Midbar V2.5

by Northstrix in Circuits > Microcontrollers

1254 Views, 12 Favorites, 0 Comments

Midbar V2.5

IMG_20230101_145716_hdr_edit.jpg

Two weeks ago, I released the previous version of Midbar. I did my best to make it as uncrackable as I could. I've invested a lot of time and effort to protect it from the chosen-plaintext attack, block swapping attack, and brute force attack. And I've also ensured that it would be able to discern the legitimate ciphertexts from the forged ones.

Nevertheless, an attacker could still move the legitimate ciphertext from one cell to another, and Midbar wouldn't've even noticed it. Another vulnerability that I hadn't fully fixed (just made Midbar and Cipherbox immediately notify its user about it) was the attacker's ability to forge a ciphertext that would've been decrypted correctly.

I could've written half a dozen pages about what was wrong with Midbar and what could've gone sideways. But I think that fixing the vulnerabilities is more important than playing out scenarios in which these vulnerabilities might've been exploited. Anyway, let's cut to the chase: by adding the integrity verification feature for records (not for cells as it used to be) and making the "3DES + AES + Blowfish + Serpent" encryption algorithm work in CBC mode, I kinda "killed two birds with one stone." Now, forged ciphertexts and legitimate ciphertexts moved between cells aren't much of a threat to Midbar anymore.

As for why it's the "Midbar V2.5," I don't think that I made enough improvements to call it Midbar V3.0, but it's definitely not "Midbar V.2.0" anymore. So, I think that "Midbar V2.5" is the right name for that project.

In case you want to know why I called this project Midbar - Midbar (מדבר) is a Hebrew word that means "pasture," "uninhabited land," "wilderness," "large tracts of wilderness (around cities)," "desert." I had two reasons for choosing the word Midbar as the name of this project. First - while working on my previous projects, I noticed that the so-called "device that keeps your personal data secure in an encrypted form" market is pretty much a "desert around the oasis of the password manager market." Second - I couldn't find a better word to describe that project. At first, I wanted to call it a "Password Vault," but then I realized that it's more than just a password vault. So, I just called it Midbar!


Supplies

Supplies for the vault:

  • ESP32 x1
  • Arduino Nano/Uno/Compatible board x1
  • 2.4 Inch TFT LCD with ILI9341 x1
  • EC11 Rotary Encoder x1
  • PS/2 Keyboard x1
  • PS/2 Port x1
  • 580 ohm resistor x1
  • 4.7k resistors x7
  • 100nf capacitors x2
  • Buttons x2
  • 10µF capacitor x1 *optional


Supplies for the receiver:

  • ESP8266 x1
  • Nokia 5110 display x1
  • Arduino Nano/Uno/Compatible board x1
  • 4x4 Keypad x1
  • 580 ohm resistor x1

3DES + AES + Blowfish + Serpent in CBC Mode

3des+aes+blowfish+serpent_in_cbc.png

Don't get me wrong - the "3DES + AES + Blowfish + Serpent" encryption algorithm ain't exactly what I would call "cryptographically weak," but operating it in a weird derivation of the ECB mode wasn't the best idea that I had. Although that wouldn't've allowed the attacker to produce the legitimate ciphertext by swapping the blocks within the ciphertext, an attacker could still make a legitimate ciphertext by replacing the nth block of the ciphertext N1 with the nth block of the ciphertext N2. To fix that vulnerability (instead of just notifying the user that the decrypted ciphertext might've been forged), I made the "3DES + AES + Blowfish + Serpent" encryption algorithm work in CBC mode. So, if an attacker replaces a block of ciphertext, it spoils not just that block but also the subsequent one.

I'll be honest with you, the bit-flipping attack "kinda works," but I doubt that it would ever go unnoticed because of the "HMAC-SHA256"-based integrity verification feature.

And by the way, out of all encryption algorithms utilized by the Midbar V2.5, the "3DES + AES + Blowfish + Serpent" is the only algorithm that works in CBC mode. Beware of it!

