Building Your Own PiTrezor, Specter DIY, SeedSigner and Bowser Wallet
There are two important categories of DIY hardware wallets that you can build from general-purpose electronic devices: the ones that run a ported firmware (a group of coders make a well-tested software available on more common hardware), and the ones that run original code.
Both of them are fairly easy to build and have very few moving parts that you need to put together. But from the get-go, you should understand the tradeoffs: a project like PiTrezor might be a convenient port which allows you to run the most tested hardware wallet software on a Raspberry Pi, but it doesn’t mean that the port itself is vetted by security professionals or maintained to include the latest updates from Trezor. Conversely, a project like SeedSigner or Specter DIY might be original and open source, but this doesn’t mean that many experts have verified the code either.
This is why the recommendation regarding these devices that you can build yourself is to check the code or pay a professional to do it for you. If you’re going to use DIY hardware wallets to protect large amounts of bitcoin, then it’s better to take the multisig part. If each device is nothing but a key to your coins and there is no single point of failure that can make you lose your funds, then it’s generally safer to use something with a higher risk profile).
At this point, we should ask two very important questions: first of all, why build a DIY hardware wallet at all if the security is questionable? Well, some of the two best arguments include your ability to survive political authoritarianism, and the avoidance of supply chain attacks. Something that you build yourself from common parts is going to help you maintain your privacy and plausible deniability in relation to your government – and the delivery company won’t know what you’re up to either.
The other important question that we should ask at this point is: will your DIY hardware wallet work with Wasabi? Well, the answer depends on the hardware wallet model. Something like PiTrezor should work as it’s essentially the Trezor firmware on a different and more accessible system. Specter DIY and Bowser ought to also work since they use standards included in the HWI and PSBT standard specifications. In the case of the SeedSigner, single sig setups are still on the roadmap for development; therefore, Wasabi compatibility will have to wait for a little while.
Once again, these open source DIY hardware wallets are still in an early phase of development and mostly recommended in multisig setups. Don’t take reckless risks with your bitcoins. If you’re a hardware wallet hobbyist or an individual who’s trying to gain financial sovereignty in an authoritarian environment, consider creating more elaborate setups which don’t rely too much on a single device – even if this means that you’re going to do a Shamir backup or multisig setup that isn’t compatible with the Wasabi software.
After having presented the warnings, let’s take a look at the four DIY hardware wallets in order to determine the costs, the difficulty, and the complexity of the task.
Building your own PiTrezor
A rule of thumb in security is to follow the most tested path. This way, you know more about the experiences of others and have a better understanding of all the tradeoffs involved. And since Trezor has been around since 2014 and the code has been under constant scrutiny since inception, it’s pretty safe to assume that the firmware works well and has constantly been hardened by disclosures.
PiTrezor is a port of the original code, which makes the STM32F10XRXT6-optimized firmware run on the more common and popular Raspberry Pi Zero. You can buy a Pi for virtually everything, from video game emulation to IoT experimentation, robotics and Tor relays. Also, the Raspberry Pi Zero only costs $5 and is among the most accessible mini-computers in terms of both price and the ability to find one in every corner of the world. Compared to the default Trezor microcontroller, the Pi Zero is a lot more popular and it’s easier to source compatible accessories.
Furthermore, the PiTrezor port also works on the Raspberry Pi 4 – the more powerful device which is mostly used by individual Bitcoin node operators. One major advantage of these devices is that they come with full USB ports which allow you to connect your keyboard to use as inputs. This means that you don’t need to worry about finding buttons that fit to some kind of enclosure, as you have the option to operate the PiTrezor with a peripheral you already have.
Therefore, the process is a lot easier and requires no soldering or parts assembly if you run PiTrezor on a Raspberry Pi 4. However, the costs are higher by about $30. For the entire guide go to the PiTrezor website.
Now let’s talk about the parts and costs. There are two versions of the Raspberry Pi Zero, and you should get the more affordable one which has no bluetooth and WiFi. Not only because these ports are useless, but that they can represent extra attack vectors to break the device or extract information. Although the PiTrezor maintainer suggests that the Zero W is just as secure because the firmware has no drivers loaded for the communication ports, a competent hacker can still exploit them if he gains physical access. Hence, for security and money-saving purposes, it’s better to purchase the basic $5 Pi Zero.
