bitcoin hardware wallet that can be used with TAILS while connected on Tor. Simply choose USB connection on your BitLox while connected to http://bitlox2twvzwbzpk.onion/bitlox_hardware_wallet/ using the Tor browser in TAILS.TAILS does include the Electrum bitcoin wallet built in but the ability to use a hardware wallet is absent. This functionality may be added to the next 3.0 version of TAILS allowing Trezor to work with Electrum in TAILS. If you need a hardware wallet that works with the current 2.2.1 version of Tails you need to use BitLox.If you do not want to create your own TAILS installation on a USB drive BitLox sells an Extreme Privacy Set that includes a BitLox Ultimate (titanium case) and BitLox Military Grade USB Vault with TAILS preinstalled.ConclusionsThe BitLox bitcoin hardware wallet can be complex to use depending on set up. I recommend new users set up their new BitLox using the simpler standard mode until they are familiar with all the features offered in Advanced and Expert mode.Overall I was pleased with the construction and operation of the BitLox and appreciated the wireless Bluetooth connection to my smartphone.The only criticisms I have concern the keyboard, which I am told is being fixed. Users should be aware that the excellent E-Ink screen can run the battery down if left on, so turn the unit off when not in use. BitLox is not yet open source which may turn away some prospective buyers but we do not consider it a deal breaker. Ledger is not completely open source, for example due to NDA agreements with their secure element suppliers.Veteran users of hardware wallets will appreciate the advanced features available when using Expert mode and the ability to use Tor, i2p and TAILS. BitLox will also appeal to iPhone users as it is the only bitcoin hardware wallet now shipping that works with iPhone. As a plus every BitLox ships with a five year guarantee. Neil B Where is the source code? That’s the most important thing here. John +1 on souce code? and keyboard not yet fixed a month after this review was done? Ive just received my brand new pre opened Bitlox pack yep that’s right pre opened. BitLox If your BitLox was opened in transit, contact us and let’s see what we can do to fix this for you. allegro101 Trezor claims to be completely open source but in reality is not as stellaw points out in this article.Quote: The Trezor is not open-source hardware. It is not easy to make your instance of a Trezor and incorporate your own changes.Ledger has never been open source due to NDAs with their smartcard vendor but buyers do not seem to mind.You can ask a vendor to release the source code but that opens them up to competition from cheap clones and is entirely their own decision.Stellaw only published a tear down review of the BitLox and never followed through with a review of setting up the wallet, sending and receiving transactions, discussion of advanced features that BitLox has that other wallets lack. He seemed to want to cause a promising startup to fail which is complelety out of line in my opinion. Because of a keyboard problem he dismissed BitLox out of hand. Dana Coe The source code for the apps that talk to the device and the blockchain are now open source. Here is the link: https://github.com/BitLox Neil B Where’s the source code for the device? I want to make sure you’re not stealing my private keys.Also, did you know that on https://bitlox.io/system the “open source” link to the command line client written in Go is actually a broken link in so far as it goes to https://bitlox.io/ rather than to some source code? BitLox The device only talks to the apps, you can see everything that is sent in between them. No keys. Neil B So the device has no knowledge of my private keys? What’s the point of having a hardware device at all then?Where can I review the source code that runs on the device? You simply can’t expect me to entrust my money to a device which can be harvesting my private keys for later use. BitLox Perhaps I was not clear. When you use a BitLox, the private keys are generated on the BitLox itself and never leave. Neil B Just like a Trezor. I understand perfectly thanks. Now what I would like you to tell me is how I can build my own firmware from the device’s source code to ensure that you are not stealing my private keys. Where is that source code?You seem to be evading my direct questions for some reason.Where is the source code for the device?Can I build the source code myself and reprogram the device?If not, can you explain how I can trust you? BitLox Sorry, to be direct: at this time the source code for the device itself is not available. You can inspect the data stream to and from the device and the signatures sent by the device to the apps to ensure that the device only does what it claims to do. Neil B So you could send encrypted keys (such that I can’t identify them in a data stream) off the device and steal my money that way? When do you plan to release the source code of the hardware?