Integrity Verification

int_ver_v2_point_5.drawio.png

As I've mentioned in the introduction, Midbar now verifies the integrity of the whole record. So, the legitimate ciphertexts moved between the cells aren't much of a threat anymore.

The "HMAC-SHA256"-based integrity verification feature works as follows:

When you add a record to Midbar, it concatenates all the data you've entered into a single string, computes a tag for it, and then stores that tag in the encrypted form.

When Midbar decrypts your data, it also decrypts the previously calculated tag and computes a new tag for the decrypted data. It then compares both tags, and if they don't match - Midbar notifies you that the integrity verification failed.

Install Drivers and Configure Arduino IDE *Optional

If you've never flashed ESP32 or ESP8266 before you'll need to configure Arduino IDE and install drivers to upload the firmware to the boards, you can find drivers here:

CP210x driver for ESP32: https://www.silabs.com/developers/usb-to-uart-brid...

CH340 driver for ESP8266: https://sparks.gogo.co.nz/ch340.html

In case you don't have Arduino IDE, you can download it here: https://www.arduino.cc/en/software

Configuring IDE isn't a part of this tutorial, you can read about it here:

ESP32: https://randomnerdtutorials.com/installing-the-esp...

ESP8266: https://randomnerdtutorials.com/how-to-install-esp...

Download Firmware

srcs.png

You can download the firmware for Midbar from one of these sources.

SourceForge: https://sourceforge.net/projects/midbar/

OSDN: https://osdn.net/projects/midbar/

GitHub: https://github.com/Northstrix/Midbar

If you just need the firmware for the device alongside the RNG, then I would advise you to download a 0.4 MB archive either from SourceForge or OSDN.

But if you need the firmware for all versions of Midbar alongside the extra code, photos, and diagrams, in that case, I would advise you to download the 73.7 MB archive from GitHub.

Download and Install the Libraries

Adafruit-GFX-Library: https://github.com/adafruit/Adafruit-GFX-Library

Adafruit_ILI9341: https://github.com/adafruit/Adafruit_ILI9341

Adafruit_BusIO: https://github.com/adafruit/Adafruit_BusIO

PS2Keyboard: https://github.com/PaulStoffregen/PS2Keyboard

esp32_arduino_sqlite3_lib: https://github.com/siara-cc/esp32_arduino_sqlite3_lib

EncButton: https://github.com/GyverLibs/EncButton

espsoftwareserial: https://github.com/plerup/espsoftwareserial/

Keypad: https://github.com/Chris--A/Keypad

nokia-5110-lcd-library: https://github.com/platisd/nokia-5110-lcd-library

The process of unpacking libraries is typical. You can unpack the content of the archive into the folder: ...\Arduino\libraries. Or open the Arduino IDE, click to the Sketch -> Include Library -> Add .ZIP Library... and select every archive with libraries.

Other required libraries are already present in one way or another.

Install ESP32 Filesystem Uploader

F0EUQP0LBKT33SK.png

The primary purpose of the ESP32 Filesystem Uploader is to let you upload files into ESP's filesystem. In this tutorial, the purpose of this tool is to upload an empty SPIFFS image into ESP.

Download the file called ESP32FS-1.0.zip from here: https://github.com/me-no-dev/arduino-esp32fs-plugin/releases/

then extract the content of the archive into the folder: ...\Arduino\Tools\

After that, restart the Arduino IDE.

Switch the Partition Scheme to the "No OTA (2MB APP/2MB SPIFFS)"

partsc.png

You have to switch the partition scheme to the "No OTA (2MB APP/2MB SPIFFS)" before you continue working with ESP32 because the sketch is too big for the default partition.

Format ESP32'S Built-In Flash Memory

ceprom.png

Click Tools -> ESP32 Sketch Data Upload. Then click Yes in the pop-up window. The program is going format the built-in flash memory.

Some boards will flash without any problems.

Unfortunately, that's not the case for all boards. If you configured IDE correctly, installed drivers, selected the corresponding port, and still keep getting this error: A fatal error occurred: Failed to connect to ESP32: Timed out waiting for packet header. Connect a 10µF capacitor to the board while flashing.

