- DIY
- A
Launch of PasTilda on the Olimex-H407 Board
There is a very wonderful educational and training electronic board Olimex-STM32-H407. In this text, I will show how you can run the firmware of the iconic Russian hardware password manager PasTilda on this PCB.
There is a very remarkable educational and training electronic board Olimex-STM32-H407. In this text, I will show how to run the firmware of the cult Russian product Pastilda (Pas~) on it.
What is Pastilda (Pas~)?
Pastilda is a universal hardware password keeper for various websites. This device is an intermediary between a USB keyboard and a personal computer (PC), which, at the command from the keyboard, inserts the required login+TAB+password (or just password) for a specific website. Pastilda users remember only one password in their life - the password to access Pastilda (which is also the password to the KeePass file). Then the device extracts the required complex unique password for each site from the KeePass file and automatically types it into the PC.
At the same time, the personal computer (PC) seriously thinks that the password was typed so quickly manually. But we know that it was automatically typed by Pastilda.
Thus, you can type passwords anywhere. All passwords will be different and extremely complex. On the online store website, in email, and even to log into the operating system. Do you understand?..
What is the problem?
The problem is that the original Pastilda is expensive: 5k RUR. In our developing country (in Russia), not everyone can afford to buy electronics costing 5k RUR.
Moreover, the number of manufactured and sold Pastildas was very limited. Literally a few hundred pieces over the entire life cycle of this remarkable Russian product.
Therefore, we need to come up with a way to use Pastilda on more affordable and cheaper hardware. This opportunity is kindly provided by the electronic board Olimex-STM32-H407.
Hardware part
What hardware is needed?
To prepare the Olimex-STM32-H407 board for working with the Pastilda firmware, you need the following list of hardware. All this is easily available on the market
# | Equipment | Comment |
1 | ST-LINK/V2 ISOL | Programmer |
2 | JTAG cable 20pin for programmer | For connecting the programmer and PCB Olimex |
3 | USB-A-USB(mini) cable | Cable for connecting LapTop and programmer |
4 | USB-A-USB(mini) cable | Cable for connecting LapTop and PCB Olimex |
5 | USB Keyboard | For connecting it to Pastilda |
6 | Personal computer (e.g. LapTop) | For running the firmware update utility and populating the KeePass file with passwords |
7* | USB-UART adapter | For viewing the firmware boot log and for connecting to UART-CLI |
8 | Olimex-STM32-H407 electronic board | The target device that will run the firmware with the Pastilda application |
9 | Micro SD card | Removable storage of encrypted passwords, which stores the KeePass file with the extension *.kdbx |
Olimex-STM32-H407 electronic board
You will recognize the electronic board you need from this photo.
The product can be purchased at the Olimex online store for just 2144 RUR.
This electronic board has all the necessary hardware to run the application implementing Pastilda: USB host, USB device, SD micro, and LED.
To avoid accidentally scratching the electrolytic capacitors when transporting the board in a backpack, I even mounted such a transparent screen made of plexiglass.
Software part
As in any Hi-Tech development, in addition to hardware, there is also software.
What is needed from the software?
№ | Program or binary file | Explanation |
1 | KeePass.exe program | Client program for working with KeePass password database files (*.kdbx files) |
2 | ST-LINK_CLI.exe | Utility for flashing STM32 microcontrollers from the vendor. (CLI version) |
3 | OS Windows | To run the chip manufacturer's utilities ST |
4 | STM32 ST-Link Utility.exe | Utility for flashing STM32 microcontrollers from the vendor (GUI version) |
5 | olimex_stm32_h407_mbr_gcc_m.hex | Primary bootloader for the Olimex board |
6 | olimex_h407_bootloader_gcc_m.hex | CLI bootloader for the Olimex board |
7 | olimex_h407_freertos_pastilda.hex | Generic firmware Pastilda for the Olimex-STM32-H407 board |
Preparation of *.kdbx file with database
To work with the device, you first need to put a *.kdbx file with an encrypted password database on the SD card.
The file is created and filled in as in any other GUI utility on Windows. However, there is one point.
This firmware does not work with every *.kdbx keepass file. Before saving the file, you need to remove the service information (metadata) from it. To do this, go to Tools->Database Maintenance. And click on the Entry history Delete and Delete object information buttons. And save the file. Thus, the final keepass *.kdbx file will contain only the necessary information.
Firmware upload
Before uploading the Pastilda firmware, you need to install the bootloader. Due to the specifics of the sector layout of the STM32F4x family microcontrollers, there are two bootloaders. The primary bootloader (MBR) and the secondary bootloader (BootLoader).
The task of the primary bootloader is only to call the secondary bootloader. The task of the secondary bootloader is to call the generic application and allow updating the Generic via UART3.
You may ask: "why doesn't the primary bootloader call the application?"
The answer is simple. It will call, but it will not be able to update via UART. In this case, the primary bootloader would not fit into 16kByte-32kByte of Flash memory.
The fact is that the firmware update occurs through the CLI. And this is working with text protocols. The task of the bootloader is to accept the application via UART-CLI and write it to the combat ROM memory. And this functionality is almost impossible to fit into 16kByte.
In addition, the first sectors of Flash memory are all small and therefore already used for on-chip NVRAM. At the beginning of Flash memory, there is simply no continuous range of the required size.
And at the end of the ROM, there is a huge 128kByte sector, as if specially designed for a full-fledged BootLoader. Therefore, this is how two bootloaders appeared. And the application is located between them. Essentially three firmwares for one device.
№ | File Name | Description | Start Address | Size, kByte | Sector |
1 | olimex_stm32_h407_mbr_gcc_m | MBR | 0x08000000 | 32 | 0 |
2 | Here the firmware stores parameters | NVRAM | 0x08008000 | 32 | 2 |
3 | olimex_h407_bootloader_gcc_m | BootLoader | 0x080E0000 | 128 | 11 |
4 | olimex_h407_freertos_pastilda | Generic Application | 0x08010000 | 768 | 4 |
-- | -- | -- | Total: | 960kByte | -- |
About how to actually upload the *.hex firmware using the specified utilities, you can read the manuals from the microcontroller manufacturer ST or from the electronic board manufacturer Olimex.
Results
It was possible to port the firmware of the hardware password manager Pastilda to the widely used Bulgarian educational and training solid-state electronic board Olimex-STM32-H407.
This palliative solution allows you to save 3$0.00 on the purchase of the original Pastilda, which, by the way, costs 5000 RUR.
The firmware binaries can be downloaded from the link [1] on github.com. If you have any suggestions for improving the firmware functionality, write in the comments. I will enthusiastically make improvements and release a new version of the binaries.
I hope my firmware will help someone also start using hardware password managers. This will allow you to free up a few hours a month by speeding up the search and typing of various passwords on different sites.
Dictionary
Acronym | Decryption |
NVRAM | Non-volatile random-access memory |
MBR | Master Boot Record |
SD | Secure Digital |
PC | personal computer |
CLI | Command-line interface |
USB | Universal Serial Bus |
LED | Light-emitting diode |
RUR | Russian ruble |
Write comment