Support retrieving derivation_path from elf and use it for derivation

Author: nroggeman-ledger

.vscode/settings.json

@@ -11,6 +11,7 @@
         "emulate.h": "c",
         "os.h": "c",
         "os_types.h": "c",
-        "errors.h": "c"
+        "errors.h": "c",
+        "launcher.h": "c"
     }
 }

CHANGELOG.md

@@ -5,11 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [0.25.10] 2025-12-02
+## [0.25.10] 2025-12-04
 
 ### Added
 - Support throwing exceptions from OS (mainly Cx syscalls) like on real devices
 - Support retrieving appflags from elf and use it for derivation
+- Support retrieving derivation_path from elf and use it for derivation
 
 ## [0.25.9] 2025-11-19
 

speculos/main.py

@@ -52,8 +52,11 @@ class ElfInfo:
     shared_ram_addr: int = 0
     shared_ram_size: int = 0
     pic_init_addr: int = 0
+    derivation_path: bytes = b''
 
 
+BOLOS_TAG_DERIVEPATH = 0x04
+
 DEFAULT_SEED = ('glory promote mansion idle axis finger extra february uncover one trip resource lawn turtle enact '
                 'monster seven myth punch hobby comfort wild raise skin')
 
@@ -138,6 +141,38 @@ def get_elf_infos(app_path, use_bagl, args):
         supp_ram_section = elf.get_section_by_name('.rfbss')
         ei.ram_addr, ei.ram_size = \
             (supp_ram_section['sh_addr'], supp_ram_section['sh_size']) if supp_ram_section is not None else (0, 0)
+
+        # look at install_parameters
+        install_parameters = symtab_section.get_symbol_by_name('install_parameters')
+        if install_parameters is not None:
+            sym_addr = install_parameters[0]['st_value']
+            sym_size = install_parameters[0]['st_size']
+            # 2. Get section containing the symbol
+            sec_offset_in_file = text_section['sh_offset']
+            sec_addr_in_memory = text_section['sh_addr']
+
+            # 3. Compute offset of symbol in ELF
+            file_offset = sec_offset_in_file + (sym_addr - sec_addr_in_memory)
+            # 4. Read bytes
+            fp.seek(file_offset)
+            data = fp.read(sym_size)
+            # 5. Parse TLVs to find APP_FLAGS one
+            offset = 0
+            while offset < sym_size:
+                tag = data[offset]
+                offset += 1
+                len = data[offset]
+                offset += 1
+                if len == 0x81:
+                    len = data[offset]
+                    offset += 1
+                elif len == 0x82:
+                    len = int.from_bytes(data[offset: offset + 2], 'big')
+                    offset += 2
+                if tag == BOLOS_TAG_DERIVEPATH:
+                    ei.derivation_path = data[offset: offset + len]
+                offset += len
+
     ei.stack_size = estack - ei.stack_addr
     return ei
 
@@ -272,6 +307,11 @@ def run_qemu(s1: socket.socket, s2: socket.socket, args: argparse.Namespace) ->
         lib_arg += f':{1 if args.load_nvram else 0}'
         lib_arg += f':{1 if args.save_nvram else 0}'
         lib_arg += f':{1 if not use_bagl else 0}'
+        if len(ei.derivation_path) > 0:
+            lib_arg += f':{ei.derivation_path.hex()}'
+        else:
+            # if no derivationèpath found in binary, use 0 to indicate to launcher that it's not valid
+            lib_arg += ':0'
         argv.append(lib_arg)
 
     # for NBGL apps, fonts binary file is mandatory before API Level 23

src/bolos/io/sdk/include/errors.h

@@ -19,6 +19,8 @@
 #if !defined(ERRORS_H)
 #define ERRORS_H
 
+#include "os_errors.h"
+
 /**
  * Applications-reserved error codes ranges.
  * The Operating System do not use any error code within these ranges.
@@ -124,8 +126,6 @@ enum sdk_generic_identifiers {
 #define SWO_IOL_BLE_0C (ERR_IOL_BLE + ERR_GEN_ID_0C) // 0x150C
 #endif                                               // HAVE_BLE
 