Connect the positive lead of the capacitor to the EN pin of the ESP32;

Connect the negative lead of the capacitor (usually indicated by the gray stripe) to the GND pin of the ESP32.

Don't forget to disconnect the capacitor after the board flashes.

Clear ESP32'S EEPROM

clearee.png

You must clear the ESP32's EEPROM before you can set the master password and start using Midbar.

To clear the ESP32's EEPROM - upload the firmware from the "ESP32_Version/V2.5/Firmware for the vault\Clear_EEPROM" folder into the ESP32.

After uploading the sketch, reboot the board. When EEPROM is cleared, the built-in LED starts blinking.

Generate Keys

Untitled.png

To make the unauthorized deciphering of your data computationally infeasible - It is crucial to generate your own keys and never reuse them

It's entirely up to you how to generate the keys. I can only offer you an option to do so.

I've modified one of my previous projects to work as a random number generator, the generated output seems "random enough" for me, but I haven't run any tests. So, I can't guarantee that it's random.

Use it at your own risk!

To generate the keys - launch gen.exe from the "ESP32_Version\V2.5\Untested RNG" folder and click the "Generate keys for Midbar V2.5" button. The background turns from dark gray to light gray when you press that button.

Get the Receiver's MAC Address

FMZKDUVLBKT33UP.png

To get the receiver's MAC address, upload this code into the ESP8266.

#include <ESP8266WiFi.h>

void setup(){
Serial.begin(115200);
Serial.println();
Serial.println(WiFi.macAddress());
}

void loop(){

}

Then open the Serial Terminal, and reboot the board.

If done correctly, you should see the MAC address in the console.

The MAC address of this board is 5C:CF:7F:FD:85:1D

Modify the Firmware

mk.png
mk2.png

Open the "Firmware_for_ESP32.ino" and "Firmware_for_ESP8266.ino" files, and then replace my keys with those you've generated.

Note that the receiver only needs three keys (hmackey_for_session_key, projection_keyproj_serp_key).

Don't forget to replace the receiver's MAC address in the line

uint8_t broadcastAddress[] = {0x5C, 0xCF, 0x7F, 0xFD, 0x85, 0x1D}; // Receiver's MAC address

in the "Firmware_for_ESP32.ino" file.

Flash ESP32 (Vault)

fesp32.png

Upload the firmware from the "ESP32_Version/V2.5/Firmware for the vault/Firmware_for_ESP32" folder into the ESP32.

Flash Arduino (Vault)

fardv.png

Upload the firmware from the "ESP32_Version/V2.5/Firmware for the vault/Firmware_for_Arduino" folder into the Arduino.

Flash ESP8266 (Receiver)

esp8266r.png

Upload the firmware from the "ESP32_Version/V2.5/Firmware for the receiver/Firmware_for_ESP8266" folder into the Arduino.

Flash Arduino (Receiver)

ardr.png

Upload the firmware from the "ESP32_Version/V2.5/Firmware for the receiver/Firmware_for_Arduino" folder into the Arduino.

Assemble the Vault

Vault Circuit Diagram.png

Assembling the vault shouldn't be hard. In my opinion, the most tangled part of the process is to connect the encoder with its periphery the right way.


As for the possible component replacements:

  • You can replace the 580-Ohm resistor with a 470-Ohm - 1k resistor;
  • You can replace 4.7k resistors with 4.7k - 10k resistors;
  • And you can replace the capacitors with 22nf - 100nf capacitors.

Assemble the Receiver

Receiver Circuit Diagram.jpg

That should be even easier than the vault assembly.

Power the Vault Up

IMG_20230101_170120.jpg
IMG_20230101_170047.jpg
IMG_20230101_170056.jpg

After powering up the Midbar, you should see the word "מדבר" with the shifting background and the "Hold Encoder Button" inscription.

Hold the encoder button to get to the next tab.

