This project attempts to address the need for a portable method of entering passwords at a computer without typing them manually.
To do this, we need to take advantage of the prevalent use of USB keyboards as an interface to type in passwords. By using the Human Interface Device protocol defined in the USB standards, any string of typable characters can be sent to a terminal in an automated fashion by using a bespoke device. This device emulates a 101-key USB keyboard and types characters into the terminal without human intervention.
One of the goals of the project is to provide a means to send passwords automatically from a user's personal Bluetooth "smart" device like a smartphone. This Bluetooth device would be controlling the USB keyboard device using Bluetooth Low Energy communication. Therefore, the USB keyboard device will have BLE capabilities as well.
Once the communication and USB interface are defined, a frontend to the system would maintain a database of passwords, usernames, and email addresses which the user can select and send to the target terminal.
Passwords being sensitive data have to be stored and transferred over comm channels securely. To achieve this, the data over Bluetooth has to be encrypted and the passwords stored in the user device have to be encrypted as well. In addition to this, since the software is open source, the system should only work if the personal Bluetooth device has been authenticated.
So, before enabling the transfer of characters, a token will be sent which will serve as a challenge from the USB-Bluetooth keyboard device to the user's personal smart device. The response to this device will be a 16-byte encrypted block of bytes which will be derived by encrypting the token using a key and initialization vector that can be defined once while configuring the software. This key and IV will be an arbitrary choice by the user and will help in making the system unique to the user thereby preventing unauthorized control of the USB-Bluetooth keyboard. Furthermore, the token will only be sent upon pressing a button which will also initialize the device simultaneously.
- NRF5 SDK
- NRF Connect for Desktop
- MSYS2
- ARM GCC Compiler
- Install by typing the following command into MSYS
pacman -S mingw-w64-x86_64-arm-none-eabi-gcc
- Install by typing the following command into MSYS
- GCC Make
- Install by typing the following command into MSYS
pacman -S make
- Install by typing the following command into MSYS
- Clone the repository into a location
- Ensure that the scripts/Makefile.windows file is updated with the location, version and file prefix for the ARM GCC compiler if it does not match with what is given already.
- Update the SDK_ROOT variable in scripts/Makefile to the relative location of the NRF5 SDK from the pca10059/s140/armgcc directory.
- At the command prompt, enter the pca10059/s140/armgcc directory, and make the firmware by entering the below command replacing the "SECRET 16 CHARS!" with your chosen key.
mingw32-make 'KEY="SECRET 16 CHARS!"' - The code should have been compiled and a .hex file generated in the _build directory.
- The .hex file should be programmed onto the dongle using the nrf connect for desktop programmer. To program the dongle, you need to press the reset button while the dongle is plugged in.
- Once programmed, the dongle will be detected as a USB HID keyboard. It should also be detectable as a bluetooth peripheral if a device like a smartphone was to scan for it.
- Copy the webapp.html and (generated) key.json file to any device that has a browser like Chrome (Linux support is not available but a command line tool is under development).
- Open the page in the browser and use the buttons to enter passwords to be stored. Three pieces of information are needed for every credential - email, username, and password (in that order).
- Enter a master password and 'encrypt and save' to a file which could be stored locally or on the cloud.
- Once a file is created, load the file by entering the master password again and pressing the decrypt button. Any changes can still be made in the text box displaying the database of passwords. (It is in JSON format so it is human readable and editable).
- Press the connect button once you are ready and select the bluetooth device - 'Nordic_Blinky'.
- Press the button on the dongle. This is to verify that the user of the webapp is also the user of the dongle. Behind the scenes, there is a challenge/response mechanism which is initiated from the dongle on pressing the button.
- Type in the name of the credential and press the 'Write to BLE' button to send the password. Before doing so, ensure that the terminal on the target computer is in focus and that the cursor is on the password field.
- If the dongle is reconnected, then make sure to unpair the dongle from the user's device and repeat from start.