How to Use the ESP32 CYD to Securely Store Your Data

by Northstrix in Circuits > Microcontrollers

2462 Views, 13 Favorites, 0 Comments

How to Use the ESP32 CYD to Securely Store Your Data

IMG_0604.jpg

The ESP32 ESP32-2432S028R (Cheap Yellow Display or CYD for short) is a convenient development board that features the ESP32, 320x240px TFT LCD with a touch screen and a built-in SD card slot.

When I got my hands on that board, I ported the

Electronic-Shelf-Label-Management-System project to it, and modified the TetrisWithNunchuck project to work with the Nintendo 64 Controller, producing the ESP32-Tetris-With-Nintendo-64-Controller project.

However, I've decided to go even further and make an advanced data vault that would utilize the capabilities of the ESP32 CYD. To do so, I took the firmware from the Midbar (Teensy 4.1 Version) V3.1 and adapted it to work on the ESP32.

Without further ado, let me present you with the result of that endeavor.

This tutorial is also available on Medium.

Supplies

  • ESP32-2432S028R x1
  • PS/2 Keyboard x1
  • PS/2 Port x1

Prepare the Development Environment

F7PFMLPLX8ZGOUC.png

To flash the ESP32 CYD, you need to configure the Arduino IDE, install the necessary libraries, and put the “User_Setup.h” file where it should be. You can read how to do all of that at https://randomnerdtutorials.com/cheap-yellow-display-esp32-2432s028r/

Install the Required Libraries

31.png
32.png

Download the archives with the following libraries:

And then either unpack the content of each archive into the "…\Arduino\libraries" folder or open the Arduino IDE, click on "Sketch" -> "Include Library" -> "Add .ZIP Library…" and select each archive with the library.

Download Firmware

df.png

You can download the archive with firmware from one of these sources:

https://sourceforge.net/projects/midbar-esp32-cyd/

https://github.com/Northstrix/Midbar-ESP32-CYD

If you only need the firmware, then download the archive from SourceForge. If you also want the project photos, as well as the additional code samples, then download the archive from GitHub.

Install ESP32 Filesystem Uploader

FFHDH2NLQ9HZ2N6.png

The primary purpose of the ESP32 Filesystem Uploader is to let you upload files into ESP's filesystem. In this tutorial, the purpose of this tool is to upload an empty SPIFFS image into ESP.

Download the file called ESP32FS-1.0.zip from https://github.com/me-no-dev/arduino-esp32fs-plugin/releases/

And then extract the content of the archive into the "...\Arduino\Tools\" folder.

After that, restart the Arduino IDE.

Switch the Partition Scheme to the "No OTA (2MB APP/2MB SPIFFS)"

pats.png

Switch the partition scheme to the "No OTA (2MB APP/2MB SPIFFS)" before you continue working with ESP32 because the firmware for the board is too big for the default partition.

Format ESP32 Flash Memory

forms.png

To format the ESP32 Flash memory:

  1. Connect the ESP32 CYD to the computer;
  2. Click on "Tools" menu -> "ESP32 Sketch Data Upload" line;
  3. Click Yes in the pop-up window.

The program is going to format the built-in flash memory.

Clear EEPROM

clear EEProm.png

To use Midbar, you first need to clear EEPROM.

To do so, upload the firmware from the "...\V1.0\Clear_EEPROM" folder into ESP32.

Generate Keys

FUOCLQJLQTI5FGR.png

To make the unauthorized deciphering of your data computationally infeasible - It is crucial to generate your own keys and never reuse them.

It's entirely up to you how to generate the keys. I can only offer you an option to do so.

I've modified one of my previous projects to work as a random number generator, the generated output seems "random enough" for me, but I haven't run any tests. So, I can't guarantee that it's random.

Use it at your own risk!

Since this version of Midbar was derived from the Midbar (Teensy 4.1 Version) V3.1, it's compatible with its software, so you can use the key generator from the Midbar (Teensy 4.1) V3.0 (that's compatible with Midbar (Teensy 4.1 Version) V3.1) to generate the keys for that version of Midbar.

To generate the keys for Midbar - launch gen.exe from the "...\V1.0\Compatible Software\Untested RNG" folder and click the "Gen. keys for Midbar (Teensy 4.1) V3.0" button. The background turns from dark gray to light gray when you press that button.

Modify Firmware

F0M6OPWLQTI5FH8.png

Open the "Firmware_for_ESP32.ino" file from the "...\V1.0\Firmware_for_ESP32" folder and then replace my keys with those you've generated.


You can also tweak some parameters in the following lines:

#define MAX_NUM_OF_RECS 999

// Max. number of chars for each field for the logins stored in EEPROM

#define MAX_NUM_OF_CHARS_FOR_USERNAME 52

#define MAX_NUM_OF_CHARS_FOR_PASSWORD 52

#define MAX_NUM_OF_CHARS_FOR_WEBSITE 56

// You can repartition the field sizes as long as the sum of all three values is 160

uint16_t colors[4] = { // Purple, Yellow, Green, Blue

0xb81c, 0xfde0, 0x87a0, 0x041c

};

const uint16_t current_inact_clr = colors[3];

const uint16_t stripe_on_the_right_and_oth_opts_color = colors[0];

const uint16_t five_six_five_red_color = 0xf940;

Upload the Modified Firmware Into ESP32 CYD

flesp32.png

Upload the modified firmware from the "...\V1.0\Firmware_for_ESP32" folder into the ESP32 CYD.

