The
Beginings of NanoNote Security
One thing that has always been a bit of an itch is the lack of
security on the Ben
NanoNote. Especially since I use my NanoNote as my
addressbook, calendar, notepad, etc.
Recently this grew to much more then an itch. The event that
precipitated the change was misplacing my NanoNote. I had been
out and about and when I got home I couldn't find my NanoNote.
Not only was I faced with the loss of my beloved NanoNote I was
also facing the fact that anyone that picked it up would have
detailed access to much of that info.
I had started encrypting notes that I wrote with the VI editor. I
had even increased the strength of the encryption by configuring
VI to use the newer Blowfish encryption. However the address book
calendar and other things were still unencrypted.
Also the fact that the NanoNote would be fully functional for
whomever picked it up caused me pangs of grief as I saw this as
greatly reducing the chance of it getting turned in.
Happily I was able to locate my NanoNote. It turns out it had
been mislaid at home not while I was out. But my eyes had been
opened.
I had already done some minor hacking to see if one could easily
impliment a login screen. Those investigations turned up the fact
that OpenWRT seems to lack any of the usual console login
programs.
Newly energized by my recent scare I wrote a login script that
can be inserted into /etc/inittab to add a layer of security.
Once I had it working I started adding some features. the first
one I added was the ability to have it print owner information
above the password prompt thus increasing the chance that people
will get their NanoNotes back.
The script is still fairly primitive and need some clear
improvements (such as hashed passwords) but it is a decent start
and vastly better then the nothing the NanonNote had before.
Here is the script as it stands so far:
#!/bin/bash
#
#Login script to secure the nanonote
#Clear the boot Splash off the screen
reset
#Print Contact Info if it Exists
if [ -f /etc/owner ]; then
cat /etc/owner
fi
#Get Password
echo -n "Password: "
stty -echo
read password
stty echo
echo ""
#Check Password (yes this should be hashed. It's on my list)
correct="$(cat /etc/verify)"
if [ $password = $correct ] ; then
exec $1
fi
And here is the modified /etc/inittab:
::sysinit:/etc/init.d/rcS S boot
::shutdown:/etc/init.d/rcS K stop
tts/0::askfirst:/sbin/login "/bin/ash --login"
ttyS0::askfirst:/sbin/login "/bin/ash --login"
tty1::respawn:/sbin/login /usr/bin/gmenu2x
tty2::askfirst:/sbin/login "/bin/ash --login"
tty3::askfirst:/sbin/login "/bin/ash --login"
tty4::askfirst:/sbin/login "/bin/ash --login"
I will push the script and the inittab up to the nanobit
section on the qi-hardware site when I get a chance.
Future plans
include:
Hashed passwords
perhaps an option to set the nanonote to smaller fonts
A single login.conf file instead of separate owner/verify/etc
Prettier (graphic?) login screen
Hide the hit [F] for failsafe message (doing so bypasses the
login) (older BNN Firmware only)
This site by Freemor is licensed under a Creative
Commons Attribution-ShareAlike 2.5 Canada License.
Permissions beyond the scope of this license may be available at
http://freemor.ca/Contact.htm.