Midbar V4.0
As I've mentioned in the previous tutorials, with the development of cryptanalysis and new hacking techniques, the cost of accessing your data without your authorization continues to decline, making it easier and more attractive for different sides to get it.
I'm not going to get into details about the motivation of each side and the goals they're trying to achieve by obtaining your data. Instead, I would like to focus on the solution to that problem.
In my opinion, the only way to keep your data private is to raise the costs of unauthorized access to it as high as possible, ideally higher than any reward that a third side can get by obtaining your data. Doing so puts away the incentives to access your data without your permission.
To raise the cost of unauthorized access to your data - I've developed Midbar (which later on "evolved" into a multi-user Cipherbox, and then it kinda turned back into Midbar because I realized that a "multi-user Midbar" is superfluous and not as stable as a single-user one).
After ending the Cipherbox project and making several versions of Midbar, I realized that although making a "multi-user Midbar" wasn't a good idea, making "a vault that requires the RFID cards to be unlocked" was rather a good idea than a bad one. So, I've decided to combine the best aspects of Midbar and Cipherbox in that version of Midbar by making a "single-user Midbar that requires four RFID cards to be unlocked." And by the way, this version of Midbar handles the PS/2 keyboard even better than the Midbar V3.0 and Midbar (Raspberry Pi Pico Version).
In case you want to know why I called this project Midbar - Midbar (מדבר) is a Hebrew word that means "pasture," "uninhabited land," "wilderness," "large tracts of wilderness (around cities)," "desert." I had two reasons for choosing the word Midbar as the name of this project. First - while working on my previous projects, I noticed that the so-called "device that keeps your personal data secure in an encrypted form" market is pretty much a "desert around the oasis of the password manager market." Second - I couldn't find a better word to describe that project. At first, I wanted to call it a "Password Vault," but then I realized that it's more than just a password vault. So, I just called it Midbar!
You can also read this tutorial on Medium and Hackster.
Polska wersja jest dostępna tutaj.
Supplies
Supplies for the vault:
- ESP32 x1
- 2.4 Inch TFT LCD with ILI9341 x1
- EC11 Rotary Encoder x1
- PS/2 Keyboard x1
- PS/2 Port x1
- 4.7k resistors x7
- 100nf capacitors x2
- Buttons x2
- Mifare RC522 RFID Reader x1
- RFID cards x4
Supplies for the receiver:
- ESP32 x1
- 1.77 Inch TFT LCD with ST7735 x1
- 4x4 Keypad x1
10µF capacitor x1 *optional
3DES + AES + Blowfish + Serpent in CBC Mode
Don't get me wrong - the "3DES + AES + Blowfish + Serpent" encryption algorithm ain't exactly what I would call "cryptographically weak," but operating it in a weird derivation of the ECB mode wasn't the best idea that I had. Although that wouldn't've allowed the attacker to produce the legitimate ciphertext by swapping the blocks within the ciphertext, an attacker could still make a legitimate ciphertext by replacing the nth block of the ciphertext N1 with the nth block of the ciphertext N2. To fix that vulnerability (instead of just notifying the user that the decrypted ciphertext might've been forged), I made the "3DES + AES + Blowfish + Serpent" encryption algorithm work in CBC mode. So, if an attacker replaces a block of ciphertext, it spoils not just that block but also the subsequent one.
I'll be honest with you, the bit-flipping attack "kinda works," but I doubt that it would ever go unnoticed because of the "HMAC-SHA256"-based integrity verification feature.
And by the way, out of all encryption algorithms utilized by the Midbar V4.0, the "3DES + AES + Blowfish + Serpent" is the only algorithm that works in CBC mode. Beware of it!
Integrity Verification
The Midbar V4.0 is the fifth version of Midbar that verifies the integrity of the whole record. So, the legitimate ciphertexts moved between the cells aren't much of a threat to it.
The "HMAC-SHA256"-based integrity verification feature works as follows:
When you add a record to Midbar, it concatenates all the data you've entered into a single string, computes a tag for it, and then stores that tag in the encrypted form.