-#define SWO_SEC_PIN_15 0x5515
-
 /**
  * The process is successful.
  */

src/bolos/io/sdk/include/os_errors.h

@@ -0,0 +1,210 @@
+#ifndef OS_ERRORS_H
+#define OS_ERRORS_H
+
+#include <stdint.h>
+
+/**
+ * The OS error codes are encoded on two bytes (0xabcd), with the following
+ * structure:
+ * 'a': The error code category,
+ * 'b': The error code subcategory,
+ * 'cd': The error code identifier (depends on the two previous fields).
+ * The 'B000' - 'EFFF' range is reserved for applications, if they want to
+ * have the same uniqueness mechanism in their error codes.
+ */
+
+#define ERR_PAR_RANGE 0x4000
+#define ERR_SEC_RANGE 0x5000
+
+// Generic subcategories.
+#define ERR_OS_GEN_SUB_01 0x0100
+#define ERR_OS_GEN_SUB_02 0x0200
+#define ERR_OS_GEN_SUB_03 0x0300
+#define ERR_OS_GEN_SUB_04 0x0400
+#define ERR_OS_GEN_SUB_05 0x0500
+#define ERR_OS_GEN_SUB_06 0x0600
+#define ERR_OS_GEN_SUB_07 0x0700
+#define ERR_OS_GEN_SUB_08 0x0800
+#define ERR_OS_GEN_SUB_09 0x0900
+#define ERR_OS_GEN_SUB_0D 0x0D00
+#define ERR_OS_GEN_SUB_0E 0x0E00
+
+// Generic identifiers.
+enum generic_identifiers {
+  ERR_OS_GEN_ID_01 = 0x01,
+  ERR_OS_GEN_ID_02,
+  ERR_OS_GEN_ID_03,
+  ERR_OS_GEN_ID_04,
+  ERR_OS_GEN_ID_05,
+  ERR_OS_GEN_ID_06,
+  ERR_OS_GEN_ID_07,
+  ERR_OS_GEN_ID_08,
+  ERR_OS_GEN_ID_09,
+  ERR_OS_GEN_ID_0A,
+  ERR_OS_GEN_ID_0B,
+  ERR_OS_GEN_ID_0C,
+  ERR_OS_GEN_ID_0D,
+  ERR_OS_GEN_ID_0E,
+  ERR_OS_GEN_ID_0F,
+  ERR_OS_GEN_ID_10,
+  ERR_OS_GEN_ID_11,
+  ERR_OS_GEN_ID_12,
+  ERR_OS_GEN_ID_13,
+  ERR_OS_GEN_ID_14,
+  ERR_OS_GEN_ID_15,
+  ERR_OS_GEN_ID_16,
+  ERR_OS_GEN_ID_17,
+  ERR_OS_GEN_ID_18,
+  ERR_OS_GEN_ID_19,
+  ERR_OS_GEN_ID_1A,
+  ERR_OS_GEN_ID_1B,
+  ERR_OS_GEN_ID_1C,
+  ERR_OS_GEN_ID_1D,
+  ERR_OS_GEN_ID_1E,
+  ERR_OS_GEN_ID_1F,
+  ERR_OS_GEN_ID_20,
+  ERR_OS_GEN_ID_21,
+  ERR_OS_GEN_ID_22,
+  ERR_OS_GEN_ID_23,
+  ERR_OS_GEN_ID_24,
+  ERR_OS_GEN_ID_25,
+  ERR_OS_GEN_ID_26,
+  ERR_OS_GEN_ID_27,
+  ERR_OS_GEN_ID_28,
