TurtlPass Firmware provides a simple and secure way of generating passwords using a deterministic key derivation function (HKDF) as specified in RFC 5869.
- Generates unique, secure passwords from a simple input hash
- 100 characters long, including a combination of lowercase and uppercase letters, as well as numbers
- Uses a seed stored in flash memory for added security
- Automatically types the password for you, so you don't have to
- Erases the password from memory after use, for extra peace of mind
- Easy to integrate into your existing projects with USB serial port connectivity
- Raspberry Pi Pico
- OTG Cable: micro-USB (male) to USB-C (male)
- Cover/Case (optional)
ON- Operational (default)
PULSING- Password ready to type
BLINKING- Typing... (fast blink)
OFF- No power input
The Arduino IDE 1.8.19 can be downloaded from this link
1.8.X version is required beforehand to ensure device drivers are installed correctly but 2.X can be used once the following steps are completed
-
Open
File->Preferences->Settings -
Insert the following link into the Additional Boards Manager URLs:
https://github.com/earlephilhower/arduino-pico/releases/download/global/package_rp2040_index.json
-
Hit OK to close the dialog
Screenshot
-
Go to
Tools->Board->Boards Manager... -
Search for "pico"
-
Install the
Raspberry Pi Pico/RP 2040package
Screenshots
-
Go to
Tools->Board->Raspberry Pi RP2040 Boards(1.9.5) -
And select
Raspberry Pi Pico
Screenshot
-
Go to
Tools->Manage Libraries... -
Search for "arduinolibs crypto"
-
Install the
Cryptolibrary
Screenshots
-
Run the bash script
./generate_seed_file.shto generate a new seed fileSeed.cpp.<timestamp>on a computer with macOS or Linux. -
Rename the generated file to
Seed.cpp.
-
Open
turtlpass-firmware.inowith Arduino IDE on a computer.If the first time, select the appropriate Board and Serial Port in the Arduino menu
Tools. -
Connect the Raspberry Pico to a computer with a micro-USB to USB-C cable.
To upload your first sketch, you will need to hold the
BOOTSELbutton down while plugging in the Pico to a computer. -
Click in the
Uploadicon to upload the sketch to the Pico -
The sketch should be transferred and start to run.
Screenshots
-
Open the Serial Monitor console
Settings:
Newlineand115200baud rate -
Type, for example,
/0and send it -
You should get a response saying
OKand the LED should bePULSING -
Now press the button on Pico and the password should be typed (wherever the focus is on)
Screenshots
Having multiple devices with the same seed can serve as a backup, similar to having multiple copies of your house key. One device can be kept in a secure location while another one is for daily use.
Alternatively, you can store the seed file elsewhere, but it is best to let the device store the seed offline for added security.
As a precaution, it is crucial to note that an individual with physical access to the device may potentially be able to compromise it, given sufficient time and effort.
Raspberry Pi Pico
While the Raspberry Pi Pico (RP2040) is a useful device for development, it is not recommended for use in production settings. Due to the external ROM it utilizes, it is relatively easy to extract the firmware binary using picotool, making it challenging to protect against unauthorized access.
Example on how to do just that:
$ picotool save firmware.uf2
Saving file: [==============================] 100%
Wrote 369000 bytes to firmware.uf2
Arduino RP2040 Connect
The Arduino RP2040 Connect features the ATECC608A Cryptographic Co-processor that includes hardware storage for cryptographic keys however to access certain features on this chip we need to contact Microchip and sign an NDA contract.
Other devices
I am continuously exploring and evaluating new hardware options for this project. As more information and resources become available, I will keep you updated on my progress.
- Raspberry Pi Pico Arduino core
- Port of the RP2040 (Raspberry Pi Pico processor) to the Arduino ecosystem.
- It uses the bare Raspberry Pi Pico SDK and a custom GCC 10.3/Newlib 4.0 toolchain.
- LGPL 2.1 license
- Arduino Cryptography Library
- Libraries to perform cryptography operations on Arduino devices
- MIT license
- Keyboard Library for Arduino
- Library allows an Arduino board with USB capabilities to act as a keyboard
- LGPL 3.0 license
TurtlPass Firmware is released under the GPL 3.0 license.