When Midbar decrypts your data, it also decrypts the previously calculated tag and computes a new tag for the decrypted data. It then compares both tags, and if they don't match - Midbar notifies you that the integrity verification failed.
Install Drivers and Configure Arduino IDE *Optional
If you've never flashed ESP32 before - you'll need to configure Arduino IDE and install drivers to upload the firmware to the boards. You can find the CP210x driver for ESP32 here: https://www.silabs.com/developers/usb-to-uart-brid...
In case you don't have Arduino IDE, you can download it here: https://www.arduino.cc/en/software
Configuring IDE isn't a part of this tutorial - you can read about it here: https://randomnerdtutorials.com/installing-the-esp...
Download Firmware
You can download the firmware for Midbar from one of these sources.
SourceForge: https://sourceforge.net/projects/midbar/
OSDN: https://osdn.net/projects/midbar/
GitHub: https://github.com/Northstrix/Midbar
If you just need the firmware for the device alongside the RNG, then I would advise you to download a 0.9 MB archive either from SourceForge or OSDN.
But if you need the firmware for all versions of Midbar alongside the extra code, photos, and diagrams, in that case, I would advise you to download the 118 MB archive from GitHub.
Download and Install the Libraries
TFT_eSPI: https://github.com/Bodmer/TFT_eSPI
PS2KeyAdvanced: https://github.com/techpaul/PS2KeyAdvanced
PS2KeyMap: https://github.com/techpaul/PS2KeyMap
EncButton: https://github.com/GyverLibs/EncButton
rfid: https://github.com/miguelbalboa/rfid
Adafruit-GFX-Library: https://github.com/adafruit/Adafruit-GFX-Library
Adafruit_BusIO: https://github.com/adafruit/Adafruit_BusIO
Adafruit-ST7735-Library: https://github.com/adafruit/Adafruit-ST7735-Library
Keypad: https://github.com/Chris--A/Keypad
The process of unpacking libraries is typical. You can unpack the content of the archive into the folder: ...\Arduino\libraries. Or open the Arduino IDE, click to the Sketch -> Include Library -> Add .ZIP Library... and select every archive with libraries.
Other required libraries are already present in one way or another.
Replace the Preset File for the TFT_eSPI Library
TFT_eSPI Library requires the config to be adjusted depending on the display and the board that drives that display. Initially, I wanted to write the mini-guide on adjusting the config for the ILI9341 display to be properly used on the ESP32's HSPI. But then I realized that it would be more convenient to attach the adjusted config to the firmware and tell you where to place it.
Take the "User_Setup.h" file from the "ESP32_Version\V4.0" folder and place it in the "C:\Program Files (x86)\Arduino\libraries\TFT_eSPI-master" folder.
Install ESP32 Filesystem Uploader
The primary purpose of the ESP32 Filesystem Uploader is to let you upload files into ESP's filesystem. In this tutorial, the purpose of this tool is to upload an empty SPIFFS image into ESP.
Download the file called ESP32FS-1.0.zip from https://github.com/me-no-dev/arduino-esp32fs-plugin/releases/
And then extract the content of the archive into the "...\Arduino\Tools\" folder.
After that, restart the Arduino IDE.
Switch the Partition Scheme to the "No OTA (2MB APP/2MB SPIFFS)"
You have to switch the partition scheme to the "No OTA (2MB APP/2MB SPIFFS)" before you continue working with ESP32 because the firmware for the vault is too big for the default partition.
Format Vault'S Built-In Flash Memory
Connect the ESP32 that you're going to use as a core of the vault to the computer. Click Tools -> ESP32 Sketch Data Upload. Then click Yes in the pop-up window. The program is going to format the built-in flash memory.
Some boards will flash without any problems.
Unfortunately, that's not the case for all boards. If you configured IDE correctly, installed drivers, selected the corresponding port, and still keep getting this error: A fatal error occurred: Failed to connect to ESP32: Timed out waiting for packet header. Connect a 10µF capacitor to the board while flashing.