+  ERR_OS_GEN_ID_29,
+  ERR_OS_GEN_ID_2A,
+  ERR_OS_GEN_ID_2B,
+  ERR_OS_GEN_ID_2C,
+  ERR_OS_GEN_ID_2D,
+  ERR_OS_GEN_ID_2E,
+  ERR_OS_GEN_ID_2F,
+  ERR_OS_GEN_ID_30,
+  ERR_OS_GEN_ID_31,
+  ERR_OS_GEN_ID_32,
+  ERR_OS_GEN_ID_33,
+  ERR_OS_GEN_ID_34,
+  ERR_OS_GEN_ID_35,
+  ERR_OS_GEN_ID_36,
+  ERR_OS_GEN_ID_37,
+  ERR_OS_GEN_ID_38,
+  ERR_OS_GEN_ID_39,
+  ERR_OS_GEN_ID_3A,
+  ERR_OS_GEN_ID_3B,
+  ERR_OS_GEN_ID_3C,
+  ERR_OS_GEN_ID_3D,
+  ERR_OS_GEN_ID_3E,
+  ERR_OS_GEN_ID_3F,
+  ERR_OS_GEN_ID_40,
+  ERR_OS_GEN_ID_41,
+  ERR_OS_GEN_ID_42,
+  ERR_OS_GEN_ID_43,
+  ERR_OS_GEN_ID_44,
+  ERR_OS_GEN_ID_45,
+  ERR_OS_GEN_ID_46,
+  ERR_OS_GEN_ID_47,
+  ERR_OS_GEN_ID_48,
+  ERR_OS_GEN_ID_49,
+  ERR_OS_GEN_ID_4A,
+  ERR_OS_GEN_ID_4B,
+  ERR_OS_GEN_ID_4C,
+  ERR_OS_GEN_ID_4D,
+  ERR_OS_GEN_ID_4E,
+  ERR_OS_GEN_ID_4F,
+  ERR_OS_GEN_ID_50,
+  ERR_OS_GEN_ID_51,
+  ERR_OS_GEN_ID_52,
+  ERR_OS_GEN_ID_53,
+  ERR_OS_GEN_ID_54,
+  ERR_OS_GEN_ID_55,
+  ERR_OS_GEN_ID_56,
+  ERR_OS_GEN_ID_57,
+  ERR_OS_GEN_ID_58,
+  ERR_OS_GEN_ID_59,
+  ERR_OS_GEN_ID_5A,
+  ERR_OS_GEN_ID_5B,
+  ERR_OS_GEN_ID_5C,
+  ERR_OS_GEN_ID_5D,
+  ERR_OS_GEN_ID_5E,
+  ERR_OS_GEN_ID_5F,
+  ERR_OS_GEN_ID_60,
+  ERR_OS_GEN_ID_61,
+  ERR_OS_GEN_ID_62,
+  ERR_OS_GEN_ID_63,
+  ERR_OS_GEN_ID_64,
+  ERR_OS_GEN_ID_65,
+};
+
+/**
+ * OS (except cryptography) parameter-related issues are categorized into:
+ * Lengths mismatch in functions (LEN),
+ * Values mismatch in functions (VAL).
+ */
+#define ERR_PAR_LEN (ERR_PAR_RANGE + ERR_OS_GEN_SUB_01)
+#define ERR_PAR_VAL (ERR_PAR_RANGE + ERR_OS_GEN_SUB_02)
+
+#define SWO_PAR_VAL_01 (ERR_PAR_VAL + ERR_OS_GEN_ID_01) // 0x4201
+#define SWO_PAR_VAL_02 (ERR_PAR_VAL + ERR_OS_GEN_ID_02) // 0x4202
+#define SWO_PAR_VAL_03 (ERR_PAR_VAL + ERR_OS_GEN_ID_03) // 0x4203
+#define SWO_PAR_VAL_04 (ERR_PAR_VAL + ERR_OS_GEN_ID_04) // 0x4204
+#define SWO_PAR_VAL_05 (ERR_PAR_VAL + ERR_OS_GEN_ID_05) // 0x4205