Photo by R K on Unsplash

Set the Master Password

IMG_20230101_173743.jpg
IMG_20230101_173748.jpg
IMG_20230101_173751.jpg

To use the Midbar, you first need to set the master password.

You can enter the master password using the encoder and PS/2 keyboard.

And remember that you can't change your master password without performing the factory reset first!

Midbar won't be able to decrypt your data without your master password because the keys for the encryption algorithms are partially derived from it. Perhaps, it won't even unlock without the correct master password.

When you're done entering your master password, either quad-click the encoder button or press the "Enter" on the PS/2 keyboard.


After unlocking the vault and getting to the main menu.

  • Either turn the rotary encoder to the right or press the "" (DOWNWARDS ARROW) key on the PS/2 keyboard to go down the menu.
  • Either turn the rotary encoder to the left or press the "" (UPWARDS ARROW) key on the PS/2 keyboard to go up the menu.
  • Press either the "A" button, "Enter," or "A" key on the PS/2 keyboard to open the selected menu.
  • While in the submenu, press either the "B" button, "Esc," or "B" key on the PS/2 keyboard to return to the main menu.


While entering a text in a tab:

  • Either quad-click the encoder button four or press "Enter" on the PS/2 keyboard to continue;
  • Either quintuple-click the encoder button (click it five times in quick succession) or press the "Esc" button on the PS/2 keyboard to cancel the current operation.


*If the hex value decreases when you rotate the encoder to the right, I would advise you to swap the wires connected to the D26 and D27 pins.

*If the keyboard suddenly stops working as intended, reboot the Arduino.

Add Login

IMG_20230101_171912.jpg
IMG_20230101_171915.jpg
IMG_20230101_171917.jpg
IMG_20230101_171921.jpg
IMG_20230101_171933.jpg
IMG_20230101_171944.jpg
IMG_20230101_172020.jpg
IMG_20230101_172213.jpg
IMG_20230101_172222.jpg

As I've mentioned before, Midbar V2.5 is a vault. It utilizes the 3DES + AES + Blowfish + Serpent encryption algorithm with an integrity verification feature alongside the SQLite3 serverless embedded relational database management system to keep your data safe and organized.

To add a login from the encoder and PS/2 keyboard:

  1. Select the "Data in ESP32's Flash" line in the main menu;
  2. Press the "A" button;
  3. Select the "Logins" line;
  4. Press the "A" button;
  5. Select the "Add" line;
  6. Press the "A" button;
  7. Select the "Encoder + Keyboard" line;
  8. Press the "A" button;
  9. Enter the title;
  10. Either quad-click the encoder button or press "Enter" on the PS/2 keyboard;
  11. Enter the username;
  12. Either quad-click the encoder button or press "Enter" on the PS/2 keyboard;
  13. Enter the password;
  14. Either quad-click the encoder button or press "Enter" on the PS/2 keyboard;
  15. Enter the website;
  16. Either quad-click the encoder button or press "Enter" on the PS/2 keyboard;
  17. Press any button to return to the main menu.


According to the tests I've conducted - ESP32 can encrypt and decrypt a 650-character long string without any problems using the 3DES + AES + Blowfish + Serpent encryption algorithm. So, technically, you can put 650 characters into a field of a record.


*All credentials demonstrated here are entirely fictitious. Any similarity to actual credentials is purely coincidental.

View Login

IMG_20230101_171912.jpg
IMG_20230101_171915.jpg
IMG_20230101_172806.jpg
IMG_20230101_172822.jpg

To view a login:

  1. Select the "Data in ESP32's Flash" line in the main menu;
  2. Press the "A" button;
  3. Select the "Logins" line;
  4. Press the "A" button;
  5. Select the "View" line;
  6. Press the "A" button;
  7. Select the login you would like to view by rotating the encoder;
  8. Press the "A" button;
  9. Press any button to view the next field.


*All credentials demonstrated here are entirely fictitious. Any similarity to actual credentials is purely coincidental.

