Launch of PasTilda on the Olimex-H407 Board

There is a very wonderful educational and training electronic board Olimex-STM32-H407. In this text, I will show how you can run the firmware of the iconic Russian hardware password manager PasTilda on this PCB.

There is a very remarkable educational and training electronic board Olimex-STM32-H407. In this text, I will show how to run the firmware of the cult Russian product Pastilda (Pas~) on it.

What is Pastilda (Pas~)?

Pastilda is a universal hardware password keeper for various websites. This device is an intermediary between a USB keyboard and a personal computer (PC), which, at the command from the keyboard, inserts the required login+TAB+password (or just password) for a specific website. Pastilda users remember only one password in their life - the password to access Pastilda (which is also the password to the KeePass file). Then the device extracts the required complex unique password for each site from the KeePass file and automatically types it into the PC.

At the same time, the personal computer (PC) seriously thinks that the password was typed so quickly manually. But we know that it was automatically typed by Pastilda.

Thus, you can type passwords anywhere. All passwords will be different and extremely complex. On the online store website, in email, and even to log into the operating system. Do you understand?..

What is the problem?

The problem is that the original Pastilda is expensive: 5k RUR. In our developing country (in Russia), not everyone can afford to buy electronics costing 5k RUR.

Moreover, the number of manufactured and sold Pastildas was very limited. Literally a few hundred pieces over the entire life cycle of this remarkable Russian product.

Therefore, we need to come up with a way to use Pastilda on more affordable and cheaper hardware. This opportunity is kindly provided by the electronic board Olimex-STM32-H407.

Hardware part

What hardware is needed?

To prepare the Olimex-STM32-H407 board for working with the Pastilda firmware, you need the following list of hardware. All this is easily available on the market

#

Equipment

Comment

1

ST-LINK/V2 ISOL

Programmer

2

JTAG cable 20pin for programmer

For connecting the programmer and PCB Olimex

3

USB-A-USB(mini) cable

Cable for connecting LapTop and programmer

4

USB-A-USB(mini) cable

Cable for connecting LapTop and PCB Olimex

5

USB Keyboard

For connecting it to Pastilda

6

Personal computer (e.g. LapTop)

For running the firmware update utility and populating the KeePass file with passwords

7*

USB-UART adapter

For viewing the firmware boot log and for connecting to UART-CLI

8

Olimex-STM32-H407 electronic board

The target device that will run the firmware with the Pastilda application

9

Micro SD card

Removable storage of encrypted passwords, which stores the KeePass file with the extension *.kdbx

Olimex-STM32-H407 electronic board

You will recognize the electronic board you need from this photo.

The product can be purchased at the Olimex online store for just 2144 RUR.


Close-up view of the Olimex-H407 Board with installed PasTilda and connected peripheral devices.

This electronic board has all the necessary hardware to run the application implementing Pastilda: USB host, USB device, SD micro, and LED.


The process of loading PasTilda on the Olimex-H407 Board, showing the stages of connection and setup.

To avoid accidentally scratching the electrolytic capacitors when transporting the board in a backpack, I even mounted such a transparent screen made of plexiglass.


Olimex-H407 Board with installed PasTilda, side view demonstrating the connection and operation of the device.

Software part

As in any Hi-Tech development, in addition to hardware, there is also software.

What is needed from the software?

Program or binary file

Explanation

1

KeePass.exe program

Client program for working with KeePass password database files (*.kdbx files)

2

ST-LINK_CLI.exe

Utility for flashing STM32 microcontrollers from the vendor. (CLI version)

3

OS Windows

To run the chip manufacturer's utilities ST

4

STM32 ST-Link Utility.exe

Utility for flashing STM32 microcontrollers from the vendor (GUI version)

5

olimex_stm32_h407_mbr_gcc_m.hex

Primary bootloader for the Olimex board

6

olimex_h407_bootloader_gcc_m.hex

CLI bootloader for the Olimex board

7

olimex_h407_freertos_pastilda.hex

Generic firmware Pastilda for the Olimex-STM32-H407 board

Preparation of *.kdbx file with database

To work with the device, you first need to put a *.kdbx file with an encrypted password database on the SD card.

The file is created and filled in as in any other GUI utility on Windows. However, there is one point.

This firmware does not work with every *.kdbx keepass file. Before saving the file, you need to remove the service information (metadata) from it. To do this, go to Tools->Database Maintenance. And click on the Entry history Delete and Delete object information buttons. And save the file. Thus, the final keepass *.kdbx file will contain only the necessary information.

Firmware upload

Before uploading the Pastilda firmware, you need to install the bootloader. Due to the specifics of the sector layout of the STM32F4x family microcontrollers, there are two bootloaders. The primary bootloader (MBR) and the secondary bootloader (BootLoader).

The task of the primary bootloader is only to call the secondary bootloader. The task of the secondary bootloader is to call the generic application and allow updating the Generic via UART3.

You may ask: "why doesn't the primary bootloader call the application?"

The answer is simple. It will call, but it will not be able to update via UART. In this case, the primary bootloader would not fit into 16kByte-32kByte of Flash memory.

The fact is that the firmware update occurs through the CLI. And this is working with text protocols. The task of the bootloader is to accept the application via UART-CLI and write it to the combat ROM memory. And this functionality is almost impossible to fit into 16kByte.

In addition, the first sectors of Flash memory are all small and therefore already used for on-chip NVRAM. At the beginning of Flash memory, there is simply no continuous range of the required size.

And at the end of the ROM, there is a huge 128kByte sector, as if specially designed for a full-fledged BootLoader. Therefore, this is how two bootloaders appeared. And the application is located between them. Essentially three firmwares for one device.

File Name

Description

Start Address

Size, kByte

Sector

1

olimex_stm32_h407_mbr_gcc_m

MBR

0x08000000

32

0

2

Here the firmware stores parameters

NVRAM

0x08008000

32

2

3

olimex_h407_bootloader_gcc_m

BootLoader

0x080E0000

128

11

4

olimex_h407_freertos_pastilda

Generic Application

0x08010000

768

4

--

--

--

Total:

960kByte

--

About how to actually upload the *.hex firmware using the specified utilities, you can read the manuals from the microcontroller manufacturer ST or from the electronic board manufacturer Olimex.

Results

It was possible to port the firmware of the hardware password manager Pastilda to the widely used Bulgarian educational and training solid-state electronic board Olimex-STM32-H407.

This palliative solution allows you to save 3$0.00 on the purchase of the original Pastilda, which, by the way, costs 5000 RUR.

The firmware binaries can be downloaded from the link [1] on github.com. If you have any suggestions for improving the firmware functionality, write in the comments. I will enthusiastically make improvements and release a new version of the binaries.

I hope my firmware will help someone also start using hardware password managers. This will allow you to free up a few hours a month by speeding up the search and typing of various passwords on different sites.

Dictionary

Acronym

Decryption

NVRAM

Non-volatile random-access memory

MBR

Master Boot Record

SD

Secure Digital

PC

personal computer

CLI

Command-line interface

USB

Universal Serial Bus

LED

Light-emitting diode

RUR

Russian ruble

Comments