Connect the positive lead of the capacitor to the EN pin of the ESP32;
Connect the negative lead of the capacitor (usually indicated by the gray stripe) to the GND pin of the ESP32.
Don't forget to disconnect the capacitor after the board flashes.
Generate Keys
To make the unauthorized deciphering of your data computationally infeasible - It is crucial to generate your own keys and never reuse them
It's entirely up to you how to generate the keys. I can only offer you an option to do so.
I've modified one of my previous projects to work as a random number generator, the generated output seems "random enough" for me, but I haven't run any tests. So, I can't guarantee that it's random.
Use it at your own risk!
To generate the keys - launch gen.exe from the "ESP32_Version\V4.0\Untested RNG" folder and click the "Generate keys for Midbar V4.0" button. The background turns from dark gray to light gray when you press that button.
Get the Receiver's MAC Address
To get the receiver's MAC address, upload this code into the receiver board.
#include <WiFi.h>
void setup(){
Serial.begin(115200);
Serial.println();
Serial.println(WiFi.macAddress());
}
void loop(){
}
Then open the Serial Terminal, and reboot the board.
If done correctly, you should see the MAC address in the console.
The MAC address of this board is 94:E6:86:37:FF:D8
Modify the Firmware
Open the "Firmware_for_vault.ino" and "Firmware_for_receiver.ino" files, and then replace my keys with those you've generated.
Note that the receiver only needs three keys (hmackey_for_session_key,projection_key, proj_serp_key).
Don't forget to replace the receiver's MAC address in the line
uint8_t broadcastAddress[] = {0x94, 0xE6, 0x86, 0x37, 0xFF, 0xD8}; // Receiver's MAC address
in the "Firmware_for_vault.ino" file.
Flash the Vault
Upload the firmware from the "ESP32_Version\V4.0\Firmware_for_vault" folder into the vault board.
Flash the Receiver
Upload the firmware from the "ESP32_Version\V4.0\Firmware_for_receiver" folder into the receiver board.
Assemble the Vault
Assembling the vault shouldn't be hard. In my opinion, the most tangled part of the process is to connect the encoder with its periphery the right way.
As for the possible component replacements:
- You can replace 4.7k resistors with 4.7k - 10k resistors;
- And you can replace the capacitors with 22nf - 100nf capacitors.
Assemble the Receiver
That should be even easier than the vault assembly.
Power the Vault Up
Unlike the Midbar V2.5, which only has one lock screen, the Midbar V4.0 has six of them. Midbar randomly chooses the lock screen at startup.
After the Midbar has chosen the lock screen, it displays the word "מדבר" with the shifting background and the "Tap RFID card N1" inscription.
*Credit for photos:
Photo by Erin Hervey on Unsplash
Photo by Michael Beener on Unsplash
Photo by MJ Tangonan on Unsplash
Photo by Jakob Rosen on Unsplash
Photo by Steijn Leijzer on Unsplash
Tap Four RFID Cards on the RFID Reader
After you've powered the vault up, tap four RFID cards on the RFID reader one after another. The most important thing here is to tap the cards in the same order every time you unlock Midbar. Otherwise, it just won't unlock.
If you don't have four cards, you can tap one card four times.
Set the Master Password
To use the Midbar, you first need to set the master password.
You can only enter the master password using the encoder and PS/2 keyboard.
And remember that you can't change your master password without performing the factory reset first!
Midbar won't be able to decrypt your data without your master password because the keys for the encryption algorithms are partially derived from it. Perhaps, it won't even unlock without the correct master password.
When you're done entering your master password, either quad-click the encoder button or press the "Enter" on the PS/2 keyboard.
After you've unlocked the vault and got to the main menu:
- Either turn the rotary encoder to the right or press the "↓" (DOWNWARDS ARROW) key on the PS/2 keyboard to go down the menu.