Edit Login

IMG_20230101_171912.jpg
IMG_20230101_171915.jpg
IMG_20230101_172838.jpg
IMG_20230101_172843.jpg
IMG_20230101_172847.jpg
IMG_20230101_172858.jpg
IMG_20230101_172903.jpg
IMG_20230101_172936.jpg

To edit a login:

  1. Select the "Data in ESP32's Flash" line in the main menu;
  2. Press the "A" button;
  3. Select the "Logins" line;
  4. Press the "A" button;
  5. Select the "Edit" line;
  6. Press the "A" button;
  7. Select the login you would like to edit by rotating the encoder;
  8. Press the "A" button;
  9. Select the input source;
  10. Press the "A" button;
  11. Depending on the chosen input source, either enter the new password you'd like to set on the encoder and PS/2 keyboard or paste it to the Serial Terminal;
  12. Depending on the chosen input source, either quad-click the encoder button (or press "Enter") or press the "Send" button in the Serial Terminal.


*All credentials demonstrated here are entirely fictitious. Any similarity to actual credentials is purely coincidental.

Delete Login

IMG_20230101_171912.jpg
IMG_20230101_171915.jpg
IMG_20230101_160248.jpg
IMG_20230101_172947.jpg
IMG_20230101_172958.jpg

To delete a login:

  1. Select the "Data in ESP32's Flash" line in the main menu;
  2. Press the "A" button;
  3. Select the "Logins" line;
  4. Press the "A" button;
  5. Select the "Delete" line;
  6. Press the "A" button;
  7. Select the login you would like to delete by rotating the encoder;
  8. Press the "A" button.


The process of working with records of other types is very similar to the process of working with logins.

Encrypt String

IMG_20230101_173048.jpg
IMG_20230101_173050.jpg
IMG_20230101_173052.jpg
IMG_20230101_173059.jpg
IMG_20230101_173126.jpg

As I've mentioned before, Midbar utilizes seven encryption algorithms. You can use any of them to encrypt your data.

To encrypt text:

  1. Open the Serial Terminal because the ciphertext will be printed to it;
  2. Select the "Encryption Algorithms" line in the main menu;
  3. Press the "A" button;
  4. Select the line with the name of the encryption algorithm you would like to use;
  5. Press the "A" button;
  6. Select the "Encrypt String" line;
  7. Choose the input source;
  8. Press the "A" button;
  9. Depending on the chosen input source, either enter the text you'd like to encrypt on the encoder and PS/2 keyboard or paste it to the Serial Terminal;
  10. Depending on the chosen input source, either quad-click the encoder button (or press "Enter") or press the "Send" button in the Serial Terminal.


Plaintext:

Midbar is a Hebrew word that means "pasture," "uninhabited land," "wilderness," "large tracts of wilderness (around cities)," "desert." I had two reasons for choosing the word Midbar as the name of this project. First - while working on my previous projects, I noticed that the so-called "device that keeps your personal data secure in an encrypted form" market is pretty much a "desert around the oasis of the password manager market." Second - I couldn't find a better word to describe that project. At first, I wanted to call it a "Password Vault," but then I realized that it's more than just a password vault. So, I just called it Midbar!

Ciphertext:

