Check hardware integrity - marseausylvius/Ledger-Device-Fixes-and-Solutions GitHub Wiki

All Ledger devices pass the genuine check during the onboarding process and then each time when they connect to My Ledger in Ledger Live. Genuine Ledger devices hold a secret key that is set during manufacture. Only a genuine Ledger device can use its key to provide the cryptographic proof required to connect with Ledger’s secure server.

Please download the last update of Ledger Live Application:

1.Ledger Live for Windows 10/11

2.Ledger Live for MAC

3.Ledger Live for Android

Did you know?

After completing the setup in Ledger Live, you can re-run the genuine check again at any time. Simply connect your Ledger device to the ‘My Ledger‘ section within Ledger Live. Each time you connect, a silent genuine check will automatically run, similar to the initial check during setup. Alternatively, you can initiate a genuine check for any existing or new Ledger device after Ledger Live has been set up by navigating to SettingsHelpDevice setup in Ledger Live.

Advanced users additionally can check the hardware integrity of the Ledger device to check that it has not been tampered with. This article contains detailed technical information about the security of your device. 

Important notice

  • Please note that opening your Ledger device will void the warranty.
  • Once opened, your Ledger device will no longer be refundable or exchangeable.
  • Additionally, handling an exposed circuit board without taking the proper precautions could result in permanent damage caused by electrostatic discharge (ESD). You can learn more about ESD and the proper precautions to take here.

Ledger Stax / Ledger Flex / Ledger Nano X / Ledger Nano S Plus / Ledger Nano S

Important notice

Ledger Stax is not designed to be opened. Attempting to disassemble the device can cause visible damage and make reassembly very difficult. You can inspect the back cover for damage to see if the device has been previously opened but it is strongly advised not to open the device yourself.

Microcontroller (MCU)

You can open the device to verify that no additional chip has been added, compared with the images below, and that the MCU is an STM32WB35.

Hardware revisions

(Front of the PCB)

(Back of the PCB)

Secure Element attestation

The Secure Element itself is personalized at the factory with an attestation proving that it has been manufactured by Ledger. You can verify it by running:

pip install ledgerblue

python -m ledgerblue.checkGenuineRemote --targetId 0x33200004

The source code is available here.

Application verification

When opening an application, a Non Genuine warning is displayed if the app has not been signed by Ledger.