- Either turn the rotary encoder to the left or press the "↑" (UPWARDS ARROW) key on the PS/2 keyboard to go up the menu.
- Press either the "A" button or the "Enter" key on the PS/2 keyboard to open the selected menu.
- While in the submenu, press either the "B" button or the "Esc" key on the PS/2 keyboard to return to the main menu.
While entering a text in a tab:
- Either quad-click the encoder button four or press "Enter" on the PS/2 keyboard to continue;
- Either quintuple-click the encoder button (click it five times in quick succession) or press the "Esc" button on the PS/2 keyboard to cancel the current operation.
*If the hex value decreases when you rotate the encoder to the right, I would advise you to swap the wires connected to the D26 and D27 pins.
And by the way, pressing the "Caps Lock," "Num Lock," or "Scroll Lock" buttons makes the keyboard unresponsive until you either reconnect it or reboot the ESP32.
Add Login
First and foremost, the Midbar V4.0 is a vault. It utilizes the 3DES + AES + Blowfish + Serpent encryption algorithm in CBC mode with an integrity verification feature alongside the ESP32's built-in flash memory to keep your data safe and organized.
To add a login from the encoder and PS/2 keyboard:
- Select the "Logins" line in the main menu;
- Press either the "A" button or the "Enter" key on the PS/2 keyboard;
- Select the "Add" line;
- Press either the "A" button or the "Enter" key on the PS/2 keyboard;
- Choose the slot you want to put the login to either by rotating the encoder or by pressing the "←" (Leftwards Arrow) and "→" (Rightwards Arrow) keys on the PS/2 keyboard;
- Press either the "A" button or the "Enter" key on the PS/2 keyboard;
- Select the "Encoder + Keyboard" line;
- Press either the "A" button or the "Enter" key on the PS/2 keyboard;
- Enter the title;
- Either quad-click the encoder button or press "Enter" on the PS/2 keyboard;
- Enter the username;
- Either quad-click the encoder button or press "Enter" on the PS/2 keyboard;
- Enter the password;
- Either quad-click the encoder button or press "Enter" on the PS/2 keyboard;
- Enter the website;
- Either quad-click the encoder button or press "Enter" on the PS/2 keyboard.
According to the tests I've conducted - Raspberry Pi Pico can encrypt and decrypt a 650-character long string without any problems using the 3DES + AES + Blowfish + Serpent encryption algorithm. So, technically, you can put 650 characters into a field of a record.
*All credentials demonstrated here are entirely fictitious. Any similarity to actual credentials is purely coincidental.
*Either don't use the PS/2 keyboard to select the slot (in all actions for all record types) or limit the speed with which you press the "←" (Leftwards Arrow) and "→" (Rightwards Arrow) to one press per second, and don't hold any of them while you're choosing the slot. Because Midbar reboots when you do that. It's a known bug. Beware of it!
View Login
To view a login:
- Select the "Logins" line in the main menu;
- Press either the "A" button or the "Enter" key on the PS/2 keyboard;
- Select the "View" line;
- Press either the "A" button or the "Enter" key on the PS/2 keyboard;
- Choose the slot you want to view login from either by rotating the encoder or by pressing the "←" (Leftwards Arrow) and "→" (Rightwards Arrow) keys on the PS/2 keyboard;
- Press either the "A" button or the "Enter" key on the PS/2 keyboard;
- Press either the "Tab" key on the PS/2 keyboard or the encoder button to print the record to the serial terminal.
*All credentials demonstrated here are entirely fictitious. Any similarity to actual credentials is purely coincidental.
