Midbar (STM32F407VET6 + Arduino Uno Version)

Last week, I released the Midbar (STM32F407VET6 Version), which is a fully functional data vault with many convenient features. However, just a couple of days after releasing it - I figured that I should also make it RFID-lockable. It just seemed apparent to me, especially considering the fact that it won't be difficult to do because I've already laid the groundwork for making a stable dual-MCU RFID-lockable vault while working on Midbar (STM32F401CCU6 + Arduino Uno Version) and Midbar (RTL8720DN + Arduino Uno Version). 

In addition to being RFID-lockable, the Midbar (STM32F407VET6 + Arduino Uno Version) comes with a sophisticated encryption algorithm and the well-functioning integrity verification feature inherited from the previous versions of Midbar.

As for why this project is called Midbar - Midbar (מדבר) is a Hebrew word that means "pasture," "uninhabited land," "wilderness," "large tracts of wilderness (around cities)," and "desert." I had two reasons for choosing the word Midbar as the name of this project. First - while working on my previous projects, I noticed that the so-called "device that keeps your personal data secure in an encrypted form" market is pretty much a "desert around the oasis of the password manager market." Second - I couldn't find a better word to describe this project. At first, I wanted to call it a "Password Vault," but it's more than that. So, I decided to call it Midbar.

You can also read this tutorial on Medium and Hackster.

*Attention! It's not a beginner project. I assume you're already familiar with the STM32F407VET6 microcontroller and know how to flash it. You can find a more beginner-friendly version of Midbar here.

• STM32F407VET6 x1
• 2.4 Inch TFT LCD with ILI9341 x1
• Micro SD Card x1
• PS/2 Keyboard x1
• PS/2 Port x1
• Mifare RC522 RFID Reader x1
• RFID cards x4
• Arduino Uno x1
• Nintendo 64 Controller x1
• 4.7k Resistors x2
• 2.7k Resistors x2
• 1k Resistors x4

The "3DES + AES + Blowfish + Serpent" encryption algorithm in cipher block chaining mode first appeared in the Midbar V2.5. And since then has been utilized by the Midbar (Raspberry Pi Pico Version), Midbar V3.0, Midbar V4.0, KhadashPay V2.0, Midbar (Raspberry Pi Pico Version) V2.0, KhadashPay V2.0 (Raspberry Pi Pico Version), Midbar V5.0, Midbar (STM32F401CCU6 Version), KhadashPay V3.0 (STM32F401CCU6 Version), KhadashPay V3.0, Midbar (STM32F401CCU6 + Arduino Uno Version), KhadashPay V3.5, Black Swan V2.0, Midbar (Teensy 4.1 Version), Hash Latch, Midbar (Teensy 4.1 Version) V2.0, Midbar (ESP8266 Version) V2.0, and Midbar (STM32F407VET6 Version).

Although the "3DES + AES + Blowfish + Serpent" encryption algorithm ain't exactly what I would call "a cryptographically weak encryption algorithm," operating it in a weird derivation of the ECB mode, the way it was done by the Midbar V2.0 wasn't the best idea that I had. Even though that wouldn't've allowed the attacker to produce the legitimate ciphertext by swapping the blocks within the ciphertext, an attacker could still make a legitimate ciphertext by replacing the nth block of the ciphertext N1 with the nth block of the ciphertext N2. To fix that vulnerability (instead of just notifying the user that the decrypted ciphertext might've been forged), I made the "3DES + AES + Blowfish + Serpent" encryption algorithm work in CBC mode. So, if an attacker replaces a block of ciphertext, they spoil not just that block but also the subsequent one.

I'll be honest with you, the bit-flipping attack "kinda works," but I doubt that it would ever go unnoticed because of the "HMAC-SHA256"-based integrity verification feature

And let's not forget that this encryption algorithm performs the operation called superencryption.

As defined by NIST, superencryption is an encryption operation for which the plaintext input to be transformed is the ciphertext output of a previous encryption operation.