f1779a7d8addcb62b73263e1386e20412de4ef0ea620c414b5678b42f7d954fc13153c86e126e96b82640433758a917be1696138176be81374bb84abec648cc8d27b804ca4ae15c46fb0704c513ad20ea9842d89f014d75a004e3ae934d8853bc532cd5ee5e9d3dc31b611701c24c59c0402480374db3682762cc26d51a6fd9db4693bf5e9e9fd48b6bc2f66126439a9587a67ed8772e58f33b13975eeae44189bd5886214652382aa5489f055d219c5985ddd93c68631e7be9c485c0c1744e51e865ac8d9321324022cd9ec75ae3b433743072a97e874206c5d92554d37cd3cb148e15abf1ff832deba1abfd68106388b5b2661c06c6fa13089775b1ced3d405a75e67c37f094fef30d240b3db0a695194edbcd5c08444cbd828c035fdd43ccc4cdf706c7d4bd81ed0f07688e14fbfe4b45fc6f6dcc2f1201b52facfc10dbdc89c2046afb2dd7caeb0eba4122185becd9ba48630d67acd867708a233242aeba6bdd425ebc849e41a2c2dc671ed62b598b069b3b8648a735716e9108f90f7c8c88695f8cbdd1ec8ac3846462a6901c081a3108eb01db805ca163b411aaa59f09d540f319ebbeeeb9a63925fcf4665a00fc3e58e639a5b4b1691a1c185fd547276d74487ce09e61eb3731dc0e69925404e756da458832ef7d1db19fcda86eeeff90738998ed821ed403879f74d0aec495bfc755f3e4ebe92e08cd8a43eae80fc0286d4c107afe907846cac5ccc0462359ebdf47cd42091ba78ccb07fd79c598bc30f06215ae3ae08058bfccb724d6d6a790eff0f2c89fc1b8fceb559b3358e709475f1478c1325fc30ad473c21621b1ef63ea1773d8b413eef70b2fa00cd96427c97fe644f682421b8db0dc34e8f71f8dc005d590ed9f2f6969e01b283ccac05aff079dbfeb6c9eebe6ee8d6fbe55c46fcd10710568d3a730dab1f352f8c0da7bab15a548a25ff69ec895c2b377f78aaf19ffc2a5fe6abd1b6e5364ba96f28824c5d5f0381b35b680117470c4b2086b26d8ab8c82ab9a13f4a20e9d470953ef4eb31be45e8f4644a21e634a36ae252ff473c5ff3996d55027a28602f5c777511f325fc452ef86a2936e98ccd402d6d2d94681c32a289c0efb7a65f924b835c9243fdf8d76644d85cf5821103d09a44023352cd4961d8b584e53d447f8f6b97145d600e16d52deb076d187a31fca493c52657d74c4b598c46ab610b4e679bde60e9057628650a62de0954a8bd26260ef26ed0270a7bb5a11b5c68b5e331c90a0dd64e292d9b27089f785d6bd7254488ea7f06c5415f219847561f9c78a745a615390e05cf19121b7203c7561aa722d2bdfdc1d1a8f280cf03f43b736c112de76980152b46ea2700b433781467ed23faddb23727e186c3509a9c65099fb48962eed7868c52ad1a323ac70fa730a1a819dc21a288a216393b16c443a8c4dd86d3064d0b80b7cd3ad9bb4af30f7afd2d96f62184db3665ec0511b1c0fb548bda8e90abcc22837b807d914bb9b1e3718b2abf6b3ad3350ae4fb7555da16bd64fcf2779eaccfa8cad74a31d128a8acd7d762ed28571b675105d1c338d096e0f99f93d95

Decrypt String

IMG_20230101_173048.jpg
IMG_20230101_173050.jpg
IMG_20230101_173135.jpg
IMG_20230101_173137.jpg
IMG_20230101_173153.jpg

To decrypt text:

  1. Open the Serial Terminal because you'll need to paste the ciphertext to it;
  2. Select the "Encryption Algorithms" line in the main menu;
  3. Press the "A" button;
  4. Select the line with the name of the encryption algorithm you've used to encrypt the text;
  5. Press the "A" button;
  6. Select the "Decrypt String" line;
  7. Paste the ciphertext to the Serial Terminal;
  8. Press the "Send" button in the Serial Terminal.


