Password Vault

by Northstrix in Circuits > Microcontrollers

3127 Views, 31 Favorites, 0 Comments

Password Vault

IMG_20210804_161254.jpg

In this tutorial, you'll learn how to build a password vault.

A Password vault is a device that securely stores your passwords from various websites. Usually, the security of the password vault relies on the long master password. I decided to replace the long master password with four 13.56Mhz RFID cards. The advantage of using cards instead of the master password is that you don't have to remember even a single character. All you need to do to encrypt/decrypt your passwords is approximate four cards to the reader.

Features:

  • The maximum password length is 48 characters;
  • You can encrypt different passwords with different cards;
  • A brute-force attack is infeasible;
  • Protected from chosen-plaintext attack (if you encrypt the same combination of characters more than once, the output will be different every time).

Supplies

  • ESP8266 x1
  • Arduino UNO x1
  • Mifare 13.56Mhz RC522 RFID Card Reader Module x1
  • 1.77 Inch TFT LCD with ST7735 x1
  • 13.56Mhz RFID cards x4
  • 470 Ohm resistors x2
  • LED x1

Encryption Algorithm

M9DES.png

I decided to use M9DES to encrypt/decrypt passwords. Four IVs are randomly generated for every 8 characters of the plaintext.

Structure of the Block

block.png

The first sixty-four characters are the encrypted IVs. The last sixteen characters are the encrypted characters of the plaintext.

Install the Drivers and Configure Arduino IDE *optional

If you've never flashed ESP8266 before you'll need to configure Arduino IDE and install drivers to upload the firmware to the boards, you can find drivers here:

CH340 driver: https://sparks.gogo.co.nz/ch340.html

CP210x driver: https://www.silabs.com/developers/usb-to-uart-brid...

In case you don't have Arduino IDE, you can download it here:

https://www.arduino.cc/en/software

Configuring IDE isn't a part of this tutorial, you can read about it here:

https://randomnerdtutorials.com/how-to-install-esp...

Download the Code From GitHub

The code includes the firmware for Arduino UNO, the firmware for ESP8266, a pre-compiled open-source program to store the encrypted passwords, and the source code of this program.

You can download the code here https://github.com/Northstrix/Password_Vault

Download and Install the Libraries

DES_Library: https://github.com/fcgdam/DES_Library

espsoftwareserial: https://github.com/plerup/espsoftwareserial

GyverBus: https://github.com/AlexGyver/GyverLibs/releases/do...

ESP8266TrueRandom: https://github.com/marvinroger/ESP8266TrueRandom

MFRC522 RFID Library: https://github.com/miguelbalboa/rfid

Adafruit-ST7735-Library: https://github.com/adafruit/Adafruit-ST7735-Librar...

Adafruit-GFX-Library: https://github.com/adafruit/Adafruit-GFX-Library

Adafruit_BusIO: https://github.com/adafruit/Adafruit_BusIO

You can unpack the content of the archive into the folder: ...\Arduino\libraries.

Or open the Arduino IDE, click to the Sketch -> Include Library -> Add .ZIP Library... and select every archive with libraries.

Generate the Keys

Untitled.png

You can do it by any means possible.

I took this photo: https://images.pexels.com/photos/4647978/pexels-ph...

Hashed it here: https://md5file.com/calculator

And obtained this:

f35ce213b4bb61774c1ada2c268f889b4a185b36

1c5e98b91c3c3b9006d0d619041bf346d384b77ed866bbe758ee7b73d6bd9196

4ea70f8fcca3709480dc2dfc837e2134d3aff5929389cdf51429eec2777f795727504642e723db25e157a87268ce21b8

0217ad823a0cdabc61619dd5d5e00e4335ef2558198121d05290808128edbdcd2256ccfd5b0a4344f6c80fc51b1e5165d49b8b689444e3c81283ce9fbaee68ed

Modify the Firmware

Untitled.png

Open the file Firmware_for_ESP8266.ino and replace the existing keys with those you've generated.

Don't modify the parts of the key highlighted by yellow. Those parts are getting filled up when you approximate cards to the RFID reader.

If you want to create your color scheme, you can find the color converter here https://chrishewett.com/blog/true-rgb565-colour-pi...

Flash the Arduino UNO

a.png

Upload the firmware from the folder Firmware_for_Arduino_UNO into the Arduino UNO.

Flash the ESP8266

e.png

Upload the modified firmware from the folder Firmware_for_ESP8266 into the ESP8266.

Build the Device

IMG_20210804_180056.jpg

It turned out that the schematic diagram for this device will be tangled up and barely readable. So, I only included the circuit diagram.

Circuit Diagram

Circuit Diagram.png

Power Up the Device and Open the Serial Monitor

IMG_20210804_141600.jpg

Power up the device, open the Serial Monitor and set the baud rate to 115200.

