5phinX / piPa55

Hardware password manager based on raspberry pi zero
MIT License
6 stars 1 forks source link

piPa55 - a hardware password manager based on Raspberry Pi Zero

Pi Zero emulates a USB keyboard and ethernet. The ethernet provides a connection to the embedded HTTP server used for password management. USB keyboard then types in selected passwords.

Security

piPa55, in its current state, is not a secure storage. Its sole purpose is to increase the convenience.

Passwords generated by the device are random, but they are stored in plain text in device's memory.

In future, hardware and software modifications are planned, which would increase security and allow for secure password storage.

Security features planned include:

Dependencies

piPa55 was tested on a Raspbian Stretch.

The device uses composite USB framework build into the linux kernel. Necessary modules must be loaded at boot. Add this statement to your boot/cmdline.txt:

modules-load=dwc2,libcomposite

Next line must also be added to /boot/config.txt:

dtoverlay=dwc2

piPa55 is written mostly in Tcl (with a few bash scripts), so tcl package must be installed. Another required package is dnsmasq for the DHCP server to work correctly.

Installation

At current state, piPa55 can only work when installed in /root/piPa55.

The systemd unit is in piPa55.service. To register the unit with the systemd, create a symlink:

ln -s /root/piPa55/systemd/piPa55.service /etc/systemd/system/piPa55.service

Now, the service can be enabled by systemctl enable piPa55 and started by systemctl start piPa55.

An empty directory /root/piPa55/pass_storage must be created.

Configuration

Password management is done via embedded HTTP server. The management interface is accessible through http://192.168.148.1.

piPa55 provides a DHCP server, so there is no need to set the host PC interface manually. The device is bound to a static address 192.168.148.1/24.

Usage

After startup, the pre-selected password is the default password. This is usually the password used to log into the PC.

The keyboard emulator is triggered by switching CAPS-lock on and off within 2 seconds. The CAPS-lock key is not used by many people and this will give it a purpose. Moreover, triggering by turning the CAPS-lock on and off still retains the former purpose of CAPS-lock if needed.

CAPS-lock sensitivity can be turned off via the web interface.

Another method to type passwords is to configure a time delay in the web interface and triggering it by clicking on Type Password after delay button. This way the password is selected and queued for delayed typing at the same time. Using this method, piPa55 is usable also on devices without physical keyboards such as android phones.

Credits

The USB composite device was set up according to following sources:

https://gist.github.com/Gadgetoid/c52ee2e04f1cd1c0854c3e77360011e2

https://threadsec.wordpress.com/raspberry-pi-zero-usb-composite-gadget/