- Read device information from device. Get the SE version (we will denote this as
se_version
), MCU version (we will denote this asmcu_version
),version
,targetId
, andprovider
- Using HTTP GET, a list of MCU version information from https://manager.api.live.ledger.com/api/mcu_versions. Find the MCU JSON object for your
mcu_version
, thename
field will match themcu_version
from your device. Extract theid
(we will denote this asmcu_id
). - Using HTTP POST, get information from https://manager.api.live.ledger.com/api/get_device_version. In the POST body, send:
provider:<provider>
target_id:<targetId>
From the response, extract id
.
- Using HTTP POST, get information about the current firmware version from https://manager.api.live.ledger.com/api/get_firmware_version. In the POST body:
device_version:<id>
version_name:<version>
provider:<provider>
From the response, extract id
, we will denote this as id2
.
- Using HTTP POST, get the information about the latest firmware version from https://manager.api.live.ledger.com/api/get_latest_firmware?livecommonversion=7.10.0-959cfdaf (note that for some reason the URL parameter is required). In the POST Body:
current_se_firmware_final_version:<id2>
device_version:<id>
provider:<provider>
From the response, extract next_se_firmware_final_version
(denoted as new_id
), firmware
(we will denote as firmware_osu
), firmware_key
(we will denote as firmware_key_osu
), and perso
(we will denote as perso_osu
).
-
Using HTTP GET, get the information for the latest firmware version from
https://manager.api.live.ledger.com/api/firmware_final_versions/<new_id>
. From the response, extractmcu_versions
,firmware
,firmware_key
, andperso
. -
Install the OSU firmware by connecting to the Websocket Server
wss://api.ledgerwallet.com/update/install?targetId=<targetId>&firmware=<firmware_osu>&firmwareKey=<firmware_key_osu>&perso=<perso_osu>
. Extract the data from each server response as a hex encoded APDU command and forward those to the device. From the device, receive APDU responses, wrap them in a similar way to how the server sent data, and return to the server the APDU responses. -
If
mcu_id
is inmcu_versions
, skip to step 10. Otherwise, unplug the device and replug it holding the left button in order to start it in bootloader mode. -
Extract the first item of
mcu_versions
(we denote this item asnew_mcu
) and get the MCU version information using HTTP GET fromhttps://manager.api.live.ledger.com/api/mcu_versions/<new_mcu>
. From the response, extract thename
which we will denote asnew_mcu_name
-
Install the MCU using the same websockets thing done earlier except with the URL
wss://api.ledgerwallet.com/update/mcu?targetId=<targetId>&version=<new_mcu_name>
. -
Lastly, install the final firmware using the websockets method with the URL
wss://api.ledgerwallet.com/update/install?targetId=<targetId>&firmware=<firmware>&firmwareKey=<firmware_key>&perso=<perso>
An all-in-one Python 3 script that does everything and updates a ledger: https://gist.github.com/achow101/16df88551b4e305eb01b4618f6d24239
- OSU = OS Update application
- SE = Secure Element
- MCU = MicroController Unit
2024 version (for now only supports genuine check and installing the Bitcoin app, but could be made to upgrade the firmware too): https://github.com/darosior/ledger_installer. Thanks for your investigation it was helpful.