1. Software that you run on your computer (the “host”) to send commands to…
2. A USB “token” which A) encrypts and stores credentials from the host and B) decrypts and displays them on its LCD.

Creds101 serves the same purpose as traditional “password database” solutions but it is different in two fundamental ways:

1. Credentials aren’t stored on the user’s computer – they’re stored on a USB “token”.
2. Sensitive credential data cannot be read by malicious software on the user’s computer – credentials can only be viewed on the token’s “trusted LCD display”.

• AsciiDoc-based documentation including the “host->token” serial command protocol and data-flow diagrams illustrating how credentials are encrypted, stored, decrypted, and displayed by the token.
• A unittest test suite which exercises each of the commands accepted by the token. Install Twisted and try

  PYTHONPATH=src trial src/TestSimulatorToken.py

• A cross-platform “token administration” GUI for storing and retrieving credentials. Try

  bin/creds101-admin-gui --use-simulator

  or see screenshot 1.

  
• A command-line “token administration” interface. Try

  bin/creds101 --help

• A “token simulator” that allows us to 1) develop tests 2) iron out token design issues before coding in C for an embedded platform. Try

  bin/creds101-simulator --gui

  or see screenshot 1.

• 
  The beginnings of the code for an Arduino-based token. Take a look in `src/arduino`. This includes code for…
  • Receiving commands from the “host” via the Arduino’s FTDI serial-over-USB chip.
  • Reading and writing data to the 512 bytes of internal EEPROM or an attached SPI DataFlash part. See photos 2 and 3.
  • Displaying text on a SparkFun SerLCD LCD module.
  • Encrypting and decrypting data with 128-bit AES.

• 
  Completing the Arduino token implementation so that we have something that’s suitable for everyday use.
• Completing a thumbdrive-sized token implementation – the ideal form factor.
• The smaller tasks that can be found in the `TODO` file.

• How to create slick, source-based docs with the AsciiDoc tool suite. As much as I like MoinMoin markup, the wiki engine itself isn’t amenable to being invoked from a build automation tool.
• GUI design with Glade, a slick RAD tool used by many free software projects.
• GUI interaction with PyGTK. I wrote a well-behaved worker thread that runs alongside the GTK main loop for the token simulator component.
• The theory and implementation of “Secret Sharing” schemes especially Shamir’s Secret Sharing Scheme (SSSS). We discarded SSSS in favor of the current “store-the-key-on-the-host, store-the-ciphertext-on-the-token” design.
• A handful of Python skills…
  • Finding a script’s location from within the script. Handy for using `bin/foo -> src/foo.py` symlinks in conjunction with external (e.g. Glade XML) resources.
  • Python’s built-in XML-RPC library. Reconciling UNIX socket semantics with thread semantics gave me fits before I switched to this IPC mechanism.
  • Steven Bethard’s superior argparse module which makes handling subcommands and required positional arguments a breeze compared with Python’s standard optparse module.

Creds101 is licensed under the GPL.

Here are the steps to grab the v0.1 source tarball from the hgweb interface and take the GUIs for a test drive!

$ wget http://unsyncopated.com/hg/creds101/archive/0.1.tar.gz
$ tar xzf 0.1.tar.gz
$ cd creds101-0.1
$ bin/creds101-simulator --gui &           # launch the token simulator
$ bin/creds101-admin-gui --use-simulator & # connect to the simulator

You can see our design notes, plans, and a list of similar projects at the wiki page but beware the outdated Secret Sharing content.

I’m accumulating all the research papers, datasheets, and application notes I’ve encountered during this project in a “research materials” repository. You might find the contents useful if you’re trying to choose an AES implementation for an AVR microcontroller or if your project falls into one of these categories: “cryptographic co-processor”, “hardware security module”, “embedded secret secret sharing”, “ubiquitous/pervasive computer security”, or “tamper evidence/proof”.

