Cypherpunk - This month, HackerBox Hackers are exploring privacy and cryptography. This Instructable contains information for working with HackerBox #0027, which you can pick up here while supplies last. Also, if you would like to receive a HackerBox like this right in your mailbox each month, please subscribe at HackerBoxes.com and join the revolution!
Topics and Learning Objectives for HackerBox 0027:
- Understand the important social implications of privacy
- Secure cameras on personal electronic devices
- Explore the history and mathematics of cryptography
- Contextualize common cryptographic software
- Configure an STM32 ARM processor "Black Pill" board
- Program the STM32 Black Pill using the Arduino IDE
- Integrate a Keypad and TFT Display with the Black Pill
- Replicate functionality of the WWII Enigma Machine
- Understand Multi-Factor Authentication
- Face the soldering challenge to build a U2F Zero USB Token
HackerBoxes is the monthly subscription box service for DIY electronics and computer technology. We are hobbyists, makers, and experimenters. We are the dreamers of dreams. HACK THE PLANET!
Step 1: HackerBox 0027: Box Contents
- HackerBoxes #0027 Collectable Reference Card
- Black Pill STM32F103C8T6 Module
- STLink V2 USB Programmer
- Full-Color 2.4 inch TFT Display - 240x320 Pixels
- 4x4 Matrix Keypad
- 830 Point Solderless Breadboard
- 140 Piece Wire Jumper Kit
- Two U2F Zero Soldering Challenge Kits
- Large 9x15 cm Green Prototying PCB
- Exclusive Vinyl GawkStop Spy Blockers
- Exclusive Aluminum Magnetic Swivel Webcam Cover
- Exclusive EFF Patch
- Privacy Badger Decal
- Tor Decal
Some other things that will be helpful:
- Soldering iron, solder, and basic soldering tools
- Magnifier and small tweezers for SMT soldering challenge
- Computer for running software tools
Most importantly, you will need a sense of adventure, DIY spirit, and hacker curiosity. Hardcore DIY electronics is not a trivial pursuit, and we are not watering it down for you. The goal is progress, not perfection. When you persist and enjoy the adventure, a great deal of satisfaction can be derived from learning new technology and hopefully getting some projects working. We suggest taking each step slowly, minding the details, and don't be afraid to ask for help.
Note that there is a wealth of information for current, and prospective, members in the HackerBox FAQ.
Step 2: Cypherpunks
A Cypherpunk [wikipedia] is an activist advocating widespread use of strong cryptography and privacy-enhancing technologies as a route to social and political change. Originally communicating through the Cypherpunks electronic mailing list, informal groups aimed to achieve privacy and security through proactive use of cryptography. Cypherpunks have been engaged in an active movement since the late 1980s.
In late 1992, Eric Hughes, Timothy C. May and John Gilmore founded a small group that met monthly at Gilmore's company Cygnus Solutions in the San Francisco Bay Area, and was humorously termed cypherpunks by Jude Milhon at one of the first meetings - derived from cipher and cyberpunk. In November 2006, the word "cypherpunk" was added to the Oxford English Dictionary.
The basic ideas can be found in A Cypherpunk's Manifesto (Eric Hughes, 1993): "Privacy is necessary for an open society in the electronic age. ... We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy ... We must defend our own privacy if we expect to have any. ... Cypherpunks write code. We know that someone has to write software to defend privacy, and ... we're going to write it." Some noteworthy cypherpunks are, or were, senior staff at major tech companies, universities, and others are well-known research organizations.
Step 3: Electronic Frontier Foundation (EFF)
The EFF [wikipedia] is an international non-profit digital rights group based in San Francisco, California. The foundation was formed in July, 1990 by John Gilmore, John Perry Barlow, and Mitch Kapor to promote Internet civil liberties.
