Developed on Hackaday: We Have Final Prototypes!

Mooltipass final prototype

The last few weeks have been quite tense for the Mooltipass team as we were impatiently waiting for our smart cards, cases and front panels to come back from production. Today we received a package from China, so we knew it was the hour of truth. Follow us after the break if you have a good internet connection and want to see more pictures of the final product

We never mentioned this on Hackaday before, but we actually produced two different versions of Olivier’s case: a slim one and a thick one. The slim one isn’t Arduino compatible and is only intended for our dear contributors as it is made of aluminium and therefore very costly :

slim case

The thick Arduino-compatible case is only 1.9mm thicker (13.9mm instead of 12mm) and is made of black ABS. You can notice the connector grooves :

thick case

As you may have guessed all the prototypes were CNC machined and then anodized or painted. We’ll obviously go for injection molded cases for bigger quantities, which will be one of our main challenges in the coming months…

It was quite a relief when we saw that our PCBs could tightly fit inside the cases, especially given that several of them were produced and shipped to our contributors around the world :

mooltipass assembly

In our last developed on Hackaday series article we stated that we had decided to switch our transparent front panel for a tinted one. The new one we just received perfectly fits on top of our assembled prototype and give it a clean professional look when the screen is off :

mooltipass off

Rest assured that our capacitive touch interface performs remarkably well even with this 1mm thick acrylic panel on top of it. We’re using a 0.11mm thick double-sided tape between our top PCB and our panel to maintain good contact.

Finally, we also received the smart cards that our dear Hackaday reader selected. Unfortunately they were printed in the wrong direction, leaving the wrong part sticking out of the Mooltipass.

smart cards

So what’s next for the Mooltipass project?

Now that we know that our hardware is final we are going to select beta testers and have a small Mooltipass production run shipped to them. In the meantime our contributors will be hard at work and hopefully in a few months we may start our crowdfunding campaign!

Want to stay informed? You can join the official Mooltipass Google Group or follow us on Hackaday Projects.

Comments

  1. Leo says:

    How can I become a beta tester?

  2. Goran says:

    Is it possible to pay and get mooltipas prototype whitout becoming a beta tester?

  3. Matt says:

    Strange that after all this now, Digg is promoting http://gizmodo.com/the-fifth-element-is-starting-to-come-true-1586278002

    What the heck is up with 5th Element lately?

  4. XLT_Frank says:

    Nice!

  5. justin says:

    How do I know if I was selected as a beta tester. I filled in the form and joined the Google group…

    Either way good to see solid progress.

  6. Christopher says:

    Am I the only one who doesn’t understand what the heck this thing does, lol?

    • andrewjhull says:

      It sits on your desk and invites people to come over and ask “what does that do” like all good new tech.

    • Mr Name Required says:

      Phew.. glad I wasn’t the only one and that you asked first :). I can’t figure out what problem it actually solves either, even after reading the very terse blurb on the site and looking through it for a FAQ. As far as I can figure it, isn’t this thing just doing in hardware what the Firefox ‘Remember Password’ function does?
      I’m left wondering how are the enthusiasts / originators of this project going to convince me I need one (hey! maybe I do, I don’t know!) and why I should then throw some money at them? Whatever it is, it shur looks purty, I’ll give it that.

      • Perhaps you should give the first developed on hackaday series post a read then :)
        http://hackaday.com/2013/12/06/developed-on-hackaday-lets-build-some-hardware/

        • Mr Name Required says:

          Thanks Mathhieu but I still don’t get it, Do I plug my USB keyboard into it and then into the computer, and it sends keystrokes? Do I just plug it in and install a custom USB driver? Is it a standalone device like those RSA keyfobs? Does it supplant a repository like KeePass? Does it generate random passwords on that screen or do I copy passwords to it? Frankly, NONE of these questions are answered by that link. I gleaned more about the project from the comments than the content. These are my simple questions – maybe dumb to you – but how about an FAQ for starters please.
          Oh, and :)

          • The Mooltipass is a driverless-device that is detected as a keyboard.
            It indeed stores all the password you may have, encrypted inside the device. It generates random passwords.
            The FAQ is at github.com/limpkin/mooltipass , I’ll update it with your questions ;).

