1BTC Bounty: mass-produced programmable USB stick w/ [O]LED display+button

[eldentyrell]

Hi, I will send 1.0 BTC to whoever can point me to a device I can purchase retail (quantity 10-20pcs) with the properties described below.  In the event that multiple people post links to qualifying devices I reserve the right to pick the winner at my sole discretion.  The bounty will remain open for at least one week regardless of answers.  The bounty will close if not claimed in 30 days.  I have a history of posting bounties and making good on them (here and here).

I had my hopes up for Trezor, but it turns out that the Trezor developers community is targeting a market that doesn't include me.  That's unfortunate, but consumer electronics is a tough market so I don't blame them for being focused.

I'm looking for a device I can use for signing bitcoin transactions as well as for doing GPG signing and authenticating to my Kerberos infrastructure.  I am willing to write the software myself, and plan to release it under an open-source license, but it's definitely not going to be anything fancy or something your grandma can use, so don't get your hopes up.

Requirements:

  1. USB Male A-type connector (like a Yubikey).

  2. Ability to impersonate a USB HID device (i.e. keyboard, mouse) and a USB mass-storage device, preferably at the same time.

  3. Some sort of microprocessor/microcontroller on it that I can reprogram, preferably using an open-source toolchain.

  4. Nonvolatile storage for my keys.

  5. Some sort of display that can show at least 10x2 or 20x1 characters of text, preferably a whole lot more.

  6. At least one button on it, preferably two.

  7. Still being manufactured (so I can order more in the future).

  8. Less than $100 each, preferably more like $50 each.  I might go above $100 if things get desperate.

  9. Can be rendered permanently non-reprogrammable (fuse, etc).  If you're not sure about this one please post anyways.

  10. As small as possible.  Honestly it shouldn't be too much bigger than a Yubikey (but probably a lot thicker).

If I find something good I'll standardize on these as our security tokens too (hence the need for 10-20 of them and a reasonable probability of future supply).

Thanks!

[1713866561]

1713866561

[1713866561]

1713866561

[1713866561]

1713866561

[allten]

"9. Can be rendered permanently non-reprogrammable (fuse, etc).  If you're not sure about this one please post anyways."

Interested what you mean by this one. Could you elaborate?

Doesn't meet all your criteria, but are you aware of this?

https://bitcointalk.org/index.php?topic=152517.20

[btchip]

for 9 I'd also advise to go for something like BitSafe and implement a secure chain of trust (bootloader that only accept encrypted code + encrypted storage + some obfuscation supposing your code can be read) of your own on top of it.

it'd be a satisfactory alternative for a fuse on a non specialized device and even more secure than the (wrong) feeling of security a fuse can give you imho

also for yoir needs I think you'd be more interested in implementing usb hid + ccid rather than usb hid + mass storage

[flipperfish]

for 9 I'd also advise to go for something like BitSafe and implement a secure chain of trust (bootloader that only accept encrypted code + encrypted storage + some obfuscation supposing your code can be read) of your own on top of it.

it'd be a satisfactory alternative for a fuse on a non specialized device and even more secure than the (wrong) feeling of security a fuse can give you imho

also for yoir needs I think you'd be more interested in implementing usb hid + ccid rather than usb hid + mass storage

Could you explain, why this bootloader you propose, is more secure than switching the writable parts to read-only? Wouldn't it be possible to simply change the bootloader?

[btchip]

Could you explain, why this bootloader you propose, is more secure than switching the writable parts to read-only? Wouldn't it be possible to simply change the bootloader?

It's a risk mitigation plan - with a fuse you just guarantee that some part of the rewritable memory containing your code cannot be overwritten and/or that your code cannot be read, which might be done correctly or not (until someone finds a way to disable it), and you lose the possibility to update your device, which is a bit sad for embedded products. So considering the fuse as a security silver bullet is a great way to fail hard

When designing a chain of trust, you'll consider how to flash new firmwares in such a way that an external party cannot obtain the code, and how to store and access data securely onboard - typically using keys that are only accessible from one part of the boot process and not to others. Thus if one piece of the security fails (such as the memory read or write protection), you're less safe, but hopefully still safe, and you can protect better against scenarios that no fuse would cover - such as an attack granting temporary code execution right on the device and the ability to dump things.

[Ente]

I posted some ideas over in the ellet thread. Maybe this could help you? You can't beat the price on these I guess :-)

I think it was suggested before, somewhere.
It seems like hardware is the main moneyburner here.

Why invent it again?
Use some small device with a bit cpu power, a good enough display, battery, usb connection and buttons.
Sounds familiar?
--> MP3 Player <--

Now I didn't research into this much. However, I found http://www.rockbox.org/ which replaces the stock firmware on a lot of mp3 players. We may use it directly, or parts of it, or just use it as a pointer to see which mp3 players are usable.

