Developed on Hackaday: Mooltipass Arduino Shields Compatibility

Some of our dear readers may already have an infallible system to remember different complex passwords for the different websites they visit daily. This is why they may have not been following the offline password keeper that the Hackaday community is building.

The Mooltipass has a characteristic that may regain their interest: it is possible to connect Arduino shields to it. In the video embedded below you can see the Arduino conversion process our development team imagined a few months back. The operation simply consists in using a knife to remove plastic bits on top of standard Arduino headers. We also embedded a few use cases with their respective sketches that may be downloaded from our official GitHub repository.

As with stacking several shields, a little tweaking may be required to keep the functionalities from both the Mooltipass and the connected shield. We therefore strongly welcome Arduino enthusiasts to let us know what they think of our setup.

In the meantime, you may want to subscribe to our official Google Group to stay informed of the Mooltipass launch date.

Continue reading “Developed on Hackaday: Mooltipass Arduino Shields Compatibility”

Developed On Hackaday: Chrome/Firefox Apps/Extensions Developers Needed

The Hackaday community is currently working on an offline password keeper, aka Mooltipass. The concept behind this product is to minimize the number of ways your passwords can be compromised, while generating and storing long and complex random passwords for the different websites you use daily. The Mooltipass is a standalone device connected through USB and is compatible with all major operating systems on PCs, Macs and Smartphones. More details on the encryption and technical details can be found on our github repository readme or by having a look at all the articles we previously published on Hackaday.

Our beta testers are now using their prototypes daily and their feedback allowed us to considerably improve the Mooltipass. The firmware development is coming to an end as most functionalities have been implemented in the last few weeks. The development team is therefore turning his attention to the Chrome/Firefox plugins and needs your help to finish them in a timely manner. As you can guess, our goal is to provide a slick and intuitive interface for all of the Mooltipass features. If you have (a lot of) spare time, knowledge of the browsers APIs, feel free to leave a comment below with a valid email address!

Developed On Hackaday: Beta Testers And Automated Testing

Mooltipass with Holder

At Hackaday we believe that your encrypted vault containing your credentials shouldn’t be on a device running several (untrusted) applications at the same time. This is why many contributors and beta testers from all over the globe are currently working on an offline password keeper, aka the Mooltipass.

Today we’re more than happy to report that all of our 20 beta testers started actively testing our device as they received the v0.1 hex file from the development team. Some of them had actually already started a few days before, as they didn’t mind compiling our source files located on our github repository and using our graphics generation tools. We are therefore expecting (hopefully not) many bug reports and ways to improve our device. To automatize website compatibility testing, our beta tester [Erik] even developed a java based tool that will automatically report non-working pages found inside a user generated list. You may head here to watch a demonstration video.

Hacklet #10 Cryptography and Reverse Engineering

10 In honor of DEFCON, this week we’re looking at some cryptography and reverse engineering projects over at Hackaday.io hardware reverse engineeringEvery hacker loves a hardware puzzle, and [Tom] has created a tool to make those puzzles. His Hardware Reverse Engineering Learning Platform consists of a shield with two ATmega328 chips and an I2C EEPROM. The two Atmel chips share a data bus and I2C lines. Right in the middle of all this is an ST Morpho connector, which allows an ST Nucleo board to act as a sniffer. The platform allows anyone to create a reverse engineering challenge! To successfully reversechip whisper engineer a board, it sure helps to have good tools. [coflynn] is giving that to us in spaces with The ChipWhisperer. ChipWhisperer is an open source security research platform. The heart of the system is a Xilinx Spartan 6 FPGA. The FPGA allows very high speed operations for things like VCC and clock glitching. ChipWhisperer is an entire ecosystem of boards – from LNA blocks to field probes. The entire system is controlled from an easy to use GUI. The end result is a powerful tool for hardware attacks. nsa-awayOn the Encryption side of the house, we start by keeping the Feds at bay. The [Sector67] hackerspace has collectively created NSA AWAY. NSA AWAY is a simple method of sending secure messages over an insecure medium – such as email. A one-time use pad is stored on two SD cards, which are used by two Android devices. The message sender uses an Android device to encrypt the message. On the receive side, the message can be decoded simply by pointing an android device’s camera at the encrypted data. So easy, even a grandparent could do it! buryitNext up is [Josh’s] Bury it under the noise floor. “Bury it” is an education for cryptography in general, and steganographic software in particular. [Josh] explains how to use AES-256 encryption, password hashing, and other common techniques. He then introduces steganography  by showing how to hide an encrypted message inside an image. Anyone who participated in Hackaday’s ARG build up to The Hackaday Prize will recognize this technique. zrtphardphone[yago] gives us encrypted voice communications with his ZRTP Hardphone. The hardphone implements the ZRTP, a protocol for encrypted voice over IP communications. The protocol is implemented by a Raspberry Pi using a couple of USB sound cards. User interface is a 16×2 Line character LCD, a membrane keypad, and of course a phone handset. Don’t forget that you need to build two units,or  whoever you’re trying to call will  be rather confused! moolti-3

