As I've mentioned before - advancements in cryptanalysis and hacking techniques are continuing to reduce the cost of unauthorized access to your data.
In my opinion, the only way to keep your data private is to raise the cost of unauthorized access to it as high as possible. To do so, I developed several versions of Midbar, such as Midbar V4.0,Midbar (Raspberry Pi Pico Version) V2.0,Midbar (STM32F401CCU6 + Arduino Uno Version),Midbar (Teensy 4.1 Version) V2.0,Midbar (RTL8720DN + Arduino Uno Version), etc.
Don't get me wrong, all these versions of Midbar are fully functional devices that work (more or less) as they're supposed to. But for those who don't have any experience working with electronics, they might be hard to assemble, especially the versions with two microcontrollers. To address this issue, I developed a version of Midbar that only requires four major components. In addition to that, I also made this version of Midbar as cheap as I could without sacrificing the simplicity of the circuit.
As for why this project is called Midbar - Midbar (מדבר) is a Hebrew word that means "pasture, " "uninhabited land, " "wilderness, " "large tracts of wilderness (around cities), " and "desert." I had two reasons for choosing the word Midbar as the name of this project. First - while working on my previous projects, I noticed that the so-called "device that keeps your personal data secure in an encrypted form" market is pretty much a "desert around the oasis of the password manager market." Second - I couldn't find a better word to describe this project. At first, I wanted to call it a "Password Vault, " but it's more than that. So, I decided to call it Midbar.
You can also read this tutorial on Instructables and Medium.
3DES + AES + Blowfish + Serpent Encryption Algorithm in CBC ModeThe "3DES + AES + Blowfish + Serpent" encryption algorithm in cipher block chaining mode first appeared in the Midbar V2.5. And since then has been utilized by the Midbar (Raspberry Pi Pico Version),Midbar V3.0,Midbar V4.0,KhadashPay V2.0,Midbar (Raspberry Pi Pico Version) V2.0,KhadashPay V2.0 (Raspberry Pi Pico Version),Midbar V5.0,Midbar (STM32F401CCU6 Version),KhadashPay V3.0 (STM32F401CCU6 Version),KhadashPay V3.0,Midbar (STM32F401CCU6 + Arduino Uno Version),KhadashPay V3.5,Black Swan V2.0,Midbar (Teensy 4.1 Version),Hash Latch, and Midbar (Teensy 4.1 Version) V2.0.
Although the "3DES + AES + Blowfish + Serpent" encryption algorithm ain't exactly what I would call "a cryptographically weak encryption algorithm, " operating it in a weird derivation of the ECB mode, the way it was done by the Midbar V2.0 wasn't the best idea that I had. Even though that wouldn't've allowed the attacker to produce the legitimate ciphertext by swapping the blocks within the ciphertext, an attacker could still make a legitimate ciphertext by replacing the nth block of the ciphertext N1 with the nth block of the ciphertext N2. To fix that vulnerability (instead of just notifying the user that the decrypted ciphertext might've been forged), I made the "3DES + AES + Blowfish + Serpent" encryption algorithm work in CBC mode. So, if an attacker replaces a block of ciphertext, they spoil not just that block but also the subsequent one.
I'll be honest with you, the bit-flipping attack "kinda works, " but I doubt that it would ever go unnoticed because of the "HMAC-SHA256"-based integrity verification feature
And let's not forget that this encryption algorithm performs the operation called superencryption.
As defined by NIST, superencryption is an encryption operation for which the plaintext input to be transformed is the ciphertext output of a previous encryption operation.
Such organization of the encryption algorithms makes a combined encryption algorithm that is at least as strong as the strongest one in the cascade, has a longer key, might be more resistant to some attacks, and might produce a ciphertext with higher entropy. Anyway. It won't hurt to have an additional layer of security (or several of them).
Integrity VerificationThe Midbar (ESP8266 Version) V2.0 is the twelfth version of Midbar that verifies the integrity of the whole record. So, the legitimate ciphertexts moved between the cells aren't much of a threat to it.
The "HMAC-SHA256"-based integrity verification feature functions in the following way:
When you add a record to Midbar, it consolidates all the data you have entered into one string, computes a tag for that string, and then saves the newly computed tag in the encrypted form.
When Midbar decrypts your data, it also decrypts the previously saved tag and computes a new one for the decrypted data. It then compares both tags. If they don't match - Midbar notifies you that the integrity verification failed.