How about "sandisk clip":


Or "SanDisk Sansa c200":


edit:
even much more simple and surely cheaper, not based on rockbox:
http://www.s1mp3.org/en/docs_userguide.php

I would prefer one of the first two players..

I would use one of those. And buy a reprogrammed one, or maybe do it myself and send money in the direction of the firmware programmers.

Now these are strictly offline. No Paypal possible on these, as someone shouted on the original vapor-Ellet.. But good enough to sign transactions, for sure!

So, why are people burning truckloads of money on re-inventing the hardware? It's all in the software anyway!

Ente

Ente

[slush]

I had my hopes up for Trezor, but it turns out that the Trezor developers are targeting a market that doesn't include me.

Eldentyrell, our primary focus is to provide Bitcoin signing device. I never told you that we're not interested in expert usage of the Trezor device, but it must wait. We have limited resources and we want to finish the primary goal at first.

[eldentyrell]

I was under the mistaken impression that at least some of { cavedan, 2112, stick, cbeast } were Trezor developers, but I guess they're just zealots  I've edited my post to reflect this.

Eldentyrell, our primary focus is to provide Bitcoin signing device. I never told you that we're not interested in expert usage of the Trezor device,

No doubt!  But this isn't just about expert/novice.

A lot of people are saying that Trezor is supposed to be kept at home, in a lockbox, and that it isn't meant to be portable.  Nobody seems to have contradicted them, so I assume this is consistent with your intentions, although I have to admit it's strange.  If I wanted to put my bitcoins in a safe I'd just use an old laptop (airwalled, of course).

Anyways, if that's true it is definitely aimed at a market that doesn't include me.  I want something I can carry with me, and most of the people in your thread think that isn't part of Trezor's goal.

[eldentyrell]

"9. Can be rendered permanently non-reprogrammable (fuse, etc).  If you're not sure about this one please post anyways."

Interested what you mean by this one. Could you elaborate?

The primary concern is some (uber-wizard) hacker breaking into a computer I use and then reprogramming the device via USB with their own code that sends them all my BTC (and PGP keys, etc).

The secondary concern is the sneaky maid attack, although it isn't perfect protection.  You also need to mark the device in some subtle way so it can't simply be replaced with another one of the same type.

Doesn't meet all your criteria, but are you aware of this?

https://bitcointalk.org/index.php?topic=152517.20

Wow, no, I wasn't.  I need to investigate further, but it looks like that's exactly what I was looking for.  Please post a (fresh) BTC address; if nothing better appears by Monday you win.

[eldentyrell]

with a fuse you just guarantee that some part of the rewritable memory containing your code cannot be overwritten and/or that your code cannot be read, which might be done correctly or not (until someone finds a way to disable it)

Er, blowing out on-chip fuses is a pretty destructive operation… nobody's going to disable that (or "repair" it for that matter).  Unless they're really dumb the people who design the fuse circuitry have it destroy the charge pump that generates the above-VDD voltage needed to write to flash memory, so there's no longer any voltage source capable of performing a write operation.  You can't circumvent that without a soldering iron.

and you lose the possibility to update your device, which is a bit sad for embedded products.

At $100/ea I can live with that.

[eldentyrell]

I posted some ideas over in the ellet thread. Maybe this could help you? You can't beat the price on these I guess :-)

Thanks Ente, those mp3 players sure are cute, but unless I'm mistaken none of them have male USB A-type connectors, so they're not really useful to me without a cord.  Having to carry the cord around effectively doubles their size.  

[GeorgeH]

If you're interested in having such a device designed, I'd be interested in contracting.

Primary plan of attack would be a PIC32 doing USB HID+MSD with an EEPROM. Nothing revolutionary.

The PIC32 toolchain isn't entirely open, but the compiler is open and all required tools are cross platform. The PicKit3 programmer is available for $45. Clones exist if you want to save money. (IMHO they're not worth the trouble, but it's your prerogative.)

The parts list would look something like this:
uC: http://www.digikey.com/product-detail/en/PIC32MX230F064B-I%2FML/PIC32MX230F064B-I%2FML-ND/3046648
Display: http://www.digikey.com/product-detail/en/NHD-12232KZ-NSW-BBW-P/NHD-12232KZ-NSW-BBW-P-ND/1701265
Serial EEPROM (multiple for redundancy?)
Buttons: http://www.digikey.com/product-detail/en/MJTP1138BTR/679-2415-1-ND/2344168 (A shorter button would be used if you want keycaps)
USB connector: http://www.digikey.com/product-detail/en/48037-0001/WM17117-ND/857603

Estimated BOM price is about $25 with PCBs.

Potential issues:
Security. Are you looking for encryption and authentication? How about hardware security?

Size. The display is going to make a big difference here. What content do you want to display?

Case. I can 3d print cases, but they're neither as pretty nor as durable as injection molded cases.