Assemble the Device

Circuit Diagram.png

At that point, simply connect the PS/2 port to the board and plug a keyboard into it.

If the keyboard won't work, try connecting it to the 5V (VIN pin).

Power Up the Device

IMG_0542.jpg
IMG_0543.jpg
IMG_0544.jpg
IMG_0545.jpg
IMG_0546.jpg
IMG_0547.jpg
IMG_0548.jpg
IMG_0549.jpg
IMG_0550.jpg
IMG_0552.jpg
IMG_0554.jpg
IMG_0555.jpg
IMG_0556.jpg
IMG_0557.jpg

Supply the power to the ESP32 CYD via the USB cable or VIN and GND pins.


Credit for photos:

Atlanta:

Photo by Kelly from Pexels

Dallas:

Photo by Talena Reese from Pexels

Haifa:

Image by Volker Glätsch from Pixabay

Jerusalem:

Image by krystianwin from Pixabay

Miami:

Photo by Alejandro Luengo on Unsplash

Pittsburgh:

Photo by Yuhan Du on Unsplash

Riyadh:

Image by apriltan18 from Pixabay

Rome:

Photo by Nicole Reyes on Unsplash

Saint Paul:

Photo by Javier Quiroga on Unsplash

Singapore:

Photo by Jay Ang on Unsplash

Tel Aviv:

Image by ran from Pixabay


*As for the origin of the patterns:

I made an 80x80px pattern myself. The flower patterns were generated by Bing Image Creator in December 2023.


P.S. Ignore the SD card inserted into the ESP32 CYD's built-in slot. It's not needed for this project.

Set Master Password

IMG_0558.jpg
IMG_0559.jpg
IMG_0560.jpg

To use the Midbar, you first need to set the master password.

You can't change your master password without performing the factory reset first!

Midbar won't be able to decrypt your data without your master password because the keys for the encryption algorithms are partially derived from it. Perhaps it won't even unlock without the correct master password.

When you're done entering your master password, press either the "Enter" or the "ESC" key on the PS/2 keyboard.

After you've unlocked the vault and got to the main menu:

  • Press the "" (DOWNWARDS ARROW) key on the PS/2 keyboard to go down the menu.
  • Press the "" (UPWARDS ARROW) key on the PS/2 keyboard to go up the menu.
  • Press either the "Enter" key on the PS/2 keyboard to open the selected menu.
  • While in the submenu, press either the "Esc" or the "Backspace" key on the PS/2 keyboard to return to the main menu.


While entering a text in a tab:

  • Press "Enter" on the PS/2 keyboard to continue.
  • Press the "Esc" button on the PS/2 keyboard to cancel the current operation.

Benefit From the Secure Data Storage

IMG_0566.jpg
IMG_0567.jpg
IMG_0568.jpg

Finally, when you've configured Midbar, you can start benefitting from its primary function: secure data vault.

You can use Midbar to store your login credentials, credit card details, notes, and phone numbers in the ESP32's built-in Flash. You can also store two login credentials in the ESP32 EEPROM.


Note that the maximum amount of characters that would fit into each field of a record stored in the EEPROM is defined in the following code segment:

// Max. number of chars for each field for the logins stored in EEPROM
#define MAX_NUM_OF_CHARS_FOR_USERNAME 52
#define MAX_NUM_OF_CHARS_FOR_PASSWORD 52
#define MAX_NUM_OF_CHARS_FOR_WEBSITE 56
// You can repartition the field sizes as long as the sum of all three values is 160

The records stored in Flash aren't affected by this limitation. There, you should be able to put up to 650 characters into each field (and even more, though I wouldn't recommend it).

Make Use of the Data Encryption Capabilities

IMG_0569.jpg
IMG_0570.jpg
IMG_0573.jpg
IMG_0574.jpg
IMG_0575.jpg
IMG_0581.jpg
IMG_0582.jpg
IMG_0583.jpg
IMG_0584.jpg
IMG_0585.jpg
IMG_0586.jpg
IMG_0588.jpg
IMG_0588.png

Aside from its primary vault functionality, Midbar also allows you to encrypt and decrypt strings using various encryption algorithms.

The encryption algorithms from the "Encryption Algorithms" menu encrypt and decrypt data using the keys from the vault memory, so to decrypt a string that's been encrypted that way, you'll need a vault with the same cryptographic keys and the same master password.

Encryption algorithms from the "Other Options" -> "Custom Key Encryption" menu enable you to encrypt your strings using the key that you manually enter at the time of encryption and later decrypt these strings on the Midbar (Teensy 4.1) V3.1 or any of the available desktop apps, and vice versa.

Enjoy the Result

Untitled.png

Midbar is a functional and easy-to-use data vault that securely stores your valuable data in the ESP32's Flash memory and employs advanced cryptographic features, such as superencryption and HMAC-SHA256-based data integrity verification. Additionally, this version of Midbar costs like several cups of coffee, making its advanced capabilities remarkably affordable.

I think it's also worth mentioning that Midbar's source code is distributed under the MIT license. That grants you the freedom to customize, adapt, and modify Midbar according to your needs and preferences. In other words, you can create your own version of Midbar or use it as a starting point for building new projects without the need for external permission.