MummyCrypt
No matter what your task or project, you must always protect your keys. Transferring sensitive strings between disparate actors is always a difficult affair, especially when youre trying to run a dead drop. MummyCrypt is a tiny project that enables quiet folks to trade sensitive strings through obfuscated means. Due to cryptography export controls I am not going to post any of the firmware for this project, but I am sure you can read a few whitepapers and write your own!
As usual, it starts with a sketch:
The initial idea was to use an esp32-s for the salsa20/chacha/coconut98 heavy lifting, UART terminal menu, and i2c EEPROM interaction; 9 clicky buttons to serve as user input for the unlock code; and an AT88SC security module to act as a physical unique token and key store. I was considering using an ATTINY24 with vUSB to do keystroke injection, but I steered away from this because of complexity and cost. I was still in a prototype phase with this project so I went with three buttons, a nasty uart/gpio0 header, and no address select on any of the EEPROMs.
V1 turned out to be a good platform to wring out any kinks in the firmware, but it was clearly far from done. The unlock code input using buttons was a major security issue, so I dropped physical interaction down to two buttons. The AT88SC is a great i2c security token, but it needs its own i2c bus and wasnt a good fit for this project, so it was scrapped. I was able to bodge wire my way into figuring out all the EEPROM address pin straps, so I updated that in the v2 schematic. I tried a few decoupling caps on the power lines, but they were not really needed due to using the 5vdc usb rail and ams1117, so I didnt bother. Time to burn another 40bux at jlcpcb!
All of the parts used are very easy to hand solder. SMD soldering definitely requires plenty of practice with the correct tools. I prefer a Hakko 888d with a chisel tip and flux dispensed from a syringe under an inspection scope, but your mileage may vary. My solder joints are in no way perfect, but everything is working as expected.
A few hours in Fusion360 and 5 FDM prints later provided me with a nice case. Sling this baby up into a pine tree with some clear fishing line, place it under a wide rock, throw it inside of a PVC geocache, or crumple it into a napkin in a crowded bar.
The project is at a good enuff state, time to move onto the next thing and place this nonsense onto the shelf of shame.
Lessons Learned:
- Use slider switches for GPIO0/bootmode strapping on the SOC, stop relying on clicky buttons or UART headers.
- Create breakout PCBs for each device in the project. These breakouts can be used for rapid prototyping and other people might find them useful.
- Start using more than two GPIO pins for i2c; Create multiple i2c buses instead of trying to jam everything onto the same bus.