“How can I trust that you are not stealing my keys?” is the very first question a hardware wallet must address. Telling me that I must permanently inspect all data leaving the device renders it useless.I hope my questions don’t come across as aggressive- it seems reasonable to me that I effect due diligence on a device I want to store a substantial amount of money on. So far you have told me that there seems to be no way to trust the device. BitLox If you grab the source for the apps, you can see exactly what the device does. I’ll do a quick synopsis: When you turn on the device , it asks for a PIN. This is for the device itself, you enter it on the keypad. Then you choose the communication method (also on the device) USB or Bluetooth. Then the device sits and waits for instructions. One then turns on one of the apps, and queries the device for a listing of wallets. [the commands are in the app] The device returns a list of the (non-hidden) wallets If you want to open a wallet, you send a command to the device such as “open wallet #1” When the device receives this command, it displays on the built in screen a “WALLET PIN:” query. One then enters the PIN for that particular wallet, and the device initializes the wallet, returning an the xpub for that particular wallet. The app iterates through the addresses it derives, and displays a balance. If you want to send funds, you tell the app how much and to where. The apps then construct a standard unsigned bitcoin transaction, and then adds the source transactions’ raw hex and the header for “sign transaction” and what index of the HD wallet being used is going to be the change address. This raw transaction is sent to the device. When the device receives the data, it parses the transaction (the originating transactions are used to calculate the fee) The device displays each output (except for change going back to itself) and asks the user if they want to send XX BTC to 1XXXXX address. Finally it asks for confirmation of the calculated fee. If the user agrees, it signs the transaction. Now, it sends back to the apps just the necessary signatures. These will be inserted into the original unsigned transaction replacing the placeholders for the ScriptSigs. It is now a signed transaction. NOTE, in the expert mode of the apps, you can see and inspect the hex before it goes anywhere. Even before you send it to the device. The return transaction can be copied and pasted to check with any online decoding tool, or with a local Bitcoin-qt (in console “decoderawtransaction the_returned_hex_code” will show exactly what is being transacted.)In essence, that’s all it does. Once it has built the transaction (from external blockchain data obviously) you could actually disconnect from the Internet, sign the transaction, copy/paste the results, power off the BitLox, close all the apps, and check the transaction elsewhere. It can easily be propagated via “sendrawtransaction HEXCODE” or any online service. Any more questions, I’ll be happy to answer! Neil B I’m not asking how it works. I am asking you to tell me how I can trust you. It seems like you are having difficulty understanding the question.Please don’t tell me any more how it works. I want to inspect the source code. Otherwise I cannot trust you. BitLox You don’t have to trust me. I understand your issue. You can inspect the source code for the apps to see exactly what is happening when the device is talked to. At this time we are not releasing the device firmware. Thank you for your patience with my long-winded answer. Neil B I do have to trust you – I have no idea what your code is doing on the device. I MUST trust you.Right now this means I cannot use your device, because I cannot trust you and you have not explained how I can trust you.When do you plan to release the source code? BitLox I’ll fix the link for the Go code on the site ASAP, here it is now: https://github.com/BitLox/go-cli It’s highly experimental, but you’re welcome to try it out. Neil B http://www.stellaw.info/blog/2016/2/12/bitlox-first-impressions-and-teardown has a review of this device.“I wouldn’t use a Bitlox.There are several reasons, but the first reason trumps all others, and that’s because it is not open source. The firmware is not available, and even after ripping one apart, I still do not know what hardware makes it tick. I’ll get back to that in a moment.Any closed source hardware/software wallet is a non-starter for me (and should be for you). If I’m interested in Bitcoin enough to purchase a dedicated device to store them, then I likely care about Bitcoin’s open-source nature. Unreproducable solutions need not apply. Open source money wants to live in open source hardware.”As you can see in this discussion I have repeatedly asked the company for the source code and repeatedly been ignored.