The EFF provides funds for legal defense in court, presents amicus curiae briefs, defends individuals and new technologies from what it considers abusive legal threats, works to expose government malfeasance, provides guidance to the government and courts, organizes political action and mass mailings, supports some new technologies which it believes preserve personal freedoms and online civil liberties, maintains a database and web sites of related news and information, monitors and challenges potential legislation that it believes would infringe on personal liberties and fair use, and solicits a list of what it considers abusive patents with intentions to defeat those that it considers without merit. EFF also provides tips, tools, how-to's, tutorials, and software for safer online communications.
HackerBoxes is proud to be a Major Donor to the Electronic Frontier Foundation. We strongly encourage anyone and everyone to click here and show your support to this crucially important non-profit group that protects digital privacy and free expression. EFF's public interest legal work, activism, and software development efforts seek to preserve our fundamental rights in the digital world. EFF is a U.S. 501(c)(3) nonprofit organization and your donations may be tax deductible.
Step 4: Noteworthy EFF Projects
Privacy Badger is a browser add-on that stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web. If an advertiser seems to be tracking you across multiple websites without your permission, Privacy Badger automatically blocks that advertiser from loading any more content in your browser. To the advertiser, it's like you suddenly disappeared.
Network Neutrality is the idea that Internet service providers (ISPs) should treat all data that travels over their networks fairly, without improper discrimination in favor of particular apps, sites or services. It is a principle that must be upheld to protect the future of our open Internet.
Security Education Companion is a new resource for people who would like to help their communities learn about digital security. The need for robust personal digital security is growing every day. From grassroots groups to civil society organizations to individual EFF members, people from across our community are voicing a need for accessible security education materials to share with their friends, neighbors, and colleagues.
The Onion Router (Tor) enables its users to surf the Internet, chat, and send instant messages anonymously. Tor is free software and an open network that helps defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.
Step 5: Secure Your Cameras
According to WIRED Magazine, "spy tools, whether designed by intelligence agencies, cyber crooks or internet creeps, can turn your camera on without illuminating the indicator light." [WIRED]
While serving as Director of the FBI, James Comey gave a speech about encryption and privacy. He commented that he puts a piece of tape over the webcam lens on his laptop. [NPR]
Mark Zuckerberg made news when the public noticed that he follows the same practice. [TIME]
HackerBox #0027 features a collection of customized vinyl GAWK STOP spy blockers as well as an aluminum magnetic-swivel webcam cover.
Step 6: Cryptography
Cryptography [wikipedia] is the practice and study of techniques for secure communication in the presence of third parties called adversaries. Cryptography prior to the modern age was effectively synonymous with encryption, the conversion of information from a readable state to apparent nonsense. The originator of an encrypted message shared the decoding technique needed to recover the original information only with intended recipients, thereby precluding unwanted persons from doing the same. The cryptography literature often uses the name Alice ("A") for the sender, Bob ("B") for the intended recipient, and Eve ("eavesdropper") for the adversary. Since the development of rotor cipher machines in World War I and the advent of computers in World War II, the methods used to carry out cryptology have become increasingly complex and its application more widespread. Modern cryptography is heavily based on mathematical theory. Cryptographic algorithms are designed around computational hardness assumptions, making such algorithms hard to break by any adversary.
There are many online resources for learning more about cryptography. Here are a few starting points:
The Journey into Cryptography at Khan Academy is an excellent series of videos, articles, and activities.
Stanford University has a free online Cryptography course.
Bruce Schneier has posted a link to an online copy of his classic book, Applied Cryptography. The text provides a comprehensive survey of modern cryptography. It describes dozens of cryptographic algorithms and gives practical advice on how to implement them.
Step 7: Common Cryptographic Software
From a practical point of view, there are a few specific applications of cryptography that we should be aware of:
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for stored data. PGP is used for signing, encrypting, and decrypting text, e-mails, files, directories, and even entire disk partitions.
Transport Layer Security (TLS) is a cryptographic protocol that provides communication security over a computer network. TLS is used in applications such as web browsing, email, Internet faxing, instant messaging, and voice over IP (VoIP). Websites are able to use TLS to secure all communications between their servers and web browsers. TLS is built upon earlier Secure Sockets Layer (SSL) specifications.
Internet Protocol Security (IPsec) is a network protocol suite that authenticates and encrypts the packets of data sent over a network. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to use during the session.
A Virtual Private Network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The systems at each end of the VPN tunnel encrypt the data entering the tunnel and decrypt it at the other end.
A Blockchain is a continuously growing list of records, called blocks, which are linked and secured using cryptography. The first blockchain was implemented in 2009 as a core component of bitcoin where it serves as the public ledger for all transactions. The invention of the blockchain for bitcoin made it the first digital currency to solve the double spending problem without the need of a trusted authority or central server.
Step 8: STM32 Black Pill
The Black Pill is the latest STM32 Pill Board. It's an improved variant on the common Blue Pill and the less common Red Pill.
The Black Pill features the STM32F103C8T6 32bit ARM M3 microcontroller (datasheet), a four-pin ST-Link header, a MicroUSB port, and a user LED on PB12. The correct pull-up resistor on PA12 comes installed for correct operation of the USB port. This pull-up typically required a board modification on other Pill Boards.
While similar in appearance to the typical Arduino Nano, the Black Pill is far more powerful. The 32bit STM32F103C8T6 ARM microcontroller can run at 72 MHz. It can perform single-cycle multiplication and hardware division. It has 64 Kbytes of Flash memory and 20 Kbytes of SRAM.
Step 9: Flashing the Black Pill With Arduino IDE and STLink
If you do not have a recent Arduino IDE installed, get it here.
Next, get Roger Clark's Arduino_STM32 repository. This includes the hardware files to support STM32 boards on Arduino IDE 1.8.x. If you download this manually, make sure that Arduino_STM32-master.zip gets unpacked into the Arduino IDE “hardware” folder. Note that there is a support forum for this package.
Attach the STLink jumper wires as shown here.
Run the Arduino IDE and select these options under Tools:
Board: Generic STM32F103C series
Variant: STM32F103C8 (20k RAM. 64k Flash)
CPU Speed(MHz): "72MHz (Normal)"
Upload method: "STLink"
Open the file examples > basics > blink
Change all three instances of "LED_BUILTIN" to PB12
Hit the "upload" arrow (the LED on the STLink will flicker during upload)
This uploaded sketch will blink the user LED on the Black Pill on and off every second. Next, change the value in the two delay(1000) statements from 1000 to 100 and upload again. The LED should be blinking ten times faster now. This is our standard "Hello World" exercise to make sure that we can compile a simple program and load it to the target board.
Step 10: Pill Duckie
Pill Duck is a scriptable USB HID device using an STM32. Sure... Why not?
Step 11: TFT Display
Thin-film-transistor liquid-crystal display (TFT LCD) is a variant of a liquid-crystal display (LCD) that uses thin-film-transistor technology for improved image qualities such as addressability and contrast. A TFT LCD is an active-matrix LCD, in contrast to passive-matrix LCDs or simple, direct-driven LCDs with a few segments.
This Full Color TFT Display measures 2.4 inches and has a resolution of 240x320.
To test the display load the sketch from:
examples > Adafruit_ILI9341_STM > stm32_graphicstest
Modify the three control pin defines like so:
#define TFT_CS PA1
#define TFT_DC PA3
#define TFT_RST PA2
Note that the graphic test example executes very quickly because of the improved performance of the STM32 over the traditional Arduino AVR microcontroller.
Step 12: Keypad Matrix Input
Wire up the 4x4 Matrix Keypad as shown and load up the attached sketch TFT_Keypad. This example reads the keypad and displays the key on the screen. Note that this simple example for reading the keypad is blocking because it used the delay() function. This could be improved by switching to a polling or interrupt-driven model.
Assembling the Keypad and the TFT display along with the Black Pill onto the solderless breadboard or the green protoboard makes a nice "computing platform" with input and display.
Step 13: Enigma Machine Code Challenge
Enigma Machines were electro-mechanical rotor cipher machines developed and used in the early to mid 20th century. They were adopted by military and government services of several countries, most notably Nazi Germany. Germany's armed forces believed their Enigma-encrypted communications were impenetrable to the Allies. But thousands of codebreakers - based in wooden huts at Britain's Bletchley Park - had other ideas.
This month's coding challenge is to turn the "computing platform" into your very own Enigma Machine.
We've already implemented examples for keypad inputs and display outputs.
Here are some examples for the settings and computations between the inputs and outputs:
Step 14: Two-Factor Authentication - U2F Zero Security Key
Two-factor authentication (also known as 2FA) is a method of confirming a user's claimed identity by utilizing a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are. A good example of two-factor authentication is the withdrawing of money from a ATM, where only the correct combination of a bank card (something that the user possesses) and a PIN (something that the user knows) allows the transaction to be carried out.
Universal 2nd Factor (U2F) is an open authentication standard that strengthens and simplifies two-factor authentication using specialized USB or NFC devices based on similar security technology found in smart cards. U2F Security Keys are supported by Google Chrome since version 38 and Opera since version 40. U2F security keys can be used as an additional method of two-step verification on online services that support the U2F protocol, including Google, Dropbox, GitHub, GitLab, Bitbucket, Nextcloud, Facebook, and others.
The U2F Zero is an open source U2F token for two factor authentication. It features the Microchip ATECC508A Cryptographic Co-processor, which supports:
- Secure Hardware-Based Key Storage
- High-Speed Public Key (PKI) Algorithms
- ECDSA: FIPS186-3 Elliptic Curve Digital Signature Algorithm
- ECDH: FIPS SP800-56A Elliptic Curve Diffie-Hellman Algorithm
- NIST Standard P256 Elliptic Curve Support
- SHA-256 Hash Algorithm with HMAC Option
- Storage for up to 16 Keys - 256-bit Key Length
- Unique 72-bit Serial Number
- FIPS Random Number Generator (RNG)
Step 15: Soldering Challenge Kit
If you are up for a serious soldering challenge, you can build your own U2F Zero Key.
U2F Zero Soldering Challenge Kit:
- U2F Zero Token PCB
- 8051 Core Microcontroller (E0) EFM8UB11F16G
- Secure Element (A1) ATECC508A
- Status LED (RGB1) 0603 Common Anode
- Zener ESD Protection Diode (Z1) SOT553
- 100 Ohm Resistor (R1) 0603
- 4.7 uF bypass capacitor (C4) 0603
- 0.1 uF bypass capacitor (C3) 0403
- Momentary Tactile Button (SW1)
- Split-Ring Keychain
Note that there are two 0603 sized components. They look quite similar, but careful examination will reveal that R1 is black and C4 is tan. Also note that E0, A1, and RGB1 have required orientations as indicated on the PCB silkscreen.
The U2F Zero Wiki shows the details for programming the Microcontroller.
CHALLENGE NOTE: Each HackerBox #0027 includes two Soldering Challenge kits exactly because the soldering is very difficult and accidents happen. Do not get frustrated. Use high magnification, tweezers, a good iron, solder flux, and move very slowly and carefully. If you cannot successfully solder this kit, you are definitely not alone. Even if never works, it is good soldering practice on a variety of SMT packages.
You might want to check out this episode of the Ben Heck Show on Surface Mount Soldering.
Step 16: HACK THE PLANET
If you have enjoyed this Instrucable and would like to have a box of electronics and computer tech projects like this delivered right to your mailbox each month, please join the HackerBox revolution by SUBSCRIBING HERE.
Reach out and share your success in the comments below or on the HackerBoxes Facebook Page. Certainly let us know if you have any questions or need some help with anything. Thank you for being part of HackerBoxes. Please keep your suggestions and feedback coming. HackerBoxes are YOUR boxes. Let's make something great!
droneb made it!