Other parts include an SD card larger than 100 MB (basically any that you’ll find nowadays for a couple dollars), a micro-USB to USB cable (about 1 dollar), a mini HDMI cable which connects to a monitor, TV or dedicated screen (costs about $3 assuming that you already have a monitor or TV), two push buttons that are compatible with the Raspberry Pi (about 2 dollars and you only need them for the Pi Zero configuration, as the Pi 4 can make use of your USB keyboard) and some wires to solder the buttons to the board (roughly 1 dollar). Optional parts include a dedicated screen which is useful for portability reasons, and an enclosure which protects the board and circuits from dust, physical damage and other factors.
Assuming that you pay 5 dollars for the Raspberry Pi Zero and 9-10 dollars for the remaining parts, we’ll conclude that building the most basic yet electronically-demanding version of the PiTrezor will cost you about $15. Keep in mind that the screen, the enclosure, the soldering iron and the shipping of all these parts are not taken into account and can easily double the costs.
If you take the Raspberry Pi 4 route, you’re going to only need the $35 device (go for the entry-level 2 GB model, you’re not going to need that much memory for a Trezor), the 2 dollar SD card and the micro-USB to USB and mini-HDMI male to HDMI female cables. These should cost about 6 dollars. And while the approximated total of 41 dollars might sound like it’s pretty expensive, at least you don’t need to do any wire soldering and it doesn’t require any special equipment for this task. You flash the firmware on the SD card, plug the Raspberry Pi to a power outlet, connect the external video port to your HDMI-compatible monitor or TV screen (anything newer than 10 years has it), and use your USB keyboard as input. It’s pretty geeky, but somebody living in a place where Trezor hardware wallets have no official distribution is going to really enjoy the power of DIY sovereignty.
Before we move on to the next part, here’s another reminder that while the PiTrezor code is open source and basically a port of the official Trezor release, you should be cautious and avoid putting too many coins into this device without properly verifying the code. The safest way to use a PiTrezor is to make it one of your multisig devices, so there is no single point of failure. But you should always be cautious as Trezor CEO Marek “Slush” Palatinus said in S4 E8 of the Bitcoin Takeover Podcast, there are around 40 Trezor clones worldwide and their modified code doesn’t always get the scrutiny that it should.
Building your own Specter DIY
Specter creator Stepan Snigirev has started an entire DIY revolution in the Bitcoin hardware wallet space. Thanks to his micro-bitcoin and micro-arduino projects, low-powered devices are now able to run a lightweight version of the Bitcoin client. Most remarkably, he has created a hardware wallet which can be built using off the shelf parts which runs non-Trezor code. While every commercial secure key management electronic device, from KeepKey to Coldcard and Foundation Devices Passport makes use of Trezor’s open-source firmware in some capacity, the Specter DIY dares to be different.
To build your own Specter DIY, you only need an STM32F469I-DISCO developer board that you can buy for about $62, as well as a 1 dollar mini USB and a 1 dollar micro USB cable (both of which you most likely already have from phones or other hardware wallets). The device itself has everything you need, from touchscreen input to flash memory that you use to install the Specter firmware. So it’s an all-in-one solution, which at best, only requires an enclosure to keep dust away.
Today, lots of Bitcoin power users build their own Specter DIY hardware wallet to avoid supply chain attacks. But since the code is not as vetted as Trezor’s and may have vulnerabilities that weren’t discovered thus far due to a lack of incentives (the Specter DIY is still a niche product that is hard to find and the reward for cracking the code doesn’t match Trezor’s bounty program), it’s best to keep the device for multisig. This is exactly what the developers of Specter recommend: they see their DIY project as something that’s complimentary to other hardware wallets. You can still use it as a single-sig device, but the use case where it shines is multisig.
One recommendation for the Specter DIY is that you also purchase an additional barcode scanner module which costs $40. It will make the device more usable in an air gapped way, as you can scan QR codes and confirm transactions without connecting your device to a computer. Additionally, you can make the Specter DIY self-contained with a battery. The complete assembly instructions are available in the project’s GitHub repository. Furthermore, you will also find a video tutorial on YouTube.
In total, the Specter DIY should cost anywhere from 64 to 120 dollars to build. And if you also want an enclosure, you can either 3D print it according to specifications or else purchase it from a professional like Richard from the Czech Republic (not a direct endorsement, but I did buy my cases from him). This may sound like the Specter is an expensive device, but if you buy it pre-built then it’s going to cost you 350 euros (414 dollars) for a full-featured enclosure 60 euros (71 dollars) to also have the STM32F-469I-DISCO board attached. So it’s definitely better to pay 150 dollars for a full-featured device that you build yourself from parts that you source from different vendors than to spend $485 on the Specter Shield.