Such organization of the encryption algorithms makes a combined encryption algorithm that is at least as strong as the strongest one in the cascade, has a longer key, might be more resistant to some attacks, and might produce a ciphertext with higher entropy. Anyway. It won't hurt to have an additional layer of security (or several of them).

The Midbar (STM32F407VET6 + Arduino Uno Version) is the fourteenth version of Midbar that verifies the integrity of the whole record. So, the legitimate ciphertexts moved between the cells aren't much of a threat to it.

The integrity verification feature of Midbar is based on "HMAC-SHA256." When you enter data into Midbar, it consolidates all the data into a single string, computes a tag for that string, and saves the newly computed tag in encrypted form. When you decrypt your data, Midbar also decrypts the previously saved tag and computes a new one for the decrypted data. It then compares both tags. If they don't match - Midbar notifies you that the integrity verification failed.

Midbar (STM32F407VET6 + Arduino Uno Version) employs two random number generators to produce the random number used in the encryption process. The Midbar XORs the random number generated by the STM32F407VET6 with the one generated by the Arduino.

*The code for the RNG was taken from the following sources:

• https://www.instructables.com/Arduino-Truly-Random-Number-Generator/
• https://www.stm32duino.com/viewtopic.php?t=2108

That feature came from Midbar (STM32F407VET6 Version).

You can download the firmware for Midbar from one of these sources.

SourceForge: https://sourceforge.net/projects/midbar/

GitHub: https://github.com/Northstrix/Midbar

If you just need the firmware for the device alongside the RNG, then I would advise you to download the archive that weighs less than 2 Mb from SourceForge.

But if you need the firmware for all versions of Midbar alongside the extra code, photos, and diagrams, in that case, I would advise you to download the 280 MB archive from GitHub.

Adafruit_ILI9341: https://github.com/adafruit/Adafruit_ILI9341

Adafruit-GFX-Library: https://github.com/adafruit/Adafruit-GFX-Library

Adafruit_BusIO: https://github.com/adafruit/Adafruit_BusIO

PS2KeyAdvanced: https://github.com/techpaul/PS2KeyAdvanced

PS2KeyMap: https://github.com/techpaul/PS2KeyMap

arduino-n64-controller-library: https://github.com/pothos/arduino-n64-controller-library

rfid: https://github.com/miguelbalboa/rfid

The process of unpacking libraries is typical. You can unpack the content of the archive into the folder: ...\Arduino\libraries. Or open the Arduino IDE, click to the Sketch -> Include Library -> Add .ZIP Library... and select every archive with libraries.

Other required libraries are already present in one way or another.

To make the unauthorized deciphering of your data computationally infeasible - It is crucial to generate your own keys and never reuse them

It's entirely up to you how to generate the keys. I can only offer you an option to do so.

I've modified one of my previous projects to work as a random number generator, the generated output seems "random enough" for me, but I haven't run any tests. So, I can't guarantee that it's random.

Use it at your own risk!

To generate the keys - launch gen.exe from the "STM32F407VET6_and_Arduino_Uno_Version\V1.0\Untested RNG" folder and click the "Generate keys for Midbar" button. The background turns from dark gray to light gray when you press that button.

Open the "Firmware_for_STM32F407VET6.ino" file from the "STM32F407VET6_and_Arduino_Uno_Version\V1.0\Firmware_for_STM32F407VET6" folder, and then replace my keys with those you've generated.

You can also change the number of available slots for your data by modifying the value in the "#define MAX_NUM_OF_RECS 999" line, as well as the background color of the inactive elements by modifying the value of the "current_inact_clr" variable.

Upload the modified firmware from the "STM32F407VET6_and_Arduino_Uno_Version\V1.0\Firmware_for_STM32F407VET6" folder into STM32F407VET6.

Upload firmware from the "STM32F407VET6_and_Arduino_Uno_Version\V1.0\Firmware_for_Arduino_Uno" folder into Arduino.

