Bitlox reached out to me and asked if they could send me one of their hardware wallets to look at. I asked for two, so I could tear one apart and have one for not tearing apart. The two Bitlox wallets arrived the other day. They sent these to me for no cost, and I made no promises about the content I post about their product. Nobody reviews or approves my content before I post it.
I wouldn't use a Bitlox.
There are several reasons, but the first reason trumps all others, and that's because it is not open source. The firmware is not available, and even after ripping one apart, I still do not know what hardware makes it tick. I'll get back to that in a moment.
Any closed source hardware/software wallet is a non-starter for me (and should be for you). If I'm interested in Bitcoin enough to purchase a dedicated device to store them, then I likely care about Bitcoin's open-source nature. Unreproducable solutions need not apply. Open source money wants to live in open source hardware.
Therefore this post is a 'first impressions' of the Bitlox hardware alone, and I'm unlikely to spend any time with the software used to interact with the Bitlox device to make a well-informed follow-up on the software components.
There's still enough to talk about:
Nice large e-ink screen. About the height and width of a credit card, but about 4mm thick
At first glance, the Bitlox feels premium -- large, clear e-ink screen, dense but not too heavy, no case twisting (unlike the cheap feel of the Case wallet), and classy red accents in-between the keys.
But all that fades after the first press of one of those buttons. They are smushy beyond smushy, and the feel of the buttons at the left and right sides is far different than the ones in the middle. The '3', '4', '8', and '9' keys have a distinct point during the button travel where the press is activated, as you would expect a button to feel, but the buttons on either end have zero travel -- Zero! It feels like I'm pressing on a hard surface, and when some pressure threshold is exceeded, the button press is registered. I wouldn't want this behavior for any buttons, but this is especially terrible for the 'checkmark' button, presumably used for confirming actions such as Bitcoin transactions.
There's some goo in the upper right corner of the screen underneath the protective outer surface layer. This appears on both units.
The front surface of the Bitlox is bowed out quite a bit, which I believe contributes to the terrible feel of the keyboard. Here, It feels like they are trying to fit in a battery that's too thick, but are including it anyway. This isnt the case, but that's the impression I had before popping it open.
Its hard to capture how not flat the front surface of the Bitlox is. Also, look at those keys! They will catch on things in your pocket and bend out of position quite easily. I drink Mt. Dew.
In reality, its just a terrible keyboard design.
This is pretty terrible. I didnt test it, but I doubt this would be moisture/water resistant at all.
The connection between the keyboard and the pcb is a direct edge soldering that separated when prying the two pieces apart
The connection between the two pieces is visible along the bottom edge of the left part, to the right of the shiny silver battery.
The back of the keyboard along with soldered edge connection
The components are on the bottom of the pcb, and there was no easy way to get the pcb out of the bottom of the case. There was much spudging, and once separated, it was clear why
The space between the component side of the pcb and the rear shell is partially filled with a hardened black epoxy.
The black epoxy bonded the pcb to the rear shell tightly enough that come components were ripped off the board when I pried them apart.
SMT components embedded in hardened black epoxy
And here's a view of the component side of the pcb. The bluetooth module appears to be an off-the-shelf module, there's an ARM chip from Atmel, and another small atmel mcu - likely a USB-to-serial bridge.
That's alot of passives. There's also what looks like a jtag/debugging header over there on the right side. This board is dead due to parts being embedded in the epoxy, but I could imagine that a hole could be carefully drilled right at that location on a working device to get access to that header to test to see if its enabled. I'd check the firmware source code, but its not available.
Off-the-shelf bluetooth module
"But gbg, " you say, "what's the part number on the main Atmel chip?" I'd give it to you, but its been scratched off to hide its identity.
Can you read the Atmel part number? Nope! You can't!
Under the microscope, I think I can make out that the part number starts with 'ATSAM' and ends with 'C':
Why would they do this? What are they trying to hide? Who would ever trust this with their Bitcoins?
And finally, the price starts at $199. Unless you *really* need a hardware wallet with bluetooth (you don't), pass on the Bitlox.
Instead, educate yourself on the risks, and purchase a cheap Trezor clone, a Trezor from SatoshiLabs, or build your own Trezor depending on your risk tolerance.