To better understand the scope and purpose of the Specter DIY project, listen to Stepan Snigirev offer all the explanations in S8 E11 of the Bitcoin Takeover podcast.
Building your own SeedSigner
The SeedSigner is a simplified fork of the Specter DIY, which replaces the development board touch screen experience with the powerful affordability of the Raspberry Pi Zero. Its main goal is to offer a powerful device that anyone can build for approximately $50.
Unlike the Specter DIY, the SeedSigner is currently only optimized for multisig xpub generation and makes use of a more traditional layout with physical buttons. The main drawback of this design is that some soldering is required to put together the device. But since it relies on the popular Raspberry Pi architecture, one can easily buy GPIO hammer headers (which cost $7) to avoid all the hassle.
To assemble a SeedSigner, you need a Raspberry Pi Zero computer (once again, the 5 dollar basic version without the WiFi and bluetooth is recommended), a 1.3 inch square LCD screen with a resolution of 240×240 pixels (which costs about $14) and a camera that’s compatible with the Pi Zero system (the recommended model is the AuviPal 5MP 1080p, which is currently out of stock but should cost around 20 dollars).
The SeedSigner lead developer has also open sourced the specifications for the enclosure, so that anyone with a 3D printer can create their own. This is bad news for people who don’t have access to 3D printing, especially due to the fact that the input requires physical buttons that come with the case. However, there are vendors and hobbyists (again, like Richard from the Czech Republic) who will 3D print cases for about $20.
So while the electronics required to build a SeedSigner cost around $39 (below the 50 dollar goal), you’re going to spend slightly more to have the full experience. Nevertheless, putting together a SeedSigner is more affordable than the Specter DIY from which it borrows the code.
Speaking of the code, once you assemble the hardware you’re going to need an SD card and you must also type in a few commands on an external keyboard. The complete guide makes it simple to follow, so even if you don’t understand what you’re doing you will successfully set up the SeedSigner.
You should also keep in mind that the SeedSigner is an air gapped device which is optimized to work with multisig-friendly wallets such as Specter Desktop, Sparrow, and BlueWallet. So you won’t be able to access it from Wasabi Wallet until single sig support gets added for PSBT setups. At the moment, it is still a geeky DIY project that casual users won’t find too friendly or accessible. But thanks to community contributions, it’s quickly improving.
Building your own Bowser wallet
Created by Ben Arc, the Bowser wallet is an even more simplified fork of the Specter DIY. All you have to do in order to build this hardware wallet is to buy a $40 M5Stack ESP32 Basic Core and install the firmware with a micro-SD card.
This means that the Bowser wallet is by far the most inexpensive and simple to configure DIY hardware wallet. You even get a full step by step YouTube guide which helps you along the way. However, there are a couple of geeky quirks that you should consider: first of all, the hardware wallet also works as a video game system which runs a stylized version of Tetris. This is great for plausible deniability, as nobody will guess that the generic-looking device in your hands is also a Bitcoin device – which is very useful for people who seek to maximize their privacy in places that may be hostile to the idea of financial sovereignty.
Secondly, the Bowser wallet makes use of Morse code for input. This is by far the geekiest feature in any hardware wallet, as you must either carry a sheet of paper which tells you how to type every letter of the alphabet or memorize the code. Once again, since most people have no idea how Morse code works (and may even mistake it for Braille) this is excellent for privacy. But the feature effectively makes the device harder to use even by the hardware wallet owners, so depending on your threat model you should assess to which extent you need this extra complexity.
The Bowser hardware wallet is a pretty cypherpunk device as it mixes the privacy of video games and Morse code with the convenience of using a compact general-purpose computer. You can dispose of the unit at any moment and get a new one – just make sure that you have your backup in a safe place.
Currently, Bowser is designed to work with Electrum wallet and makes use of the PSBT standard to sign transactions. This means that it should also work with Wasabi Wallet, so long as you use the options associated with the Coldcard Wallet.
For more information and in order to better understand what the Bowser wallet is, listen to Ben Arc on S8 E9 of the Bitcoin Takeover podcast.