Assemble the circuit and insert a Micro SD card formatted to the FAT32 filesystem into the STM32F407VET6's built-in SD card slot. When it comes to the "BL" pin of the ILI9341 display, different versions of the display have different requirements on what to do with it. Some versions specify that it must be connected to the +3.3V, some require it to be grounded, and others allow you to leave it unconnected.

After being powered up, the Midbar displays the "Midbar STM32F407VET6" and "Tap RFID card N1" inscriptions alongside the lock screen.

Tap four RFID cards on the RFID reader one after another. The most important thing here is to tap the cards in the same order every time you unlock Midbar. Otherwise, it just won't unlock.

If you don't have four cards, you can tap one card four times.

*Credit for photos:

Dallas:

Photo by Talena Reese on Pexels

San Diego:

Photo by Tyrel Johnson on Unsplash

Tel Aviv:

Image by ran from Pixabay

To use the Midbar, you first need to set the master password.

You can't change your master password without performing the factory reset first!

Midbar won't be able to decrypt your data without your master password because the keys for the encryption algorithms are partially derived from it. Perhaps it won't even unlock without the correct master password.

When you're done entering your master password, press either the "Enter" or the "ESC" key on the PS/2 keyboard.

As for the Nintendo 64 controller:

• The "Start" button acts as the "Enter" key on the PS/2 keyboard.
• The "Z" button acts as the "Esc" key on the PS/2 keyboard.
• The "A" button acts as the "Continue/Add char" button.
• The "B" button acts as the "Backspace" key on the PS/2 keyboard.
• The "D-pad," "C-pad," "L" button, "R" button, and stick function as arrows on the PS/2 keyboard.

So, whether I would be referring to the keys on the PS2 keyboard, note that I also refer to their N64 equivalent.

After you've unlocked the vault and got to the main menu:

• Press the "↓" (DOWNWARDS ARROW) key on the PS/2 keyboard to go down the menu.
• Press the "↑" (UPWARDS ARROW) key on the PS/2 keyboard to go up the menu.
• Press either the "A" button on the Nintendo 64 Controller or the "Enter" key on the PS/2 keyboard to open the selected menu.
• While in the submenu, press either the "Esc" or the "Backspace" key on the PS/2 keyboard to return to the main menu.

While entering a text in a tab:

• Press "Enter" on the PS/2 keyboard to continue.
• Press the "Esc" button on the PS/2 keyboard to cancel the current operation.

Just as its predecessor and several other versions of Midbar - The Midbar (STM32F407VET6 + Arduino Uno Version) utilizes the 3DES + AES + Blowfish + Serpent encryption algorithm in CBC mode with an integrity verification feature alongside the SD card to keep your data safe and organized.

To add a login:

1. Select the "Logins" line in the main menu;
2. Press either the "A" button on the Nintendo 64 Controller or the "Enter" key on the PS/2 keyboard;
3. Select the "Add" line;
4. Press either the "A" button on the Nintendo 64 Controller or the "Enter" key on the PS/2 keyboard;
5. Choose the slot you want to put the login to by pressing the "←" (Leftwards Arrow) and "→" (Rightwards Arrow) keys on the PS/2 keyboard;
6. Press either the "A" button on the Nintendo 64 Controller or the "Enter" key on the PS/2 keyboard;
7. Enter the title;
8. Press "Enter" on the PS/2 keyboard;
9. Enter the username;
10. Press "Enter" on the PS/2 keyboard;
11. Enter the password;
12. Press "Enter" on the PS/2 keyboard;
13. Enter the website;
14. Press "Enter" on the PS/2 keyboard.

*All credentials demonstrated here are entirely fictitious. Any similarity to actual credentials is purely coincidental.

