Apex cryptocurrency wallet test - VivoKey Unplugged

It looks like a bug in the status app. I figured out you can get around it by holding your implant to the phone the entire time, even after it’s already logged in. Then once you’re logged in, enable fingerprint login while still keeping your implant pressed against the phone. When you take your implant off, it will give you the error and log you out, but after that you can log in with your fingerprint until they fix the issue

Coming late to the party, I was doing some research lately around the keycard.
So far it seems 3 wallets(which I was able to find) supports it. 2 are more eth oriented - status and walleth - both open sourced and one close sourced - enno wallet(which seems to be supporting btc as well).
edit. I did not tested any of those, but I plan to when I get my apex implanted.

1 Like

Enno is a complete no go if it’s not open source… So at this time there seems to be no wallet for keycard with BTC :confused:

@amal does the Apex with the BIP 32 wallet applet VivoKey release work also with Walleth and Enno Wallet? or it is necessary some update? Thanks

Good question. I don’t use crypto wallets enough to know! Does anyone else know if the status keycard wallet applet will work with these other wallets?

Probably I could be in error, but I suppose that both Walleth and Enno Wallet use the Status Wallet applet.

My supposition is based on the fact the otherwise (in case they use different wallet applets rather than the Status applet) both Walleth and Enno Walleth would have distributed themselves their private label Keycard and would sell directly on their website as a proprietary hardware wallet, instead of mentioning keycard and redirecting on their website.

Probably a simple way to discover it would be scanning a Keycard recently bought to see if it has the only Status applet pre-loaded or also other applets referred to Walleth and Enno Wallet.

Anyway I’m emailing both Walleth and Enno Wallet through their form contact. Once they answer I’ll let you know.

Again: Do not even think about using Enno Wallet. It is closed source. Nobody can see what their code is doing!!

Please correct me if i’m wrong.

1 Like

You’re not wrong. Closed source wallets may be boogietrapped to copy your private key somewhere just in case. Actually if you follow the news recently Ledger announced amazing recovery feature that allows a private key extraction from the secure element of the hardware wallet, because you see people forget their seed phrases and this will help. We lived in a very f**ed up wold.
btw is it possible to extract the private key from an p71 applet, @StarGate01 ? If I update the applet, I guess this nukes the memory sectors and then I have to reseed, right

@r00t @charly this is an important point but it is not the point of my question. The most used hardware wallet in the world is the Ledger and only now they are reasoning about becoming open source. For sure I feel more safe using an open source Wallet platform than a closed source wallet one, but we are talking about integration of Keycard in to Enno Wallet and how you can use it as an hardware wallet with the mobile app. For sure it is possible using Keycard with Enno Wallet since the fact it is mentioned in its website. They do not mention how you can use a keycard, expect for signing crypto transactions, but my interest was in which applets these Wallet have used for the integration. Do they work with the Status applet or both Walleth and Enno Wallet have created their own applet? This was the point of my question.

Slight derailment since I’ve opened the can of worms. Ledger are opensourcing just part of their wallet os because they have NDA with the SE manifacturer. This means thy will never share the full code so you are not able to verify if what they have in the repos and what their live application puts on the wallet are the same thing. You have to blindly trust them. The possibility of exfiltration creates attack surface. Storing private keys in 3rd parties, create huge benefit to whoever succeed penetration, and also gives opportunity to govs to “confiscate” your assets. Anyways, kinda out of scope from your question.
Here you can find the description of the applet https://vivokey.com/apex/

BIP32 Wallet is a VivoKey release of the keycard.tech smart card wallet. You can use this wallet with crypto services like status.im which have integrated the Keycard BIP32 wallet and API.

Long story short the wallet apps use the keycard applet, not their own. If any wallet plays nicely with keycard bip32 implementation, then the vivokey applet should work.
As I stated before I will test those in few weeks.

Edit, seems like I am in some sort of confusion here is the BIP32 Wallet and Unplugged, 2 diff things, or same thing published with diff names, @amal
Second Edit, I got it, Unplugged was a try to resurrect Ledger unplugged, BIP32 wallet is the keycard implementation

@r00t Thanks for explanation. Once you test with Walleth and Enno Wallet let us know. Anyway I’ve e-mailed both Walleth and Enno Wallet through their online form to have confirmation about the fact they use the BIP32 applet.

Okay I had some time to play this morning. Results are mixed. Keycard Implementation of all 3 wallets mentioned above works. I do not see BTC in Enno at all.

@r00t thanks for the information. About NFC features, can you use the Keycard for 2FA login also with Walleth and Enno Wallet?

Let me express my experience.
Status looks like the most user friendly product. Also having the option of 2fa login with the keycard.
Enno looks okay but it’s closed source so it’s a no go. It allows pin or fingerprint logins only.
The one I’ve tested the less was the walleth. It is open source but it looks ugly af. Like someone in high school decided to make a graduation project or something. Last code updates are 2 years ago, issues log on github is massive, so again no go.
Usually when I am choosing a project I am also looking how the code is being handled/updated, so far it seems as Amal mentioned somewhere above, codebase of status is being actively developed/supported.
Since those wallets are made to operate with eth network there is wbtc, in case this is of interest to anyone.
In case Status add real btc support in the future it might become a solution to consider.

1 Like

Thanks for the clear information.

@r00t Ok I have gone deep in the last 2 hours searching for all the Smartcard hardware wallet.

There is something very interesting about Tangem, basically they created something similar to Keycard but integrated with different interesting projects.

https://tangem.com/en/

And it seems to be truly open source (and yes there are already solution to make possible storing on Apex a Bitcoin wallet).

Take a look at them all.

I’m not a big crypto expert to make a right analysis, but my impression is that Tangem is something very powerful and probably under licensing they could allow a reverse engineering of their applet (I could be in error).

This link contain all the Smartcard form factor hardware Wallets.

This link contains all the Hardware Wallets integrated with Tangem.

any link to a potential applet?

I may be wrong but I do not think the applet is accessible, BUT check those two out

and

It really smells like the business model here is to sell the cards(I guess with whatever applet is inside)
Yet another interesting thing is this statement

When you activate Tangem Wallet, the chip in the card generates a random private key which never gets exposed.

also this

Instead of the seed phrase, additional cards are used for backup. That is why Tangem Wallet is sold as a 2 or 3-card set.

Scroll down to this link…
Should find everything here

I find it in the last link posted by me…