Write only. A tamper proof write only setting would take some extra effort. How permanent does this need to be?

What's your desired capacity?

Software. USB software is generally painful to develop.

E: \/ John, that post made me search around for an upvote button. Looks like a great product!

[John (John K.)]

This project (http://www.kickstarter.com/projects/myidkey/myidkey-passwords-at-the-tip-of-your-finger?ref=category) is incredibly near to what you're looking for.

[eldentyrell]

This project (http://www.kickstarter.com/projects/myidkey/myidkey-passwords-at-the-tip-of-your-finger?ref=category) is incredibly near to what you're looking for.

Egads, kickstarter is perhaps the only scam-magnet more powerful than bitcoin.  No thanks.

[allten]

Well, If you liked the Bitsafe and it was close enough to your specifications,
Here is the BTC address for the project:

1N13Pmk9c6swzb4QYKzPq317Cp1Z5idRJS

https://bitcointalk.org/index.php?topic=152517.0

Thanks!

[MineMind]

You have some solid and cheap mass-produced options available:

Bayer Contour USB Diabetes stick (10$, will be produced for a long long time, can buy anywhere, and hackable):
http://www.amazon.com/Bayer-7393-Contour-Glucose-Monitoring/dp/B0030HTZII
http://www.youtube.com/watch?v=WP80zk-1E-w
http://stackoverflow.com/questions/6554863/migrating-c-code-that-talks-to-a-usb-glucometer-device-from-linux-to-android
http://img1.findthebest.com/sites/default/files/2470/media/images/Contour_USB_520287.jpg

Alternatively, iRiver (big name), RCA (medium), and Coby (budget name) always have USB stick / LED Mp3 sticks for sale with the same basic hardware repackaged:
(29$) http://shop.iriverinc.com/index.php/media-players/t9/t9-4gb-digital-mp3-player.html
http://www.geocities.jp/teamhasebe/pasocom/parts/elctrncs/t92.jpg
(40$) RCA TH2002 "flip out" mp3 usb stick www.amazon.com/dp/B004FN1AA2/ (usually sold at Sears and Radioshack as well)
http://ecx.images-amazon.com/images/I/41WqyfjowgL.jpghttp://ecx.images-amazon.com/images/I/31IMzkwBrUL.jpg
Cobyxample (usually sold at walgreens/cvs): http://www.cobyusa.com/?p=prod&prod_num_id=10716&pcat_id=2001

If in Europe, you could check out the Energy SistemTM Energy MP3 Stick
http://store.energysistem.com/en/productos/mp3_players/39158-energy_mp3_stick_4gb_1404_mystic_blue
http://www.grupoenergy.com/grupoenergy/images/productos/39158/pllbmnemacdm.jpg

If this was helpful; 1HPtWKYF7vVTJmqFWLPVgTn7Ht5T4xCUQd

[flipperfish]

You have some solid and cheap mass-produced options available:

Bayer Contour USB Diabetes stick (10$, will be produced for a long long time, can buy anywhere, and hackable):
http://www.amazon.com/Bayer-7393-Contour-Glucose-Monitoring/dp/B0030HTZII
http://www.youtube.com/watch?v=WP80zk-1E-w

The Bayer Contour looks quite interesting. Do you know, if the firmware can somehow be modified to run own code? The YT-Video you linked, didn't quite show that.

[MineMind]

You have some solid and cheap mass-produced options available:

Bayer Contour USB Diabetes stick (10$, will be produced for a long long time, can buy anywhere, and hackable):
http://www.amazon.com/Bayer-7393-Contour-Glucose-Monitoring/dp/B0030HTZII
http://www.youtube.com/watch?v=WP80zk-1E-w

The Bayer Contour looks quite interesting. Do you know, if the firmware can somehow be modified to run own code? The YT-Video you linked, didn't quite show that.

Please see related discussion in the Stackoverflow link. The default desktop software is java so yes it should be easy to see what is going on and modify the files accordingly. The DB it uses is SQLlite.

[MineMind]

Bump, any news?

[eldentyrell]

The Bayer Contour looks quite interesting. Do you know, if the firmware can somehow be modified to run own code? The YT-Video you linked, didn't quite show that.

Please see related discussion in the Stackoverflow link. The default desktop software is java so yes it should be easy to see what is going on and modify the files accordingly. The DB it uses is SQLlite.

Um, I read the stackoverflow link and it's talking about modifying the software that runs on your host PC to pull data off the Bayer stick.  There's nothing in there about putting your own code on the stick.

Bump, any news?

MineMind, those sticks are all really cute, but I don't see any evidence that any of them meets criterion #3 "Some sort of microprocessor/microcontroller on it that I can reprogram."  Frankly most of the value I was hoping to get out of posting the bounty was pre-filtering for programmability.  Just posting a bunch of links to USB sticks without any research into whether or not they're programmable doesn't help me much.