To view a login:

1. Select the "Logins" line in the main menu;
2. Press either the "A" button on the Nintendo 64 Controller or the "Enter" key on the PS/2 keyboard;
3. Select the "View" line;
4. Press either the "A" button on the Nintendo 64 Controller or the "Enter" key on the PS/2 keyboard;
5. Choose the slot from which you want to view the login by pressing the "←" (Leftwards Arrow) and "→" (Rightwards Arrow) keys on the PS/2 keyboard;
6. Press either the "A" button on the Nintendo 64 Controller or the "Enter" key on the PS/2 keyboard;
7. Press either the "↑" (Upwards Arrow) key on the PS/2 keyboard or the "A" button on the Nintendo 64 Controller to print the record to the serial terminal.

*All credentials demonstrated here are entirely fictitious. Any similarity to actual credentials is purely coincidental.

To edit a login:

1. Select the "Logins" line in the main menu;
2. Press either the "A" button on the Nintendo 64 Controller or the "Enter" key on the PS/2 keyboard;
3. Select the "Edit" line;
4. Press either the "A" button on the Nintendo 64 Controller or the "Enter" key on the PS/2 keyboard;
5. Select the login you would like to edit by pressing the "←" (Leftwards Arrow) and "→" (Rightwards Arrow) keys on the PS/2 keyboard;
6. Press either the "A" button on the Nintendo 64 Controller or the "Enter" key on the PS/2 keyboard;
7. Enter the new password;
8. Press "Enter" on the PS/2 keyboard.

*All credentials demonstrated here are entirely fictitious. Any similarity to actual credentials is purely coincidental.

To delete a login:

1. Select the "Logins" line;
2. Press either the "A" button on the Nintendo 64 Controller or the "Enter" key on the PS/2 keyboard;
3. Select the "Delete" line;
4. Press either the "A" button on the Nintendo 64 Controller or the "Enter" key on the PS/2 keyboard;
5. Select the login you would like to delete either by pressing the "←" (Leftwards Arrow) and "→" (Rightwards Arrow) keys on the PS/2 keyboard;
6. Press either the "A" button on the Nintendo 64 Controller or the "Enter" key on the PS/2 keyboard.

The process of working with records of other types is very similar to the process of working with logins.

The Midbar utilizes two hash functions: SHA-256 and SHA-512.

If you're not familiar with the hash functions, let me give you a simple explanation of what the hash function is.

A hash function is a mathematical function that takes some data as an input and produces a fixed-size, unique output value, known as a hash. The hash function always produces the same output given the same input.

To hash a string:

1. Select the "Hash Functions" line in the main menu;
2. Press either the "A" button on the Nintendo 64 Controller or the "Enter" key on the PS/2 keyboard;
3. Select the "SHA-256" or "SHA-512" line depending on the hash function you'd like to use;
4. Press either the "A" button on the Nintendo 64 Controller or the "Enter" key on the PS/2 keyboard;
5. Enter the string you'd like to hash;
6. Press "Enter" on the PS/2 keyboard.

*Some photos used in this tutorial were taken from the tutorial for Midbar (STM32F407VET6 Version) because, with the exception of the lock screens, the GUI didn't change.

Since the Midbar (STM32F407VET6 + Arduino Uno Version) is the RFID-lockable version of the Midbar (STM32F407VET6 Version) it has the same drawbacks as its predecessor. It's a bit slower than Midbar V4.0 and doesn't allow you to use it as an arbitrary string encrypter.

On the upside though, Midbar (STM32F407VET6 + Arduino Uno Version) is very stable and has three lock screens. Actually, this is the first STM32 version of Midbar to have more than one lock screen.

And while Midbar is no guarantee of world peace or social harmony, I do believe that it's an important contribution to the protection of your data from unauthorized access.

I think it's also worth mentioning that Midbar's source code is distributed under the MIT license. That grants you the freedom to customize, adapt, and modify Midbar according to your needs and preferences. In other words, you can create your own version of Midbar or use it as a starting point for building new projects without the need for external permission.

If you found this tutorial to be useful, please consider sharing it.

Thank you for reading this tutorial.