+#define SWO_PAR_VAL_06 (ERR_PAR_VAL + ERR_OS_GEN_ID_06) // 0x4206
+#define SWO_PAR_VAL_07 (ERR_PAR_VAL + ERR_OS_GEN_ID_07) // 0x4207
+#define SWO_PAR_VAL_08 (ERR_PAR_VAL + ERR_OS_GEN_ID_08) // 0x4208
+#define SWO_PAR_VAL_09 (ERR_PAR_VAL + ERR_OS_GEN_ID_09) // 0x4209
+#define SWO_PAR_VAL_0A (ERR_PAR_VAL + ERR_OS_GEN_ID_0A) // 0x420A
+#define SWO_PAR_VAL_0B (ERR_PAR_VAL + ERR_OS_GEN_ID_0B) // 0x420B
+#define SWO_PAR_VAL_0C (ERR_PAR_VAL + ERR_OS_GEN_ID_0C) // 0x420C
+#define SWO_PAR_VAL_0D (ERR_PAR_VAL + ERR_OS_GEN_ID_0D) // 0x420D
+#define SWO_PAR_VAL_0E (ERR_PAR_VAL + ERR_OS_GEN_ID_0E) // 0x420E
+#define SWO_PAR_VAL_0F (ERR_PAR_VAL + ERR_OS_GEN_ID_0F) // 0x420F
+#define SWO_PAR_VAL_10 (ERR_PAR_VAL + ERR_OS_GEN_ID_10) // 0x4210
+#define SWO_PAR_VAL_11 (ERR_PAR_VAL + ERR_OS_GEN_ID_11) // 0x4211
+#define SWO_PAR_VAL_12 (ERR_PAR_VAL + ERR_OS_GEN_ID_12) // 0x4212
+#define SWO_PAR_VAL_13 (ERR_PAR_VAL + ERR_OS_GEN_ID_13) // 0x4213
+#define SWO_PAR_VAL_14 (ERR_PAR_VAL + ERR_OS_GEN_ID_14) // 0x4214
+#define SWO_PAR_VAL_15 (ERR_PAR_VAL + ERR_OS_GEN_ID_15) // 0x4215
+#define SWO_PAR_VAL_16 (ERR_PAR_VAL + ERR_OS_GEN_ID_16) // 0x4216
+#define SWO_PAR_VAL_17 (ERR_PAR_VAL + ERR_OS_GEN_ID_17) // 0x4217
+#define SWO_PAR_VAL_18 (ERR_PAR_VAL + ERR_OS_GEN_ID_18) // 0x4218
+#define SWO_PAR_VAL_19 (ERR_PAR_VAL + ERR_OS_GEN_ID_19) // 0x4219
+#define SWO_PAR_VAL_1A (ERR_PAR_VAL + ERR_OS_GEN_ID_1A) // 0x421A
+#define SWO_PAR_VAL_1B (ERR_PAR_VAL + ERR_OS_GEN_ID_1B) // 0x421B
+#define SWO_PAR_VAL_1C (ERR_PAR_VAL + ERR_OS_GEN_ID_1C) // 0x421C
+#define SWO_PAR_VAL_1D (ERR_PAR_VAL + ERR_OS_GEN_ID_1D) // 0x421D
+#define SWO_PAR_VAL_1E (ERR_PAR_VAL + ERR_OS_GEN_ID_1E) // 0x421E
+#define SWO_PAR_VAL_1F (ERR_PAR_VAL + ERR_OS_GEN_ID_1F) // 0x421F
+#define SWO_PAR_VAL_20 (ERR_PAR_VAL + ERR_OS_GEN_ID_20) // 0x4220
+#define SWO_PAR_VAL_21 (ERR_PAR_VAL + ERR_OS_GEN_ID_21) // 0x4221
+#define SWO_PAR_VAL_22 (ERR_PAR_VAL + ERR_OS_GEN_ID_22) // 0x4222