Prepare the Software *OptionalIf you've never flashed ESP8266 before you'll need to configure Arduino IDE and install drivers to upload the firmware to the boards, you can find drivers here:
CH340 driver: https://sparks.gogo.co.nz/ch340.html
CP210x driver: https://www.silabs.com/developers/usb-to-uart-bridge-vcp-drivers
In case you don't have Arduino IDE, you can download it here:
https://www.arduino.cc/en/software/
Configuring IDE isn't a part of this tutorial, you can read about it here:
https://randomnerdtutorials.com/how-to-install-esp8266-board-arduino-ide/
Download FirmwareYou can download the firmware for Midbar from one of these sources.
SourceForge: https://sourceforge.net/projects/midbar/
GitHub: https://github.com/Northstrix/Midbar
If you just need the firmware for the device alongside the RNG, then I would advise you to download a 0.2 MB archive from SourceForge.
But if you need the firmware for all versions of Midbar alongside the extra code, photos, and diagrams, in that case, I would advise you to download the 254 MB archive from GitHub.
Download and Install the LibrariesNintendoExtensionCtrl: https://github.com/dmadison/NintendoExtensionCtrl
Adafruit-ST7735-Library: https://github.com/adafruit/Adafruit-ST7735-Library
Adafruit-GFX-Library: https://github.com/adafruit/Adafruit-GFX-Library
Adafruit_BusIO: https://github.com/adafruit/Adafruit_BusIO
ESP8266TrueRandom: https://github.com/marvinroger/ESP8266TrueRandom
The process of unpacking libraries is typical. You can unpack the content of the archive into the folder:...\Arduino\libraries. Or open the Arduino IDE, click to the Sketch -> Include Library -> Add.ZIP Library... and select every archive with libraries.
Other required libraries are already present in one way or another.
Install ESP8266 Filesystem UploaderThe primary purpose of the ESP8266 Filesystem Uploader is to let you upload files into ESP's filesystem. In this tutorial, the purpose of this tool is to upload an empty SPIFFS image into ESP.
Download the archive called ESP8266FS-0.5.0.zip from https://github.com/esp8266/arduino-esp8266fs-plugin/releases
And then extract the content of that archive into the "...\Arduino\Tools\" folder.
After that, restart the Arduino IDE.
Format ESP8266's Built-In Flash MemoryClick Tools -> ESP8266 Sketch Data Upload. Then click Yes in the pop-up window. The program is going to format the built-in flash memory.
Generate KeysTo make the unauthorized deciphering of your data computationally infeasible - It is crucial to generate your own keys and never reuse them
It's entirely up to you how to generate the keys. I can only offer you an option to do so.
I've modified one of my previous projects to work as a random number generator, the generated output seems "random enough" for me, but I haven't run any tests. So, I can't guarantee that it's random.
Use it at your own risk!
To generate the keys - launch gen.exe from the "ESP8266 Version\V2.0\Untested RNG" folder and click the "Gen. keys for Midbar (ESP8266) V2.0" button. The background turns from dark gray to light gray when you press that button.
Modify the FirmwareOpen the "Firmware.ino" file from the "ESP8266 Version\V2.0\Firmware" folder, and then replace my keys with those you've generated.
The are also two lines that you should pay attention to:
- "bool stick_up_to_add_char = true;"
- "bool c_functions_as_enter = true;"
By default, Midbar adds character to the input when you put the stick up, and deletes the character when you put the stick down. You can swap these actions if you set the value of the "stick_up_to_add_char" to false.
By default, the "C" button functions as if it was "Enter" on the keyboard, and the "Z" button functions as if was "Esc" on the keyboard. You can swap them if you set the value of the "c_functions_as_enter" to false.
Upload the Modified Firmware Into ESP8266Upload the modified firmware from the "ESP8266 Version\V2.0\Firmware" folder into ESP8266.
Assemble MidbarThat's the easiest version of Midbar to assemble (by far).
Just compare it with Midbar (STM32F401CCU6 + Arduino Uno Version) or Midbar (RTL8720DN + Arduino Uno Version), and you'll understand what I mean.
Power the Midbar UpOnce you've flashed the ESP8266 and assembled the circuit, put the power to it.
Also, connect the Nintendo Wii Nunchuk (if you haven't already).
*Recognize the Hebrew font?
Set Master PasswordMidbar requires you to set a master password before you can use it.
You can't change your master password without performing the factory reset first!
Midbar won't be able to decrypt your data without your master password because the keys for the encryption algorithms are partially derived from it. Perhaps, it won't even unlock without the correct master password.
