Wednesday 2 July 2014

Encryption - now available


I assume you are already familiar with my previous post.

First, some info about new firmware version: 0.91:
  • supports AES-128 (CBC mode) based data encryption,
  • can be password protected,
  • "Restore Defaults" functionality - erases all user settings (includes password protection).

Version 0.91 is not really "safe" yet. There are two "vulnerabilities" that I've left there intentionally:
  • "Restore Defaults" procedure works immediately. Normally it would take a while (more info here).
  • It is possible to access bootloader and replace firmware even without knowing password.
The reason for all of this is that password protection can permanently lock the device. Since this is a very first public release of firmware that supports the password protection mechanism, it is not possible to rule out that there may be some serious bugs (both in firmware and InputStickUtility app). I don't want anyone to be left with permanently locked device or to spend a lot of time going through restore procedure.

If there are no serious problems found, these "features" will be removed form next version.


Now, new InputStickUtility app:

New buttons (bottom row, starting from left) : Security, Firmware Upgrade, Info:


Security:

 
App password (key) is stored in InputStickUtility application. If you believe that your device is properly protected, you can consider to store the password also in plain text form.

Encryption key is stored in InputStick flash memory. If you will use the device with some other Android device, you'll have to provide its password. That is why it may be a good idea to store also the plain text version: it won't be used on a daily basis, so most people will probably forget it eventually.

Obviously, both passwords must match.

In case if you forget the password (and it is not stored in plain text form or the Android device got lost or destroyed) you can use "Restore Defaults" option. As mentioned before, in this version it will work immediately.

Security settings will be available only when firmware version of the device is at least 0.91.

Firmware Upgrade:

 
Here you can upgrade your device to new firmware version. It will erase all user settings (this includes encryption key) form the InputStick device.

Info:

Displays basic info about the device.



Select device activity:


I also modified "Select device" activity a bit: now it won't disappear immediately after selecting device.




 
Posted by at

2 comments:

  1. Max2 July 2014 at 23:46

    There seems to be a slight sizing problem for older (smaller) displays - like the Galaxy S2 (480x800): http://tinypic.com/r/208tq4w/8 . Also, the flashing process was successful, but I was left staring at a tiny [OK] with no other feedback, wondering if it was wise to press "back" now, or else what more I was supposed to wait for. Some sort of explicit screen change or "it's done and you're free to fuck off now, go ahead, off you go!" notice would be nice.

    ReplyDelete
    Replies
    1. qubas3 July 2014 at 01:01

      Thanks for your feedback, you're really helping me out :) I totally forgot about displaying some sort of dialog message, my bad (already fixed). As for the scaling problem: I'll look into this, in Android SDK everything was displayed correctly for most popular resolutions.

      Delete

Subscribe to: Post Comments (Atom)