diff --git a/.gitignore b/.gitignore index b8919f4..fd49033 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,3 @@ .idea neutrino_test -/bin diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..d09c077 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,31 @@ +# Building this Dockerfile executes a full build of the Recovery Tool, cross-compiling inside +# the container. The resulting executable is copied to the output directory using Docker BuildKit. + +# You need to pass 3 parameters via --build-arg: +# 1. `os` : the GOOS env var -- `linux`, `windows` or `darwin`. +# 2. `arch`: the GOARCH env var -- `386` or `amd64` (note that darwin/386 is not a thing). +# 3. `out` : the name of the resulting executable, placed in the output directory on the host. + +# For example, to build a linux/386 binary into `bin/rt`: +# docker build . --output bin --build-arg os=linux --build-arg arch=386 --build-arg out=rt + +# Note that the --output flag refers to the host, outside the container. + +FROM golang:1.16.0-alpine3.13 AS build +ARG os +ARG arch + +RUN apk add --no-cache build-base=0.5-r2 + +WORKDIR /src +COPY . . + +ENV CGO_ENABLED=0 +RUN env GOOS=${os} GOARCH=${arch} go build -mod=vendor -a -trimpath -o /out . + +# --- + +FROM scratch +ARG out + +COPY --from=build /out ${out} \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..87cf4f1 --- /dev/null +++ b/Makefile @@ -0,0 +1,36 @@ +# (Default) build the Recovery Tool to run on this system. +build: + mkdir -p bin + + echo "Building recovery tool" + go build -a -trimpath -o "bin/recovery-tool" + + echo "Success! Built to bin/recovery-tool" + +# Cross-compile and checksum the Recovery Tool for a range of OS/archs. +build-checksum-all: export DOCKER_BUILDKIT=1 +build-checksum-all: + # Get vendor dependencies: + go mod vendor -v + + # Linux 32-bit: + docker build . -o bin --build-arg os=linux --build-arg arch=386 --build-arg out=recovery-tool-linux32 + /bin/echo -n '✓ Linux 32-bit ' && sha256sum "bin/recovery-tool-linux32" + + # Linux 64-bit: + docker build . -o bin --build-arg os=linux --build-arg arch=amd64 --build-arg out=recovery-tool-linux64 + /bin/echo -n '✓ Linux 64-bit ' && sha256sum "bin/recovery-tool-linux64" + + # Windows 32-bit: + docker build . -o bin --build-arg os=windows --build-arg arch=386 --build-arg out=recovery-tool-windows32.exe + /bin/echo -n '✓ Windows 32-bit ' && sha256sum "bin/recovery-tool-windows32.exe" + + # Windows 64-bit: + docker build . -o bin --build-arg os=windows --build-arg arch=amd64 --build-arg out=recovery-tool-windows64.exe + /bin/echo -n '✓ Windows 64-bit ' && sha256sum "bin/recovery-tool-windows64.exe" + + # Darwin 64-bit: + docker build . -o bin --build-arg os=darwin --build-arg arch=amd64 --build-arg out=recovery-tool-macos64 + /bin/echo -n '✓ MacOS 64-bit ' && sha256sum "bin/recovery-tool-macos64" + +.SILENT: diff --git a/README.md b/README.md index dc69d23..eda8810 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Welcome! -You can use this tool to transfer all funds from your Muun wallet to an address of your choosing. +You can use this tool to transfer all funds out of your Muun account to an address of your choosing. ![](readme/demo.gif) @@ -14,35 +14,66 @@ control over their own money. Bitcoin has finally made this possible. ## Usage -To execute a recovery, you will need: +Download the appropriate binary in the following table, according to your operating system and +architecture. -1. **Your Recovery Code**, which you wrote down during your security setup -2. **Your Emergency Kit PDF**, which you exported from the app -3. **Your destination bitcoin address**, where all your funds will be sent +| System | Checksum | Link | +| --- | --- | --- | +| Linux 32-bit | `65c0e27bcff10210f5637a8b9f95ffd8c932d258c21d23d5d9da40ba091864a3` | [Download](https://raw.githubusercontent.com/muun/recovery/master/bin/recovery-tool-linux32) | +| Linux 64-bit | `596c819d22501e267385325dd2bba7e5260f711eb3d210c468a606699c8d8369` | [Download](https://raw.githubusercontent.com/muun/recovery/master/bin/recovery-tool-linux64) | +| Windows 32-bit | `897ff4db5ccc7f5b37c9c479f018b5ba4a98a243137f186fbf4b96138eff6adc` | [Download](https://raw.githubusercontent.com/muun/recovery/master/bin/recovery-tool-windows32.exe) | +| Windows 