another firmware

There is one very handy hardware password manager called Pastlda. You can read more about it here https://habr.com/ru/post/305594/

Since the device is Open Source (new), I compiled another firmware for Pastilda (Pas ~ r 1.1 board), mainly, taking into account my wishes.

Here is the block diagram of the Pas~r1.1 gadget. Everything is as simple as possible: MCU, USB 2x, SD card, RGB LED and SWD.

Hardware architecture Pastilda r1.1

Hardware architecture Pastilda r1.1

The inconvenience of the original firmware was written in the Betta testing report here https://habr.com/en/post/694970/

Since I have been programming STM32 since 2011, by 2019 I already had a code base in which there was about 70% of the functionality for Pastilda firmware. I decided to try linking my version of *.bin(arya).

I had to choose Win10, GCC, C, CMSIS, HAL, FatFs, NoRTOS, Make, Eclipse as the main technology stack.

You ask, what’s so difficult about it? Writing firmware for STM32 is a classic ordinary task.

What difficulties did I have to face?

Difficulty #0–Make a harness to connect the programmer. As you can see, the fork pitch is very exotic – 2mm. I had to put a plug on the PCB and solder a cable from loose components.

Difficulty #1— The original Pas~r 1.1 device does not have a debug UART. As for me, this is very sad, since UART is needed for debugging at RunTime. Therefore, I had to look for debug boards with STM32, USB-Host, USB-Device, HW AES256, SDIO, RGB-LED and UART. In online stores, such a board with a complete set was not found. I had to debug Pastilda’s functionality in parts, just as in mathematics they integrate functions in parts, on four different boards: Olimex-STM32-H407, STM32 MINI-M4 and nRF5340-ADK. And I debugged the program-independent code (KeePass Decrypter) on x86-64 LapTop (e).

hw attribute

Pas ~ r 1.1

Olimex-STM32-H407

STM32 MINI-M4

nRF5340-ADK

USB Host

OTG_HS

OTG_FS

+/-

+/-

USB device

OTG_FS

OTG_HS

+/-

+/-

HW AES256

+

+

+

SDIO

+

+

UART

+

+

+

SD-micro

+

+

+

SPI

+

+

+

RGB LED

+

+

MCU

STM32F415RGT6

STM32F407ZGT6

STM32F415RGT6

nrf5340

Difficulty #2 –In Pas~r 1.1, the USB FS and HS ports do not match the Olimex-STM32-H407 development board. I had to write code with fully software-configurable USB Host and USB Device peripherals.

USB port

Pas ~ r 1.1

Olimex-STM32-H407

USB Host

OTG_HS

OTG_FS

USB device

OTG_FS

OTG_HS

Difficulty #3 –Usually, the combat *.kdbx file does not fit into the RAM memory of the microcontroller. Just because KeePass is decrypted in a console application on a PC doesn’t mean that the same code will do the job on an MCU. The STM32F415RG microcontroller has only 128 KByte of contiguous RAM, and my typical *.kdbx file took up 154K Byte of memory.

Therefore, we had to implement the AES256_CBC streaming decryption algorithm in N byte pieces.

Difficulty #4–On the STM32F407ZG microcontroller at a frequency of 168 MHz, the software AES256 decryption of the KeePass 153kByte file takes 53 seconds! It is too long. Therefore, I had to look for a debug board with STM32 and an AES256 ECB and AES256 CBC hardware module. Preferably with the same MCU STM32F415RGT6. The Serbian board STM32 MINI-M4 turned out to be such a board. I managed to buy it very successfully on Avito for only 800 RUR.

Difficulty #5–The STM32 MINI-M4 debug board lacks SDIO, only SPI. The Serbs did not divorce one of the most important wires PD2. I had to write and cover with tests the SD card driver via SPI.

Difficulty 7–In the final version on the Pas~r1.1 board, stepping debugging showed that there was constantly a lack of stack, then a lack of heap. However, it was possible to adjust the firmware constants so that the unit tests began to pass.

The software dependencies of my firmware for Pas~r1.1 lined up like this

Dependency tree of software components in firmware Pas ~ r1.1

Dependency tree of software components in firmware Pas ~ r1.1

What did I add to the new firmware for Pas~ r1.1?

1–Ability to insert only password (Right Enter) not only login + password (Left Enter). Many sites only require a password.

2–Ability to loop through passwords in a circular array. You can quickly access the old password at the end of the KeePass file.

3–Switch the state of the LED when the button is pressed, so that there is communication that the device is working.

4–Diagnostic Console ~~> by pressing Left Crtl+Right Crtl.

Conclusion:

If you have Pastilda Pas~ r 1.1 or Olimex-STM32-H407 debugging and you want to test an alternative hardware password manager firmware, then contact me in a personal message and I will send you *.hex *.bin. I can even add custom wishes.

About how to reflash Pastilda v1.1, you can read the instructions here https://habr.com/en/post/698964/

Links

https://habr.com/ru/post/698964/
https://habr.com/en/post/694970/
https://habr.com/en/post/346820/
https://habr.com/en/post/305594/
https://habr.com/ru/company/thirdpin/blog/407633/
https://habr.com/ru/company/thirdpin/blog/466533/
https://habr.com/en/post/305602/

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *