pm. Hardware Password Manager

Have your computer passwords ever been stolen by hackers? Do you struggle to learn complex passwords by heart? A PIC32 based Hardware password manager is a safe and reliable solution.

Hardware password manager stores your passwords in its internal database and emulates a standard USB keyboard to safely enter a password into your computer when required. The internal database is only accessible through a file on the hardware password manager mass storage drive (MSD). The drive is disabled in normal operation and it must be manually enabled to allow editing of the password database. There is no other way for a personal computer application to access the password database. Though a safe computer is required to add a new password or alter an existing password in the database, there is an option to generate strong random passwords.

The hardware password manager combines PIC32MX250F128B microcontroller with a USB port, LANMU Arduino OLED display (128 x 64 pixels) and a simple 3-microkey keyboard. PIC32MX250F128B microcontroller also runs a menu based password managing application. The application settings menu contains various options related to encryption mode, pin code, keyboard emulation and MSD visibility.

Schematic

Hardware password manager schematic is an extension of the PIC32MX250F128B basic circuit that connects to a PC via a USB port. PIC32MX250F128B microcontroller relies on 8 MHz and 32.768 kHz crystal oscillators. The first is used to run a central processing unit within the microcontroller and the second provides an accurate time base for a microcontroller’s real time clock. PIC32 operates on 3.3 V and it requires a 3.3 V voltage regulator to be powered from a USB port.

The password managing application is menu based and it requires an OLED display. A number of OLED display PCBs with SH1106 and SH1306 display controllers are available on the internet. Most require 3.3 V power supply to work, luckily PIC32 voltage regulator may also provide power to OLED display. However, a 5 V OLED display must be powered directly from a USB port, but its control signals are still 3.3 V compatible. SPI protocol is used for communication between PIC32 and LANMU OLED SH1106 (or newer SH1306) display controller. The resistors on OLED display printed circuit board (PCB) must therefore be set correctly to enable SPI support on the display controller. Please, consider SH1106 or SH1306 user manual for more information. Only 5 signals are used (CLK, MOSI, RESET, DC and CS), so data from PIC32 may only be written to the display. There are a number of different OLED display PCBs with SH1106 and SH1306 display controllers on the internet. Each comes with specific instructions for selecting SPI mode, but it is more convenient to buy an SPI preset OLED display.

The 3-microkey keyboard is easy to assemble and it may be convenient to build it on a separate PCB, so it can be glued to the hardware password manager casing with the keys protruding through it. This design is simple and practical for everyday use. Depending on the hardware password manager casing size, it is also possible to inbuilt a USB cable male connector and use it as a keyboard support (see photos).

Firmware

Hardware Password Manager Application firmware for PIC32MX250F128B microcontroller is available in Hardware Password Manager FWv1.0.zip file from Downloads section. PICkit3 or other PIC32 compatible programmer may be used to program the firmware to the microcontroller.

The application source code is included, but it has to be integrated in Microchip Harmony keyboard emulation example to compile. Encryption algorithms are not included in the source code. The first version of the firmware also lacks certain features that are available in version 2.0 of the firmware. The latter is currently being thoroughly tested and it will be available from Downloads section soon.

How it works?

Hardware Password Manager enables you to select a required password from the password database by its description using up and down keys. After pressing a select key on the password manager keyboard the password is automatically transferred to a host computer.

The password database can be edited as a two columns text file. The first column provides a password description and the second column provides the password to be automatically typed into a host computer when needed. The columns are separated with a tabulator ASCII code. Each password description and a corresponding password pair are stored in a separate line that terminates with line break, or ASCII code 0.

The initial password description (“data”) is included in the firmware, but it lacks a password. A text editing application must therefore be used on a safe PC to edit FILE.TXT file on the hardware password manager MSD. If an encryption mode is selected in the application, the file must first be decrypted with an appropriate decryption key for editing and then encrypted again before being uploaded to MSD.

There is also a secondary protection mechanism in place that requires a user to enter a secure pin code to enable access to MSD. There are only 3 attempts available to enter a correct pin code. If an incorrect pin code is entered for the third time, the password manager erases MSD contents and the password database must be transferred to the hardware password manager from a backup. The pin code is also verified whenever the hardware password manager is plugged-in a USB port.

Hardware Password Manager (click to enlarge)

Hardware Password Manager Schematic (click to enlarge)

Hardware Password Manager - Opened (click to enlarge)