The Hacklet #1

Hacklet Newsletter Issue 1

With the launch of hackaday.io, our project hosting site, we’ve seen quite a bit of interesting hacks flowing in. While we feature some of our favorite projects on the blog, we’ve decided it’s time to start a regular recap of what’s going on in the Hackaday Projects community. We call it The Hacklet, and the first issue is now available.

This installment starts off with information on our Sci-fi Contest and improvements to the Hackaday Projects site. We talk a bit about the various projects relating to the Mooltipass password manager being developed on Hackaday. The Mooltipass has its own project page, but there’s also separate projects for the low level firmware being developed. Next we look at a pair of NFC rings for unlocking Android devices, and finish off with advice on soldering tiny packages.

Check it out and let us know what you think. Our goal is to summarize some of the neat things going on in the community, and we’re always happy to get constructive feedback from the community itself. Or you can flame us… whichever you prefer.

Developed on Hackaday: Olivier’s Design Rundown

The Hackaday writers and readers are currently working hand-in-hand on an offline password keeper, the Mooltipass. A few days ago we presented Olivier’s design front PCB without even showing the rest of his creation (which was quite rude of us…). We also asked our readers for input on how we should design the front panel. In this new article we will therefore show you how the different pieces fit together in this very first (non-final) prototype… follow us after the break!

[Read more...]

Developed on Hackaday: The Top PCB dilemna

The Hackaday community offline password keeper is slowly coming together. A few days ago we received the top PCB for Olivier’s design (shown above). If you look at the picture below, you may see the problem we discovered when opening our package: the soldermask was the wrong color! Given the board is meant to be placed behind a tinted acrylic panel, this was quite a problem…

After using some spray paint, we managed to get to the point shown in the bottom left of the picture. The next task was to find the best way to illuminate the input interface with reverse mount LEDs. Using a CNC mill we machined openings (top right PCB) but also removed some epoxy on both PCB’s sides, thinking it would provide a better light diffusion. We then wrote part of the Mooltipass PWM code and took these pictures:

[Read more...]

Developed on Hackaday: 2 Days Left to Submit your Design!

We’re sure that many of Hackaday readers already know that one of the two main components of the Mooltipass project is a smart card, containing (among others) the AES-256 encryption key. Two weeks ago we asked if you’d be interested coming up with a design that will be printed on the final card. As usual, many people were eager to contribute and recently sent us a few suggestions. If you missed the call and would like to join in, it’s not too late! You may still send your CMYK vector image at mathieu[at]hackaday[dot]com by sunday. More detailed specifications may be found here.

In a few days we’ll also publish on Hackaday a project update, as we recently received the top and bottom PCBs for Olivier’s design. The low level libraries will soon be finished and hopefully a few days later we’ll be able to ship a few devices to developers and beta testers. We’re also still looking for contributors that may be interested in helping us to develop browser plugins.

The Mooltipass team would also like to thank our dear readers that gave us a skull on Hackaday projects!

Developed on Hackaday: Need Card Art — Who Likes to Draw?

Our offline password keeper project (aka Mooltipass) is quite lucky to have very active (and very competent) contributors. [Harlequin-tech] recently finished our OLED screen low level graphics library which (among others) supports RLE decompression, variable-width fonts and multiple bit depths for fonts & bitmaps. To make things easy, he also published a nice python script to automatically generate c header files from bitmap pictures and another one to export fonts.

[Miguel] finished the AES encryption/decryption schemes (using AES in CTR mode) and wrote an awesome readme which explains how everything works and how someone may check his code using several standardized tests. We highly encourage readers to make sure that we didn’t make any mistake, as it was one of you that suggested we migrate to CTR mode (thanks [mate]!).

On the hardware side, we launched into production the top & bottom PCBs for Olivier’s design. We’re also currently looking for someone that has many Arduino shields to make sure that they can be connected to the Mooltipass. A few days ago we successfully put the Arduino bootloader inside our microcontroller and made the official Arduino Ethernet shield work with it.

Finally, as you may have guessed from the picture above our dear smart card re-sellers can pretty much print anything on them (these are samples). If one of you is motivated to draw something, please contact me at mathieu[at]hackaday.com!

On a (way) more childish note, don’t hesitate to give a skull to the mooltipass on HaD projects so it may reclaim its rightful spot as “most skulled“.

Meet Lynx, a (costly) Offline Password Keeper

Maybe because he didn’t want to wait for the Mooltipass to be produced, [davidhend] built himself his own offline password keeper, named Lynx.

It is based around an Arduino Pro 328, a 2.8″ TFT touch screen, an RFID card reader, an FTDI basic breakout and finally a li-ion battery. Lynx is therefore self-powered and uses an RFID card to later read the XOR-encrypted passwords located in a SD card. A USB serial connection is used to send the passwords to the computer, which also charges the battery. The current BoM cost is around $220 but we’re quite sure it can be made for much cheaper when not using pre-made boards. Looking at the official GitHub repository tells us that the XOR key is stored inside the microcontroller and that Lynx checks the RFID card code to allow encryption/decryption.

On a side note, we recently published a FAQ on the official Mooltipass GitHub. You’re welcome to let us know what questions we may have forgotten.

Developed on Hackaday: Security and Arduino Compatibility

2013-12_Developed_on_Hackaday

Some of our readers noticed that the Hackaday community open-source offline password keeper (aka Mooltipass) has two incompatible characteristics: being secure and Arduino compatible.

Why is that? Arduino compatibility implies including a way to change the device firmware and accessing the microcontroller’s pins to connect shields. Therefore, some ill-intentioned individuals may replace the original firmware with one that would log all user’s inputs and passwords, or in another case simply sniff the uC’s signals. The ‘hackers’ would then later come to extract the recorded data. Consequently, we needed a secure tamper-proof Mooltipass version and an Arduino-compatible one, while allowing the former to become the latter.

Olivier’s design, though completely closed, will have several thinner surfaces directly above the Arduino headers. As a compromise, we therefore thought of sending a bootloader-free assembled version to the people only interested in the password keeper functionality, while sending a non-assembled version (with a pre-burnt bootloader) to the tinkerers. The Arduino enthusiasts would just need to cut the plastic at the strategic places (and perhaps solder headers to save costs). The main advantage of doing so is that the case would be the same for both versions. The drawback is that each board would have a different firmware depending on who it is intended for.

What do our reader think? For more detailed updates on the Mooltipass current status, you can always join the official Google group.