64-bit | `c03e981119c18270d517d74691283fd3e4d57460d1bf02189c7552b8daa06625` | [Download](https://raw.githubusercontent.com/muun/recovery/master/bin/recovery-tool-windows64.exe) | +| MacOS 64-bit | `c5b5d0f65f6b0a1a98bcbf405b50a691b33c347b06b02af98d3350bddb9353f3` | [Download](https://raw.githubusercontent.com/muun/recovery/master/bin/recovery-tool-macos64) | -Once you have that, you must: +Once you have that, run: -1. Install [golang](https://golang.org/) -2. Open a terminal window -3. Run: +``` +./recovery-tool +``` - git clone https://github.com/muun/recovery - cd recovery - ./recovery-tool +The process takes only a few minutes (depending on your connection). -The recovery process takes only a few minutes (depending on your connection). - -## Questions - -If you have any questions, we'll be happy to answer them. Contact us at [contact@muun.com](mailto:contact@muun.com) +If you have any questions, we'll be happy to answer them. Contact us at support@muun.com ## Auditing -Begin by reading `main.go`, and follow calls to other files and modules as you see fit. We always work -to improve code quality and readability with each release, so that auditing is easier and more effective. +This tool is open-sourced so that auditors can dive into the code, and verify it to their benefit +and everyone else's. We encourage people with the technical knowledge to do this. -The low-level encryption, key handling and transaction crafting code can be found in the `libwallet` -module, and it's the same our iOS and Android applications use. +To build the tool locally and run it, you must: + +1. Install the [Go](https://golang.org/) toolchain. +2. Clone the repository: + + ``` + git clone https://github.com/muun/recovery + cd recovery + ``` + +3. Run the tool with: + + ``` + go run -mod=vendor . -- + ``` + +To build the tool in all its variants and verify the checksums for the above binaries, you need to: + +1. Install the [Docker](https://www.docker.com/) toolchain and start the daemon. +2. Run this command: + + ``` + make build-checksum-all + ``` + +3. Verify that the printed checksums match those of the downloaded versions, using `sha256sum` +as in the `Makefile`. + +We use Docker for these builds to ensure they are reproducible. + + +## Questions + +If you have any questions, we'll be happy to answer them. Contact us at contact@muun.com ## Responsible Disclosure @@ -51,4 +82,4 @@ Send us an email to report any security related bugs or vulnerabilities at [secu You can encrypt your email message using our public PGP key. -Public key fingerprint: `1299 28C1 E79F E011 6DA4 C80F 8DB7 FD0F 61E6 ED76` \ No newline at end of file +Public key fingerprint: `1299 28C1 E79F E011 6DA4 C80F 8DB7 FD0F 61E6 ED76` diff --git a/bin/recovery-tool-linux32 b/bin/recovery-tool-linux32 new file mode 100755 index 0000000..ef04930 Binary files /dev/null and b/bin/recovery-tool-linux32 differ diff --git a/bin/recovery-tool-linux64 b/bin/recovery-tool-linux64 new file mode 100755 index 0000000..6773d3c Binary files /dev/null and b/bin/recovery-tool-linux64 differ diff --git a/bin/recovery-tool-macos64 b/bin/recovery-tool-macos64 new file mode 100755 index 0000000..171d3fe Binary files /dev/null and b/bin/recovery-tool-macos64 differ diff --git a/bin/recovery-tool-windows32.exe b/bin/recovery-tool-windows32.exe new file mode 100755 index 0000000..e80b51e Binary files /dev/null and b/bin/recovery-tool-windows32.exe differ diff --git a/bin/recovery-tool-windows64.exe b/bin/recovery-tool-windows64.exe new file mode 100755 index 0000000..8f1068d Binary files /dev/null and b/bin/recovery-tool-windows64.exe differ diff --git a/readme/demo.yml b/readme/demo.yml index 3383c1b..a85a8a6 100644 --- a/readme/demo.yml +++ b/readme/demo.yml @@ -3,6 +3,9 @@ # Render with: # $ terminalizer render demo.yml -o demo-unoptimized.gif +# Make background transparent with: +# https://onlinegiftools.com/create-transparent-gif (use white, 1%) + # Optimize with: # $ gifsicle --optimize=3 --colors=32 -i demo-unoptimized.gif -o demo.gif @@ -24,6 +27,7 @@ config: title: null style: border: 0px black solid + boxShadow: none watermark: imagePath: null