newtonick/hellbender-wallet
newtonick/hellbender-wallet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
[BREAKGLASS] A Bitcoin Multisig Coordinator
41 Commits 32 Branches 2 Tags 8.8 MiB
Swift 96.6%
Ruby 1.9%
Shell 1.5%
birch-theme
Go to file
Nick Klockenga fd037e45ea add dark and light birch themes
2026-04-08 21:15:31 -04:00
.github/workflows Feature add reproducible build steps (#19) 2026-04-08 20:53:52 -04:00
Config Feature add reproducible build steps (#19) 2026-04-08 20:53:52 -04:00
hellbender add dark and light birch themes 2026-04-08 21:15:31 -04:00
hellbender.xcodeproj Feature add reproducible build steps (#19) 2026-04-08 20:53:52 -04:00
hellbenderTests fix the testnet3 port 2026-04-01 10:19:07 -04:00
hellbenderUITests Replaced the transaction screen's balance card with a hero header featuring a wallet picker dropdown overlay that supports switching wallets, adding new wallets, and editing/deleting wallets — moving all wallet management out of Settings. Added wallet identicons (unique color grids per wallet) to the picker and header, and added a "Wallet Info" option to the transaction screen's menu. Improved the Electrum connection status to show "Connected" as soon as the chain tip is fetched rather than waiting for a full sync to complete. Changed the default address gap limit from 50 to20, and made various UX improvements including larger tap targets, consistent Done button styling, and auto-focus on wallet rename. 2026-03-29 22:39:30 -04:00
scripts Feature add reproducible build steps (#19) 2026-04-08 20:53:52 -04:00
.gitignore Release v0.1.1 2026-03-16 21:37:16 -04:00
.swiftformat Release v0.1.1 2026-03-16 21:37:16 -04:00
.xcode-version Feature add reproducible build steps (#19) 2026-04-08 20:53:52 -04:00
LICENSE Release v0.1.1 2026-03-16 21:37:16 -04:00
README.md Feature add reproducible build steps (#19) 2026-04-08 20:53:52 -04:00

README.md

Hellbender

Hellbender

Travel to your private keys and leave your laptop at home.

Welcome Transactions Multisig Config Import Descriptor Review Wallet

Hellbender is an iOS Bitcoin multisig coordinator written in Swift. It operates as a watch-only wallet — private keys never touch your phone. Coordinate signing across air-gapped hardware wallets using animated QR codes, bringing cold storage security with mobile convenience.

Features

  • Watch-only architecture — only public descriptors are stored on the device
  • Air-gapped QR signing — UR and BBQR animated QR codes for PSBT exchange
  • Configurable M-of-N multisig — 2-of-3, 3-of-5, and beyond
  • Full BIP-174 PSBT workflows — create, sign, combine, and broadcast
  • UTXO management — coin control and coin freezing
  • RBF fee bumping — replace-by-fee support for stuck transactions
  • Multi-network support — mainnet, testnet3, testnet4, and signet
  • Biometric security — Face ID / Touch ID lock
  • Descriptor import/export — QR scan, clipboard, and PDF export
  • Electrum server integration — connect to your own node or a public server
  • Multi-wallet profiles — manage multiple wallets in one app

Building

Requirements

  • Xcode 26.2+
  • iOS 18.6+ deployment target
  • Swift 5.0

Dependencies

All dependencies are managed via Swift Package Manager and resolve automatically:

Package Purpose
BitcoinDevKit (bdk-swift) Bitcoin operations
URKit UR encoding/decoding
URUI QR display and scanning
Bbqr BBQR encoding

Build Steps

  1. Clone the repository 
    git clone https://github.com/newtonick/hellbender-wallet.git
cd hellbender-wallet
  2. Open hellbender.xcodeproj in Xcode
  3. SPM dependencies resolve automatically on first open
  4. Build and run on a simulator or device

For reproducible release builds, see Reproducible Builds below.

CI

GitHub Actions runs xcodebuild clean build analyze on every push and pull request to main. A separate reproducibility verification workflow builds the project twice, normalizes both outputs, and compares them to catch non-determinism regressions.

Reproducible Builds

Hellbender supports functionally equivalent reproducible builds. Given the same source code and Xcode version, two independent builds will produce the same compiled logic after normalization. Certain metadata bytes (Mach-O UUIDs, timestamps, build-machine identifiers) are expected to differ and are zeroed by the normalization step.

What IS reproducible (after normalization): all code-bearing sections, resources, and application logic.

What is NOT reproducible: code signing timestamps, Mach-O LC_UUID values, Xcode build-machine metadata, App Store .ipa files (Apple re-signs and applies FairPlay DRM).

Prerequisites

  • Exact Xcode version matching .xcode-version (currently 26.4)
  • macOS with the matching SDK

Producing a verifiable build

./scripts/build-release.sh

This creates an unsigned archive at /tmp/hellbender-build/hellbender.xcarchive.

Verifying two builds

# Normalize both builds
./scripts/normalize-app.sh /path/to/build1.app
./scripts/normalize-app.sh /path/to/build2.app

# Compare
./scripts/compare-builds.sh /path/to/build1.app /path/to/build2.app

The comparison exits 0 if the builds are functionally equivalent, 1 if code differences are found.

Links

License

MIT License — see LICENSE for details.

Hellbender's dependencies use permissive licenses compatible with MIT: bdk-swift (MIT/Apache-2.0), URKit (BSD-2-Clause-Patent), URUI (BSD-2-Clause-Patent), Bbqr (Apache-2.0).