Robustness and Reliability testing via Raw Transactions tab #25
Description
Task: Use the Raw Transactions tab in the SimpleGUIWallet to explore how Nano responds to manipulated or corrupted APDU data streams.
What are we looking for:
-
Invalid APDU data streams should fail "safely". Ideally they should also fail "cleanly" (not freezing the Nano necessitating unplugging it, and returning a useful exception code to allow the user to know that an error occurred in the APDU stream), but at a minimum should fail "safely" (i.e., the Nano should NOT return a signature or allow the user to confirm an invalid Tx).
-
Is it possible to construct an APDU that contains more content than is displayed to the user? The Nano software is designed to inform the user of how many operations are in the transaction, and to present the details of each operation on-screen. (Unsupported operations are displayed with a warning, but the user is informed that the operation is there.) Is it possible to break this, by a clever manipulation of the APDU stream, which would allow an attacker with ability to intercept the user's usb to inject an additional operation that would somehow not be displayed to the user?