Ciphertext:

f1779a7d8addcb62b73263e1386e20412de4ef0ea620c414b5678b42f7d954fc13153c86e126e96b82640433758a917be1696138176be81374bb84abec648cc8d27b804ca4ae15c46fb0704c513ad20ea9842d89f014d75a004e3ae934d8853bc532cd5ee5e9d3dc31b611701c24c59c0402480374db3682762cc26d51a6fd9db4693bf5e9e9fd48b6bc2f66126439a9587a67ed8772e58f33b13975eeae44189bd5886214652382aa5489f055d219c5985ddd93c68631e7be9c485c0c1744e51e865ac8d9321324022cd9ec75ae3b433743072a97e874206c5d92554d37cd3cb148e15abf1ff832deba1abfd68106388b5b2661c06c6fa13089775b1ced3d405a75e67c37f094fef30d240b3db0a695194edbcd5c08444cbd828c035fdd43ccc4cdf706c7d4bd81ed0f07688e14fbfe4b45fc6f6dcc2f1201b52facfc10dbdc89c2046afb2dd7caeb0eba4122185becd9ba48630d67acd867708a233242aeba6bdd425ebc849e41a2c2dc671ed62b598b069b3b8648a735716e9108f90f7c8c88695f8cbdd1ec8ac3846462a6901c081a3108eb01db805ca163b411aaa59f09d540f319ebbeeeb9a63925fcf4665a00fc3e58e639a5b4b1691a1c185fd547276d74487ce09e61eb3731dc0e69925404e756da458832ef7d1db19fcda86eeeff90738998ed821ed403879f74d0aec495bfc755f3e4ebe92e08cd8a43eae80fc0286d4c107afe907846cac5ccc0462359ebdf47cd42091ba78ccb07fd79c598bc30f06215ae3ae08058bfccb724d6d6a790eff0f2c89fc1b8fceb559b3358e709475f1478c1325fc30ad473c21621b1ef63ea1773d8b413eef70b2fa00cd96427c97fe644f682421b8db0dc34e8f71f8dc005d590ed9f2f6969e01b283ccac05aff079dbfeb6c9eebe6ee8d6fbe55c46fcd10710568d3a730dab1f352f8c0da7bab15a548a25ff69ec895c2b377f78aaf19ffc2a5fe6abd1b6e5364ba96f28824c5d5f0381b35b680117470c4b2086b26d8ab8c82ab9a13f4a20e9d470953ef4eb31be45e8f4644a21e634a36ae252ff473c5ff3996d55027a28602f5c777511f325fc452ef86a2936e98ccd402d6d2d94681c32a289c0efb7a65f924b835c9243fdf8d76644d85cf5821103d09a44023352cd4961d8b584e53d447f8f6b97145d600e16d52deb076d187a31fca493c52657d74c4b598c46ab610b4e679bde60e9057628650a62de0954a8bd26260ef26ed0270a7bb5a11b5c68b5e331c90a0dd64e292d9b27089f785d6bd7254488ea7f06c5415f219847561f9c78a745a615390e05cf19121b7203c7561aa722d2bdfdc1d1a8f280cf03f43b736c112de76980152b46ea2700b433781467ed23faddb23727e186c3509a9c65099fb48962eed7868c52ad1a323ac70fa730a1a819dc21a288a216393b16c443a8c4dd86d3064d0b80b7cd3ad9bb4af30f7afd2d96f62184db3665ec0511b1c0fb548bda8e90abcc22837b807d914bb9b1e3718b2abf6b3ad3350ae4fb7555da16bd64fcf2779eaccfa8cad74a31d128a8acd7d762ed28571b675105d1c338d096e0f99f93d95

Plaintext:

Midbar is a Hebrew word that means "pasture," "uninhabited land," "wilderness," "large tracts of wilderness (around cities)," "desert." I had two reasons for choosing the word Midbar as the name of this project. First - while working on my previous projects, I noticed that the so-called "device that keeps your personal data secure in an encrypted form" market is pretty much a "desert around the oasis of the password manager market." Second - I couldn't find a better word to describe that project. At first, I wanted to call it a "Password Vault," but then I realized that it's more than just a password vault. So, I just called it Midbar!

Hash String

IMG_20230101_173202.jpg
IMG_20230101_173205.jpg
IMG_20230101_173212.jpg
IMG_20230101_173331.jpg

The Midbar utilizes two hash functions: SHA-256 and SHA-512.

If you're not familiar with the hash functions, let me give you a simple explanation of what the hash function is.