  7. Smerwin says:

    is the data encrypted before transmission over USB? seems that without this, sniffing any passkeys is ridiculously easy on the PC side.

    • Tony says:

      Eh?

      You mean like how the data coming from your keyboard is encrypted?

      • Smerwin says:

        There are applications which allow for the encryption of keyboard data, and a keyboard’s primary use isn’t as a security device.
        given this device exists ONLY as a security device, to story and input passwords, it seems that even the slightest consideration for this otherwise gaping security hole would be prudent.

        • Hey guys,
          Encrypting the data would only make sense if it is encrypted between the mooltipass and the website, which would involve making partnerships directly with them (all of them…)
          Therefore, the Mooltipass only reduces the number of attack vectors.

          • matt says:

            No. Your browser sends the passwords to the websites in encrypted form. You wouldn’t have to partner with websites, you’d just have to write browser plugins. But that’d take oh so precious development time away from designing graphics and LED accents. It isnt surprising to see that you considered appearance to be of greater importance than function.

          • this encryption is performed at the HTTPS level, and if anything recent news told us is that this is not as secure as it used to be…
            And if you’re so concerned that we’re not spending enough time on the encryption side of things… why not contribute?

  8. scswift says:

    So the front of that is some kind of tinted glass, right? And you stenciled black on the back? What company did you find to do this?

    • I actually don’t know!
      I contacted dozens of companies throughout the world and when I innocently asked my usual part sourcing chinese guy he informed me he knew some company that could do so.
      I just had to give him the DXF files and let him negociate…

  9. untrustworthy says:

    What license are you using for it? And movement on getting it onto GPL?

  10. timbo says:

    SEXY !!! Great work guys , really enjoying watching this one.

  11. JIMMYRAKKA says:

    for a security product this sure does have a look a look at me feel when the lights are on. Maybe be a little more discreet?

  12. So,why would I want this over LastPass?
    What does it do that makes it a better choice?

    • Lastpass is purely SW based… so hypothetically at a given moment there’s your main pass phrase in memory + your encrypted passwords. One attacker could then get all your passwords at once

      • matt says:

        Wow, just wow. So with this glorified HID device, all the passwords you store on it are going to be in memory too. And because it is a HID device, it makes it a fucking joke to capture them, compared to having figure out the offset that Lastpass uses to store a password. It is trivial to log HID devices, there are countless programs to do so. I know this for a fact since i’ve written userland and kernel based key stroke loggers on OS X and Windows.

  13. static says:

    Where this is an important milestone for those working on the project; congratulations. Because I can’t see this as something I’ll be able to use I hadn’t followed the project beyond reading the article proved here. Why? using the card would require public access or any other computers to have the reader. Here in Kansas public access computers are few and far in between. Our small library has four, there nearest others is 15 miles away. Perhaps if the wireless was eliminated, this could be shrunk key ring fob size USB pluggable PortableApps like device that could be used with any Windows compute. Windows because any public access computer is likely to be running Windows. The congradulations/ congratulation thing was tripping me up so I used Google
    and seen this;

  14. mb says:

    Ever since you launched the project I’ve had the feeling of deja vu. Then I realized that you’re basically creating your own Common Access Card and everything fell into place.

    Two questions:

    1. Where are you getting your smart cards?

    2. My Thinkpad has a smart card reader in it. Is there any way to use the reader software without the hardware reader?

    • 1) from suppliers mainly located in China
      2) It depends on your thinkpad model. However I’m not sure what’d be the advantage in doing so, as you skip the whole “keep everything off the computer” point.

      • mb says:

        2) Ah. I missed that. I thought you were writing the passwords to the card. If you were, then removing the card takes care of that concern. But you aren’t, so nevermind.

  15. Sers says:

    I wonder, can this only enter passwords on websites?
    Or is it able to enter passwords inside a program/game too?

  16. omegatotal says:

    What about storing crypto keys vs passwords, will there be a limitation on password length or characters ?

  17. EGHM says:

    Congratulations!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s