Edit Login
To edit a login:
- Select the "Logins" line in the main menu;
- Press either the "A" button or the "Enter" key on the PS/2 keyboard;
- Select the "Edit" line;
- Press either the "A" button or the "Enter" key on the PS/2 keyboard;
- Select the login you would like to edit either by rotating the encoder or by pressing the "←" (Leftwards Arrow) and "→" (Rightwards Arrow) keys on the PS/2 keyboard;
- Press either the "A" button or the "Enter" key on the PS/2 keyboard;
- Select the input source;
- Press either the "A" button or the "Enter" key on the PS/2 keyboard;
- Depending on the chosen input source, either enter the new password you'd like to set on the encoder and PS/2 keyboard or paste it to the Serial Terminal;
- Depending on the chosen input source, either quad-click the encoder button (or press "Enter") or press the "Send" button in the Serial Terminal.
*All credentials demonstrated here are entirely fictitious. Any similarity to actual credentials is purely coincidental.
Delete Login
To delete a login:
- Select the "Logins" line;
- Press either the "A" button or the "Enter" key on the PS/2 keyboard;
- Select the "Delete" line;
- Press either the "A" button or the "Enter" key on the PS/2 keyboard;
- Select the login you would like to delete either by rotating the encoder or by pressing the "←" (Leftwards Arrow) and "→" (Rightwards Arrow) keys on the PS/2 keyboard;
- Press either the "A" button or the "Enter" key on the PS/2 keyboard.
The process of working with records of other types is very similar to the process of working with logins.
*As you might've noticed, I've reused the photos from the tutorial for the Midbar V3.0 in steps 18 to 22 because the process of setting the master password and working with the records didn't change since the Midbar V3.0. The only thing that changed is the position of the inscription informing you about the integrity of the record. It used to be centered, but now it's aligned to the left.
Send Password to the Receiver
I made this feature to give you the ability to securely send a password to a distance of up to 650 feet (200 meters).
To protect the receiver from the replay attack (ensure that the receiver won't correctly decrypt any package that is resent to it) - I've combined the key incrementation with the session key. The session key consists of 20 characters generated by the vault. The session key is valid until you either reboot vault or power it off. After the key derivation process completes, both devices present you with the three verification numbers. These numbers must match on both the vault and the receiver! If these numbers don't match, I would advise you to reboot the receiver board and enter the session key again. If that won't work, open the firmware and check if the keys are the same.
To send the password to the receiver:
- Select the "Other Options" line in the main menu;
- Press either the "A" button or the "Enter" key on the PS/2 keyboard;
- Select the "Send Password" line;
- Press either the "A" button or the "Enter" key on the PS/2 keyboard;
- Enter the key on the receiver's keypad ('#' = 'E' '*' = 'F');
- Compare the verification numbers on both displays. They must be the same;
- Press either the "A" button or the "Enter" key on the PS/2 keyboard;
- Enter the password you'd like to send on the encoder and PS/2 keyboard;
- Either press the "Enter" key on the PS/2 keyboard or quad-click the encoder button to send the password to the receiver.
The receiver also prints the received text to the Serial Terminal.
According to the quick tests I've conducted, the Midbar V4.0 can transfer a 200-character long string over the air without any problems.
Find a Good Use for Midbar
As flawed and imperfect as the Midbar V4.0 is, it works, and I would say it works fine (except for some parts). It handles the PS/2 keyboard better than any previous version of Midbar. It finally shows the lock screen animation at a proper speed (thanks to the TFT_eSPI library and sprites), and it has a secure communication channel that's a bit better than the one utilized by the previous Midbar.
When it comes to features in the "Encryption Algorithms" submenu, at least you can encrypt and then decrypt a 30-character long string with the 3DES + AES + Blowfish + Serpent encryption algorithm in CBC mode with a properly working integrity verification feature.
And let's not forget that this version of Midbar also utilizes RFID cards.
By the way, let me remind you that the Midbar project isn't there to give you a 100% guarantee for something. It's not about that, and it never was. It's about raising the cost of unauthorized access to your data as high as possible!
If you want to make your own version of the Midbar or change something in it, please do so! Don't forget that there's always room for improvement, even if it seems that there's none. Ok, that's it for this tutorial.
If you like this tutorial, please share it.
And if you have any Midbar-related questions, don't hesitate to ask them in the comment section.
Thank you for reading this tutorial.