Codename Hardpass: A Password Manager on the Raspberry Pi Zero...suffering featuritis.
octetstream - 42.17 kB - 02/21/2016 at 17:25
Zip Archive - 4.05 kB - 02/15/2016 at 20:06
mockup in 1:1 scale, for component placement and shows gpio-pins in use
Zip Archive - 8.96 MB - 02/08/2016 at 07:23
Oh boy, here we go again: an update.
I haven't progressed a lot in the past year with this project. A big part of it was that I wasn't able to get the smart card interface to work. I've spent countless hours planning, designing and otherwise working on hardpass-sci and was in the end defeated by the awful driver situation of the chip I settled on.
I was originally drawn to the Philips/NXP TDA8029 because I've seen a github repository containing the driver for it. I didn't do much research into the driver, and assumed it was OK. However, after getting the hardware ready the true state of the driver came apparent. Not only was the Philips' driver written for an extremely old version of PCSC, it was kept outside of the main PCSC distribution, requiring manual updates to it to keep working. Which of course didn't happen. Then, larytet on github did some changes, the commits were helpfully labelled "Update." After getting in touch with them, they weren't quite sure what they were doing the three years ago when the "updates" were commited, and the driver's implementation wasn't fully finished either.
Well, there goes that into the drain.
Not wanting to write my efforts off as waste, I tried to keep working on the TDA8029, but my motivation was pretty gone.
By sheer luck I found out about the Microchip SEC1210 -- another RS232/UART Smart card interface chip! And guess what: It's driver is in mainline PCSC since last May!
The documentation around this chip is quite nice: I've found the schematics for the evaluation board right on microchip's website, and got to work on implementing a PCB. Right after, I sent the boardfiles to @oshpark and I'm now waiting like a small child on christmas eve for them to arrive.
The SEC1210 is only available in a QFN package -- and I don't have a hot air gun or a reflow oven, so we'll see how that turns out :S (any tips appreciated!)
the pcbs are marked version 0.2.4 -- if this turns out well, the sec1210 will mark the beginning of hardpass 0.3!
I'm still waiting on one. single. capacitor. (-.-), but at least I can have a look at the PCBs. I tried a different manufacturer (easyeda.com, 8€-something for 10, delivered!) just to spice things up.As you can see, all the traces fit on one side - so I decided to have some fun with the back side and put the GNU logo there (that's a pre-defined foot print in KiCad - go figure)
1) yes, soldering is atrocious. I still haven't bought a good soldering iron. 2) yes, I missed a trace and bodged some magnet wire in.
It really shows the scale - even the sim card looks huge! here it is on top of the smart card that will go in hardpass-SCI.
As of yet, I am still waiting for C13, as evident in the pictures above. So I haven't been able to test my circuit yet.
Here I've stacked up hardpass 0.2.2, a Raspberry Pi Zero-W, and hardpass-SCI 0.2.3. As you can see, there is still some air, but I measured the thickness to be 12mm to the top side of the top PCB. I recon I can get it a bit thinner still. Right now, the buttons are the thickest part I can trim down relatively easily, so the current ones will probably have to go in a future revision.
Another angle. hardpass-SCI sits so close to the Pi i am a little worried about shorting out the test pads on it. Nothing a little kapton tape can't solve ;)
* get the hardware finished
* work on the UI (passwordstore has evolved a lot as well)
* design a case: 3d print? laser cut? wood? sheet metal?
So I've been stumped by doing the OLED implementation myself. I couldn't get the screen to reset with the RC circuit, so I finally replaced it with the APX803 circuit, Adafruit used in this schematic.
I really need to get myself access to an oscilloscope :|
For now, I'm using the hacked together PCB you see below, but new ones are ordered. (my iron was way to hot for the flatflex, i know...)
Next step: hardpass-scm - the smart card interface.
I posted them in the new project page for the hackaday prize
already, but for completeness, there they are again.
the new board does not use the OLED breakout board, but instead has all the circuitry on board. the schematic I used is from adafruit's break out, and is linked in the project's github.
So I might add proper ISO7816 smart card support to this thing now.