While entering a text in a tab use the Nintendo Wii Nunchuk in the following way:
- "Stick Right" to select the next character;
- "Stick Left" to select the previous character;
- "Stick Up" to add the selected character to the input;
- "Stick Down" to remove the last character from the input.
When you're done entering your master password, press any button on Nintendo Wii Nunchuk.
While you're on the menu:
- "Stick Down" or "Stick Right" to move down the menu;
- "Stick Up" or "Stick Left" to move up the menu;
- Press the "C" button to continue to the selected option;
- Press the "Z" button to return to the main menu.
Midbar (ESP8266 Version) V2.0 allows you to store records of four types: login credentials, credit card information, notes, and phone numbers.
Since working with records of other types is basically the same as working with logins, I'll only provide instructions on how to work with logins.
I assume that you didn't change the value of the "c_functions_as_enter" variable, so the "C" button functions as "Enter." If you did, then press the "Z" button instead of "C."
To add a login (from Nintendo Wii Nunchuk):
- Select the "Logins" line in the main menu;
- Press either the "C" button on the Nintendo Wii Nunchuk;
- Select the "Add" line;
- Press either the "C" button on the Nintendo Wii Nunchuk;
- Select the slot you want to put the login to by tilting the stick to the right and the left;
- Press either the "C" button on the Nintendo Wii Nunchuk;
- Select the "Wii Nunchuk" line;
- Press either the "C" button on the Nintendo Wii Nunchuk;
- Enter the title;
- Press either the "C" button on the Nintendo Wii Nunchuk;
- Enter the username;
- Press either the "C" button on the Nintendo Wii Nunchuk;
- Enter the password;
- Press either the "C" button on the Nintendo Wii Nunchuk;
- Enter the website;
- Press either the "C" button on the Nintendo Wii Nunchuk.
To view login:
- Select the "Logins" line in the main menu;
- Press either the "C" button on the Nintendo Wii Nunchuk;
- Select the "View" line;
- Press either the "C" button on the Nintendo Wii Nunchuk;
- Select the slot you want to view login from by tilting the stick to the right and the left;
- Press either the "C" button on the Nintendo Wii Nunchuk;
- Tilt the stick up to print the login to the Serial Terminal.
To edit login:
- Select the "Logins" line in the main menu;
- Press either the "C" button on the Nintendo Wii Nunchuk;
- Select the "Edit" line;
- Press either the "C" button on the Nintendo Wii Nunchuk;
- Select the login you would like to edit by tilting the stick to the right and the left;
- Press either the "C" button on the Nintendo Wii Nunchuk;
- Edit the password in the selected login credential;
- Press either the "C" button on the Nintendo Wii Nunchuk.
To delete login:
- Select the "Logins" line in the main menu;
- Press either the "C" button on the Nintendo Wii Nunchuk;
- Select the "Delete" line;
- Press either the "C" button on the Nintendo Wii Nunchuk;
- Select the login you would like to delete by tilting the stick to the right and the left;
- Press either the "C" button on the Nintendo Wii Nunchuk.
The Midbar (ESP8266 Version) V2.0 utilizes two hash functions: SHA-256 and SHA-512.
If you're not familiar with the hash functions, let me give you a simple explanation of what the hash function is.
A hash function is a mathematical function that takes some data as an input and produces a fixed-size, unique output value, known as a hash. The hash function always produces the same output given the same input.
To hash a string:
- Select the "Hash Functions" line in the main menu;
- Press either the "C" button on the Nintendo Wii Nunchuk;
- Select the "SHA-256" or "SHA-512" line depending on the hash function you'd like to use;
- Press either the "C" button on the Nintendo Wii Nunchuk;
- Enter the string you'd like to hash;
- Press either the "C" button on the Nintendo Wii Nunchuk.
The Midbar (ESP8266 Version) V2.0 might not be as stable as Midbar V4.0, but it's cheaper and easier to assemble.
And while Midbar is no guarantee of world peace or social harmony, I do believe that it's an important contribution to the protection of your data from unauthorized access.
I think it's also worth mentioning that Midbar's source code is distributed under the MIT license. That grants you the freedom to customize, adapt, and modify Midbar according to your needs and preferences. In other words, you can create your own version of Midbar or use it as a starting point for building new projects without the need for external permission.
If you found this tutorial to be useful, please consider sharing it.
Thank you for reading this tutorial.
Comments