Password storage on a BluePill

Post here first, or if you can't find a relevant section!
User avatar
RogerClark
Posts: 7541
Joined: Mon Apr 27, 2015 10:36 am
Location: Melbourne, Australia
Contact:

Password storage on a BluePill

Post by RogerClark » Fri Dec 01, 2017 12:55 am

Guys.

I noticed this on HackaDay (it does not use a STM32)

https://hackaday.com/2017/11/30/mathieu ... rd-keeper/

But I have been thinking for some time that as the BluePill normally has 128k of Flash, which can be marked as read protect, that it would be possible to build a password storage.

The device on Hackaday uses AES encryption (as I presume its storing the data on an external Flash chip (from what I can see on the schematic) or an external secure data card.

https://github.com/limpkin/mooltipass/b ... ign_v1.pdf

I think something similar could be achieved on a BluePill, and I'm sure that the passwords could be encrypted with a passcode and stored in flash.

The flash could be set to read protect.

The weak link here seems to be the passcode, as if its only 4 digit and the flash got dumped, it would be game over.

So whatever firmware as run, it would need to be pretty robust to make it as hard as possible to extract the flash.

We already have code to act as USB HID and there is code (not for Arduino) to emulate a CH340 USB to Serial.

Anyway, just a thought....

dannyf
Posts: 200
Joined: Wed May 11, 2016 4:29 pm

Re: Password storage on a BluePill

Post by dannyf » Fri Dec 01, 2017 2:18 am

a few things:

1) UID would be great: the password being stored / exchanged with the host / authenticator can be encrypted with the UID before it is stored on the chip. a lowly STM32 or STM8 can do that and be used to store practically limitless amount of passwords;

2) the key here will be figuring out a way to copy-protect the chip. STM32/8 aren't the greatly here;

3) there are external devices, like rolling code chips or one-wire chips that can be used to enhance the copy protection;

4) a better medium is probably a phone: the sim card there is a great authenticator, as well as the finger print scanner. So if you can write a little app on the phone for authentication, it is a much better / cheaper approach than being marketed -> a true single sign-on.

User avatar
RogerClark
Posts: 7541
Joined: Mon Apr 27, 2015 10:36 am
Location: Melbourne, Australia
Contact:

Re: Password storage on a BluePill

Post by RogerClark » Fri Dec 01, 2017 2:49 am

dannyf wrote:
Fri Dec 01, 2017 2:18 am

2) the key here will be figuring out a way to copy-protect the chip. STM32/8 aren't the greatly here;

3) there are external devices, like rolling code chips or one-wire chips that can be used to enhance the copy protection;

I wasnt aware the STM's read protection had been broken ??

The only device I know that there was a hack to read back was the Nordic nRF51 and they are phasing that out in preference for the nRF52 which does not have the same problem (which allowed code to be single stepped, and registers written to and read back in GDB in a read protected chip)


Re: 3

I guess it depends how secure it needs to be.

I have a password manager on my PC, but any malware could read the encrypted data, and any key logger could capture my login

So its not really that secure

The third party devices which don't have easily accessible access to the data storage, and also where you have to enter the unlock code directly into the device would be more secure from those sorts of attacks.

Of course single password could be sniffed if they were sent in plain text via up the USB, but thats no different from a key logger for an individual website.

Having something which behaved like a HID keyboard which could send the passwords to whatever device it was connected to, would be rather handy, as I have soo many different devices, e.g. Android, iOS 6 , iOS9, Linux, Windows , OSX, that getting an offline pasword manager (software) that works across all of them and is not an online (hence unsecure) system, is impossible.

User avatar
zoomx
Posts: 550
Joined: Mon Apr 27, 2015 2:28 pm
Location: Mt.Etna, Italy

Re: Password storage on a BluePill

Post by zoomx » Fri Dec 01, 2017 10:02 am

RogerClark wrote:
Fri Dec 01, 2017 2:49 am

Having something which behaved like a HID keyboard which could send the passwords to whatever device it was connected to, would be rather handy, as I have soo many different devices, e.g. Android, iOS 6 , iOS9, Linux, Windows , OSX, that getting an offline pasword manager (software) that works across all of them and is not an online (hence unsecure) system, is impossible.
Maybe KeePass has ports for (quite!) all of them. But the idea of an hardware password manager is interesting!

https://keepass.info/download.html

User avatar
RogerClark
Posts: 7541
Joined: Mon Apr 27, 2015 10:36 am
Location: Melbourne, Australia
Contact:

Re: Password storage on a BluePill

Post by RogerClark » Fri Dec 01, 2017 10:12 am

zoomx wrote:
Fri Dec 01, 2017 10:02 am


Maybe KeePass has ports for (quite!) all of them. But the idea of an hardware password manager is interesting!

https://keepass.info/download.html
Thanks

Quite possibly does support every device I use, but I'd still need to install it onto every device and keep the password file manually synced.

User avatar
mrburnette
Posts: 2031
Joined: Mon Apr 27, 2015 12:50 pm
Location: Greater Atlanta
Contact:

Re: Password storage on a BluePill

Post by mrburnette » Sun Dec 03, 2017 6:36 pm

Ummmm.