The hash function is an algorithm that takes your input (in that case, it's a string) and gives you a fixed-length output derived from that input. One of the essential properties of the hash function is that it always produces the same result for the same input. That allows you to use the hash function to verify the data integrity.


To hash a string:

  • Select the "Hash Functions" line in the main menu;
  • Press the "A" button;
  • Select the "SHA-256" or "SHA-512" line depending on the hash function you'd like to use;
  • Press the "A" button;
  • Enter the string you'd like to hash;
  • Either quad-click the encoder button or press "Enter" on the PS/2 keyboard.


Input:

Midbar

Hash:

0415af21a07eb50be9ce02417f73c1d6b8c30631a5a4240b662ff89e3531fcfa02dfe06a808acacf81b523066f81495dc3004e375f08e71943cad0589807b160

Execute SQL Query

IMG_20230101_173335.jpg
IMG_20230101_173338.jpg
IMG_20230101_173340.jpg
IMG_20230101_173354.jpg
IMG_20230101_173358.jpg

The Midbar utilizes the SQLite relational database management system to store your encrypted data in an organized form.

SQLite allows you to execute queries and statements on it. The difference between a query and a statement is that a query returns something after being executed. I wrote the word "query" in the "SQL" submenu because the Midbar always prints the output of the callback function after something is executed, even if you execute a statement.

To execute a query or a statement on the SQLite:

  • Select the "SQLite3" line in the main menu;
  • Press the "A" button;
  • Press the "A" button again;
  • Choose the input source;
  • Press the "A" button;
  • Depending on the chosen input source, either enter the query you'd like to execute on the encoder and PS/2 keyboard or paste it to the Serial Terminal;
  • Depending on the chosen input source, either quad-click the encoder button (or press "Enter") or press the "Send" button in the Serial Terminal.

Send Text to the Receiver

IMG_20230101_170324.jpg
IMG_20230101_170353.jpg
IMG_20230101_170403.jpg
IMG_20230101_171506.jpg
IMG_20230101_171637.jpg
IMG_20230101_171848.jpg
IMG_20230101_171903.jpg

Let me start with the fact that, unlike the Midbar V1.0's receiver, that one is protected from the replay attack. To ensure that the receiver won't correctly decrypt any package that is resent to it, I've combined the key incrementation with the session key. The session key consists of 20 characters generated by the vault. The session key is valid until you either reboot ESP32 or power it off. After the key derivation process completes, both devices present you with the three verification numbers. These numbers must match on both the vault and the receiver! If these numbers don't match, I would advise you to reboot the ESP8266 and enter the session key again. If that won't work, open the firmware and check if the keys are the same.

To send the text to the receiver:

  • Select the "Password Projection" line in the main menu;
  • Press the "A" button;
  • Press the "A" button again;
  • Choose the input source;
  • Press the "A" button;
  • Enter the key on the receiver's keypad ('#' = 'E' '*' = 'F');
  • Compare the verification numbers on both displays. They must be the same;
  • Press the "A" button;
  • Depending on the chosen input source, either enter the text you'd like to send on the encoder and PS/2 keyboard or paste it to the Serial Terminal;
  • Depending on the chosen input source, either quad-click the encoder button (or press "Enter") or press the "Send" button in the Serial Terminal.

The receiver also prints the received text to the Serial Terminal.

Find a Good Use for Midbar

IMG_20230101_170120.jpg
IMG_20230101_170224.jpg
IMG_20230101_170249.jpg

Well, even though this version of Midbar is better than the previous one, it's not perfect, and I don't think it'll ever be. Don't forget about it.

Midbar project isn't there to give you a 100% guarantee for something. It's not about that. It's about raising the cost of unauthorized access to your data as high as possible!

And by the way, if you want to make your own version of the Midbar or change something in it, please do so! Don't forget that there's always room for improvement, even if it seems that there's none. And you can be the one whose contribution to the project affects not just Midbar but also the whole "device that keeps your personal data secure in an encrypted form" market (and maybe even more than that).

That's it for this tutorial.

If you like this tutorial, please share it.

Thank you for reading this tutorial.