Here are a few miscellaneous thoughts:

• You know how IE plays that little “mouse click” sound when accessing a new web page? It’s not so bad except for the fact that it often happens a second or so ”’after”’ you click on a hyperlink. This makes the computer feel slow and/or broken.
• Windows XP claimed it “successfully restored” my wifi connection even though IE still couldn’t access Google.
• The netbook sometimes plays a quiet hissing sound instead of an audio clip.
• Dell has prepackaged Google Desktop Search on this machine. A few minutes after completing Windows setup, the Google Desktop Search icon notified me that “Google has blocked an attempt by another program to change your search preferences”. I suspect it was IE, but c’mon, ”’pre-installed”’ software shouldn’t fight with itself.

There’s no googleprint for anohacker@gmail.com so I’m assuming this person created that email address just for the purpose of disclosing this vulnerability.

Since the report cites 12/30/2006 as the date of “public demonstration”, it’s probably safe to say that the person who posted this report is the same masked (German?) guy that gave the mysterious lightening talk at 23c3 called “Consolen Hacking Suprise“. Pay no attention to the man behind the black bandana! He’s only breaking (one of?) the most technically advanced game console security system ever devised – a security archictecture in which Microsoft has invested tens of millions of dollars.

If anybody has any more technical details or knows where this researcher hangs out on IRC/forums, I’d love to know.

As expected, the Slashdot story has some of the best commentary on the topic:

• Debate over whether Xbox 360 gamers “own” or “license” the system.
• Some idle speculation on why Windows Media DRM and Xbox security vulnerability fixes are pushed out to end users roughly 22 times faster than critical Windows OS vulnerabilities.
• And finally, a proper response to some dillweed who said “we shouldn’t use C anymore! it’s insecure!”

Console security really fascinates me because its a realm where the manufacturer has almost complete control over the design of the entire system, and that system is destined to be in the hands of millions of hackers and homebrew enthusiasts.

I’ll leave the final word to Gerardo Richarte (aka gera) from Core Security who sees the death of the freedom to tinker on the horizon.

Further reading:

• IBM “efuse” technology
• gera’s write-up on a vulnerability in a linksys router that I own. It includes disassembled firmware code and python exploit code. Nice.
  

Speaking of Intel, kudos to them for having the best website of any motherboard manufacturer I’ve bought from. Their motherboard pages have

• High resolution pictures of the boards.
• Detailed specs for each available “configuration”.
• BIOS updates (including old ones) in 4 different formats including bootable CDs.
• 3 effective ways to identify an Intel board (BIOS string, sticker label on board, part number)
• Detailed information on where temperature sensors are located.

They also support the Linux community by releasing quality open-source graphics drivers. Very, very nice.

If you want to install Ubuntu on a 965-based Intel board like the DQ965GF, I recommend the third Fiesty Fawn milestone, Herd 3. With Herd 3, you get the 2.6.20 kernel which supports KVM, a loadable kernel module to support hardware virtualization (scoooore!).

Because the 965 chipset is new, there are still some kinks. At first the installer crapped out and left me with:

BusyBox [ver] Built-in shell (ash)
Enter 'help' for a list of built-in commands.

/bin/sh: can't access tty; job control turned off

Later on, I got garbled X graphics.

The solution to these problems was to add “vga=771 all-generic-ide pci=nommconf” to my kernel options line after booting to the install CD (hit F6 when the installer while you’ve got the “Start or install Ubuntu” menu item selected). Your final options line should read “file=/cdrom/preseed/ubuntu.seed boot=casper initrd=/casper/initrd.gz vga=771 all-generic-ide pci=nommconf quiet splash –”. I removed “quiet” and changed “splash” to “nosplash” also.

Windows XP Profession rebooted every time it tried to load “mup.sys” during bootup. The fix was to change the BIOS setting for Configure SATA As” (Advanced Tab -> Drive Configuration) from “AHCI” to “IDE”. Note that this will nix any benefit you get from SATA.

Some of these links were helpful:

• Configure SATA as [Standard IDE] or [AHCI] ???
• How To: Install Fedora Core 6 On Intel DG965SS Motherboard