I would likely implement one of the standards around public key (root certificate) and private key.... the ROM based password (s) would be signed with a private key.

mBed has a lib for tinySSL for ARM that could likely be compiled into the IDE code to decrypt the stored passwords:
https://tls.mbed.org/tiny-ssl-library


Ray

User avatar
ddrown
Posts: 150
Joined: Sat Jan 09, 2016 4:49 am

Re: Password storage on a BluePill

Post by ddrown » Sun Dec 03, 2017 6:40 pm

This is an interesting project. I think this other stm32f103 based project could have some relevant design/code: https://github.com/RaymiiOrg/gnuk/blob/master/README

Something to help make the brute force harder would be to use a brute force resistant hash like PBKDF2 as well as allowing a longer passphrase.

User avatar
RogerClark
Posts: 7541
Joined: Mon Apr 27, 2015 10:36 am
Location: Melbourne, Australia
Contact:

Re: Password storage on a BluePill

Post by RogerClark » Sun Dec 03, 2017 8:37 pm

Thanks guys

@ddrown
The open source project you linked to was interested, but I don’t know if it’s the same sort of device I was thinking about.

It uses a H103,so I am not sure if the code would port over to the F103 for hardware and software reasons

Ray

Thanks for the link to that library

I think a strong passkey would be advantageous, because if the Flash was read back, it would not only reveal the data but also all the keys, and the firmware binary, so with a short passkey it would be easy to do a brute force attack, by simply running the firmware

The problem with a long passkey is how to enter it. The Mooltipass dongle has a rotary wheel with click, and I think you just enter 4 numbers, ( though it could be alpha numeric )

This seems like a neat solution, but perhaps a rotary encoder with the shaft sticking out the end, with a knob on it, would allow a alphanumeric passkey to be entered more quickly.

I did consider a small touch screen, but it would need a pen to tap on the size of small buttons that would be needed for a QWERTY keyboard

User avatar
ddrown
Posts: 150
Joined: Sat Jan 09, 2016 4:49 am

Re: Password storage on a BluePill

Post by ddrown » Mon Dec 04, 2017 12:07 am

RogerClark wrote:
Sun Dec 03, 2017 8:37 pm
Thanks guys

@ddrown
The open source project you linked to was interested, but I don’t know if it’s the same sort of device I was thinking about.
Yup, it's not exactly the same. It stores PGP keys instead of passwords. But the storage of those secrets would be very similar, so those parts of the design and code could be used.
RogerClark wrote:
Sun Dec 03, 2017 8:37 pm
It uses a H103,so I am not sure if the code would port over to the F103 for hardware and software reasons
They actually have a version for the blue pill as well as their official hardware.
RogerClark wrote:
Sun Dec 03, 2017 8:37 pm
I think a strong passkey would be advantageous, because if the Flash was read back, it would not only reveal the data but also all the keys, and the firmware binary, so with a short passkey it would be easy to do a brute force attack, by simply running the firmware

The problem with a long passkey is how to enter it. The Mooltipass dongle has a rotary wheel with click, and I think you just enter 4 numbers, ( though it could be alpha numeric )
I was thinking about this. I was considering an arrow based interface to enter letters for a fixed word list. You'd have a fixed 4,000 different words to choose from, and passwords could be multiple words. Using a fixed word list could make it easier to enter and remember longer passwords.

so to enter the passphrase "convinces delay poem issuing":

arrow down to "c" (26 choices), right arrow
arrow down to "o" (11 choices), right arrow
arrow down to "n" (12 choices), right arrow
arrow down to "v" (8 choices), right arrow
choose between (10 choices):
convenient, convention, conventional, conventions, conversation, convert, convince, convinced, convinces, convincing
right arrow

next word in the same way

The word list I have in mind is 4657 entries long, so 4 words out of it would be ln(4657^4)/ln(2) = 48.7 bits to brute force. Not impossible to brute force, but it would be expensive as long as the passphrase hashing system was designed properly. Using more words would make brute force harder, but would also make using it more annoying.

Using these numbers: https://gist.github.com/epixoip/a83d38f ... 804a270c40

PBKDF2-HMAC-SHA256 9473.2 kH/s

That specific hardware is currently $21,000 (getting the GPUs alone would cost $4,000) and it would take on average 9 months (running 24/7) to crack one passphrase. More hardware would crack it faster in exchange for a larger up-front cost. Power usage would be roughly 2kwh/hr, or around $1400 for the 9 months (ignoring AC costs).

Edits: I'm hitting the wrong buttons :)

User avatar
RogerClark
Posts: 7541
Joined: Mon Apr 27, 2015 10:36 am
Location: Melbourne, Australia
Contact:

Re: Password storage on a BluePill

Post by RogerClark » Mon Dec 04, 2017 2:18 am

@ddrown

I like the idea of the passphrase made of a fixed set of words, but 4000 words is going to take a lot of flash.

Re: Cost of GPU rigs to brute for etc

Ultimately everything is hackable, with enough budget the top can be etched off the MCU and the flash read back via direct connections, I've heard there are companies in some countries who will do this for you if you have enough money

But I'd be more concerned with a buffer overflow code injection being possible which could potentially dump the flash.

Post Reply