My reasoning is that if you were to lose your hardpass, the attacker won't be able to get hold of the (encrypted) private key. And since GnuPG Cards are supported by gpg (duh) and therefore pass, I don't have to implement my own crypto (which is basically the motto for this whole project).
There is a relatively old chip, the Philips/NXP TDA8029, that should be well suited to translate between the card's protocol and serial data. Someone has also written a driver for a reader based on that chip, and I hope I can adapt that one.
The SIM holder can easily obtained from AliExpress by searching for "samsung i9000 sim", and is originally from linkconn.
I managed to not use the backside of that PCB (which shouldn't really be an achievement to more professional designers), so I might fill that up with logos and text :D
The Smartcard I plan on using is the GNUPG card, and kernelconcepts.de sells one that has standard SIM size breakout tabs. (ordered already, but still in shipping **EDIT**: they came! man, a SIM card is huge compared to a Pi 0)
The board is already in the master branch of the github project.
**EDIT**: Now with primitive 3D model (FreeCAD). Yes, a standard SIM card is really that big compared to a Pi Zero.
Once I'll get my old boards from @oshpark and getting comfortable with smart cards in general, I'll continue working on this board.
Thanks to the ZeroPhone I was motivated to take some time and solder a board together.
It works! Now, I should take some more of my time to write some more software...
(please excuse the awful soldering job - I was out of flux and couldn't be bothered to order some)
The front. I managed to squeze the ESP completely under the PCB in the `30pin` branch of the git repository.
Since I don't want to sacrifice a Pi for each generation of the hardware, I opted to a header. The height is still tolerable even with the header and makes it about the size and thickness of a typical car keyfob.
Without said header, the thickness can be reduced to roughly 8mm board-to-board. Then, the case of the ESP12 touches the SD card slot. I guess, one could remove that, but I haven't tried. (and yes, my shitty caliper broke and I fixed it with duct tape)
The board from the bottom. I bridged the OLED module over like this, because I couldn't remember the pinout of my module, and a search on AliExpress revealed, that they all have a different one.
As you can see, there isn't much space between the header and the ESP. This is the order of soldering I recommend: start with the header, then solder the ESP and its resistors, continue with the OLED and bridge it over, and finally solder the buttons (put it in a vice or in a Pi).
Hello world! this is the (already working) menu. use `*` as the up arrow, `#` as the down arrow, and `0` to select. I want to make the numbers jump directly to the `n`th item in the list, but that's on the todo list (as well as button debounce :S)
So...I couldn't help myself and completely redid the PCB from scratch. The header should be aligned now (had to modify my footprint with the anchor in the center). For the 30 pin variant of the oled i had to remove one of the unused pins; we'll see if that works out. Something else that needs to be seen to be tested out is the slot for the oled's flat flex. It should be large enough to get one "wing" in at a time, but no promises :s
I shelfed the project for some time, but recently I have been working on it again. The 20-pin OLEDs aren't available on AliExpress any more (the last seller who claimed to have them didn't have them).
So I modified the PCB to take the premade assemblies / modules. (I do plan on modifying the PCB to take 30 pin OLEDs)
I also finally ordered some prototype boards from OSHPark (really streamlined ordering process, just upload the pcbnew-file)
On the top of the back side you see those solder pads under the screen header: While many OLED modules have 4 pins, all of them have different pinouts. I plan on soldering jumper wires to set the correct connections.
On this picture you can see all the components involved (except the .1" header and some resistors, which hvaen't arrived yet)
The one and only [Brian Benchoff] published an article on this project. I took this opportunity to update the GitHub repository, as I have completely neglected that one for way too long (will push later today/tomorrow).
This week I also did work on the PCB again: rerouted some tracks, repositioned the (previously misaligned) header, and added a footprint for an ESP-12 module. You can clearly tell that that is just bodged in by the way all the traces had to be routed. But I managed to stay on two layers, which reduces the price of PCBs massively.
(that should say ESP12E, not ESP12F - sorry)
UPDATE: Code and PCB files are now on a new GitHub repository: https://github.com/girst/hardpass-passwordmanager
The old one is there: https://github.com/girst/hardpass-sendHID