+#define SWO_PAR_VAL_23 (ERR_PAR_VAL + ERR_OS_GEN_ID_23) // 0x4223
+#define SWO_PAR_VAL_24 (ERR_PAR_VAL + ERR_OS_GEN_ID_24) // 0x4224
+#define SWO_PAR_VAL_25 (ERR_PAR_VAL + ERR_OS_GEN_ID_25) // 0x4225
+#define SWO_PAR_VAL_26 (ERR_PAR_VAL + ERR_OS_GEN_ID_26) // 0x4226
+#define SWO_PAR_VAL_27 (ERR_PAR_VAL + ERR_OS_GEN_ID_27) // 0x4227
+#define SWO_PAR_VAL_28 (ERR_PAR_VAL + ERR_OS_GEN_ID_28) // 0x4228
+#define SWO_PAR_VAL_29 (ERR_PAR_VAL + ERR_OS_GEN_ID_29) // 0x4229
+#define SWO_PAR_VAL_2A (ERR_PAR_VAL + ERR_OS_GEN_ID_2A) // 0x422A
+#define SWO_PAR_VAL_2B (ERR_PAR_VAL + ERR_OS_GEN_ID_2B) // 0x422B
+#define SWO_PAR_VAL_2C (ERR_PAR_VAL + ERR_OS_GEN_ID_2C) // 0x422C
+#define SWO_PAR_VAL_2D (ERR_PAR_VAL + ERR_OS_GEN_ID_2D) // 0x422D
+#define SWO_PAR_VAL_2E (ERR_PAR_VAL + ERR_OS_GEN_ID_2E) // 0x422E
+#define SWO_PAR_VAL_2F (ERR_PAR_VAL + ERR_OS_GEN_ID_2F) // 0x422F
+#define SWO_PAR_VAL_30 (ERR_PAR_VAL + ERR_OS_GEN_ID_30) // 0x4230
+#define SWO_PAR_VAL_31 (ERR_PAR_VAL + ERR_OS_GEN_ID_31) // 0x4231
+#define SWO_PAR_VAL_32 (ERR_PAR_VAL + ERR_OS_GEN_ID_32) // 0x4232
+#define SWO_PAR_VAL_33 (ERR_PAR_VAL + ERR_OS_GEN_ID_33) // 0x4233
+#define SWO_PAR_VAL_34 (ERR_PAR_VAL + ERR_OS_GEN_ID_34) // 0x4234
+#define SWO_PAR_VAL_35 (ERR_PAR_VAL + ERR_OS_GEN_ID_35) // 0x4235
+#define SWO_PAR_VAL_36 (ERR_PAR_VAL + ERR_OS_GEN_ID_36) // 0x4236
+#define SWO_PAR_VAL_37 (ERR_PAR_VAL + ERR_OS_GEN_ID_37) // 0x4237
+#define SWO_PAR_VAL_38 (ERR_PAR_VAL + ERR_OS_GEN_ID_38) // 0x4238
+#define SWO_PAR_VAL_39 (ERR_PAR_VAL + ERR_OS_GEN_ID_39) // 0x4239
+#define SWO_PAR_VAL_3A (ERR_PAR_VAL + ERR_OS_GEN_ID_3A) // 0x423A
+#define SWO_PAR_VAL_3B (ERR_PAR_VAL + ERR_OS_GEN_ID_3B) // 0x423B
+#define SWO_PAR_VAL_3C (ERR_PAR_VAL + ERR_OS_GEN_ID_3C) // 0x423C
+#define SWO_PAR_VAL_3D (ERR_PAR_VAL + ERR_OS_GEN_ID_3D) // 0x423D
+
+#define ERR_SEC_PIN    (ERR_SEC_RANGE + ERR_OS_GEN_SUB_05)
+#define SWO_SEC_PIN_15 (ERR_SEC_PIN + ERR_OS_GEN_ID_15) // 0x5515
+
+#endif /* OS_ERRORS_H */