You might've noticed a 3.5 mm jack socket. It's a remnant from one of the previous projects.

Approximate Four RFID Cards to the RFID Reader One After Another

ezgif-3-b49cba367fba.gif

I would strongly advise you to use four different cards, but if you only have one or two cards, you can swipe the same card twice or even four times.

Just beware that this device can be easily hacked by a brute-force attack if you use one or two cards.

Choose the Option

disp.png

After the key set-up is complete, you will see the options in both the Serial Monitor and the display.

Enter 1 to the Serial Monitor and press Send to Add new record.

Enter 2 to the Serial Monitor and press Send to Decrypt the existing record.

Add a Record

1.png

It's time to encrypt something. Enter 1 to the Serial Monitor and press Send.

Now, you'll see the instructions in both the Serial Monitor and the display. Start entering the website, login, and password one after another. If you enter something longer than 48 characters, everything after the 48th character won't be passed to the function. You can also see what's been encrypted in the Serial Monitor.

I obtained these results:

Encrypted website:

E0747A76E36781044252C30B27ECC6AE610F9A4E531F58D61881A0F5C6860E4E86AA289E422D1E09BB28B8477C589B7058740C920C40BCDBF1253B60D5F8CBC0EB06AF5A9899DAC16A4BC047C01F2ECCFE514486B9CB6DDA873AB55E567669C4C8FE5DDB3E073A4B8E09CAF8334C31017DE0C609D603A7D3

Encrypted login:

13CB311676543A05C9B06906AA7ABD263AA6EE7535428507CFCC3AF527E36714DCBD9017B36494C389D99BDCBBE1F04DE452E42E15BF3A0DA67C3901D5D4B348AD06A3B39F64B7E8B21D0E5336BD7170ED8938C08F4576655273378B8740ADEB05C4D6D4B5D516AE076FB12FE63CC0EE2A354F7E3614237B6A2574D1B774D7B25014D89BB314E8E097D4D4188645213944491A86D4B69916F23C7FB13177EDE98ABE9DFFE2B2FE9D7E33B23E6377D1C41B2054D1A0F62A46EB95DDE6C10E465922256562DE76304AC87B25ACCA861B7FBD86FF32AD631EDB7FAECAC7ADBCF4B846F4665235A0F541B40C41E231897374

Encrypted password:

DAC1E3F666992C6B285C9AF30E2ACE6807EAB705C6B89CFBD57066C237A1BDBC6FBFC706B80B0B12D9D1ABDC3F63C3E559755EB8AAB04F3C67B829B74559F32FE0D00C5696234775E7E3AA977A16296E15801D6017D63EF63F2A373ECAD7401FE6D7ADAD48B269BE8511189C381D9201C0FE36870EDA9A2896D904FD79E4D992998F7683FBC44ADE04887AD177F695CE13B62F76DFB9016B4B5E0B349574557FF2079C36380F29332C2F975BD31C1F09F97DAD72F4DF04865B07DF8800E0F500783567906FE97668A95F4EB47A1D0C8BA6CA502C82AF8FA00B45AB356D201BFFA9D3A5697D8B0E8B34901235F0CEE2B4

Login and password are fictional (just in case).

Add the Encrypted Record to the Database

2.png

I know this device is supposed to store the encrypted data in the internal memory. But I haven't figured out an efficient way to organize a file system, and more importantly, I haven't figured out how to remove a record without erasing everything. To solve this problem and to also solve the problem of the limited space, I wrote a program to store the encrypted stuff.

You can find this program in the Software/Password_Vault folder. The source code is in that folder too.

If you're launching this program for the first time, press 1 to create the SQL table.

Press 2 to add a record.

Press 3 and enter the encrypted website to remove the record.

Don't forget to press Enter when you made your choice.

Export the Encrypted Data to the .csv File

3.png

You can export all records into a .csv file. To do this, press 5 and then press Enter.

If you prefer to copy the data from the command prompt or want to see all records without exporting them, then press 4.

Decrypt the Record

enc2.png

Let's suppose that a couple of days have passed, and now you need to retrieve your password.

1) Power up the device;
2) Approximate the cards to the reader in the same order you've approximated them when you were setting up the keys to encrypt your data;
3) Enter 2 to the Serial Monitor and press Send;
4) Copy the encrypted website from the database and paste it to the Serial Monitor;
5) Press Enter
6) Copy the encrypted login from the database and paste it to the Serial Monitor;
7) Press Enter
8) Copy the encrypted password from the database and paste it to the Serial Monitor;
9) Press Enter.

Final Thoughts

It's still flawed and requires some form of external storage, like a piece of paper, a text document, or a simple database (which I provided in the repository). But with all the inconveniences that come with this device, it's a cheap, open-source, easily upgradeable, and reliable solution to keep your logins and passwords safe.

If you like this tutorial, please share it.

Thank you for reading this tutorial.