Finally we have the Mooltipass. Developed right here on Hackaday by [Mathieu Stephan] and the community at large, Mooltipass is a secure password storage system. All your passwords can be stored fully AES-256 encrypted, with a Smart Card key. Under the hood, Mooltipass uses an Arduino compatible ATmega32U4 microcontroller. UI is through a OLED screen and touch controls.     That’s it for this week! Be sure to check out next week’s Hacklet, when we bring you more of the best from Hackaday.io!

Developed on Hackaday: Beta Testers, Animation and Assembly Videos

3 mooltipass versions

We’re pretty sure that most of our readers already know it by now, but we’ll tell you anyway: the Hackaday community (writers and readers) is currently developing an offline password keeper, the Mooltipass. A month ago we published our first demonstration video and since then the development team has been fairly busy at work.

First things first: we heard (well, read) the comments you left in our previous articles and decided to make a small animation video that will hopefully explain why having an offline password keeper is a good thing. We welcome you to have a look at our script draft and let us know what you think. We updated our GitHub readme and more importantly our FAQs, so feel free to tell us if there are still some questions you have that we didn’t answer. We finally found a short but yet interesting paper about software based password keepers possible security flaws.

Secondly, a little more than 20 prototypes have successfully been assembled and some beta testers actually already received them. As they financially contributed to their units we offered them the possibility to pick a blue, green, yellow or white OLED screen (see picture above). We therefore expect things to gain speed as we’ll have users (or rather bosses) pushing us to improve our current platform and implement much needed features.

Finally, as I figured some of our readers may be interested, I made a quick video of the prototype assembly process (embedded below). It is still a little sketchy and a few changes will be made to make it simpler for production. We expect these next weeks to be full of interesting events as our beta testers / Hackaday readers will be able to judge the work we’ve been doing for so long. We highly recommend you to subscribe to our official Google group to stay updated with our adventures.

Developed on Hackaday: Discovering Shenzhen and its Companies

Assembly line in shenzhen

Two weeks ago we showed a first demonstration video of the offline password keeper (aka Mooltipass) the Hackaday community had been working on for the last 6 months. We received lots of interesting feedback from our dear readers and around a thousand of them let us know they were interested in purchasing the device. We agreed that preferential pricing should be offered to them, as they have been supporting this community driven project for so long.

For the next few days I will be touring Shenzhen and finally meeting the persons who have been assembling my electronics projects for the last 2 years, including the Mooltipass beta testers’ batch. I’ll also meet with Ian from Dangerous Prototypes, talk with the people behind the Haxlr8r program, visit Seeedstudio offices and a CNC shop. If everything goes well with the camera I just purchased in Hong Kong I should have nice things to show you. In the meantime, don’t hesitate to leave a comment below in case you’re in the area…

Developed on Hackaday: Demonstration Video and Feedback Request

For months our dear Hackaday readers have been following the Mooltipass password keeper’s adventures, today we’re finally publishing a first video of it in action. This is the fruit of many contributors’ labor, a prototype that only came to be because of our motivation for open hardware and our willingness to spend much (all!) of our spare time on an awesome project that might be just good enough to be purchased by others. We’ve come a long way since we started this project back in December.

In the video embedded above, we demonstrate some of our platform’s planned functionalities while others are just waiting to be implemented (our #1 priority: PIN code entering…). A quick look at our official GitHub repository shows what it took to get to where we are now. What’s next?

We need your input so we can figure out the best way to get the Mooltipass in the hands of our readers, as our goal is not to make money. The beta testers batch has just been launched into production and I’ll be traveling to Shenzhen in two weeks to meet our assembler. When materials and fabrication are taken into account we expect each device to cost approximately $80, so please take 3 seconds of your time to answer the poll embedded below :