SecureChatAnywhere ESP32 project

I’m working on a hardware project to be able to use a smartphone to send and receive encrypted messages manually based on my old SecureChatAnywhere project for desktop computers (Java):
https://github.com/modrobert/SecureChatAnywhere

SecureChatAnywhere is a lightweight program written in Java with the purpose of making it easy to encrypt and decrypt any kind of text messages using AES-128/CBC symmetric encryption. The graphical user interface (GUI) is designed as a convenient “copy & paste tool” for computers to manage encryption and decryption stand-alone, in other words without relying on any kind of external communication.

Optimistically I trust desktop computers dealing with plaintext, but not smartphones since they are compromised by design (the cryptographic keys are in control by the vendors). The idea is that the smartphone only handles ciphertext since it is not trusted.

I’m using an ESP32S3 dev kit for the implementation of SecureChatAnywhere for use with a browser on smartphones (e.g. Android or IOS).

Here’s the C programming progress so far:
[✓] AES-128/CBC with PKCS#7 padding
[✓] http server for ciphertext input and output viewed via browser on the smartphone
[✓] Bluetooth BLE 5.2 HID keyboard host with power save support (this took a lot of time)
[✓] USB 2.0 HID keyboard host
[✓] esp32 I2C display support
[ ] PCB design

All software parts have been tested working individually, I’m now at the stage of combining the software to work together as one. Eventually I will design a PCB and get a suitable case for the project.

New domain and forums

I have registered a domain modrobert.org for the weblog and opened new forums. You are welcome to join. The current forums as listed below:

Console Hacking
Electronics
Off Topic
Retrocomputing
The Welcome Mat

My expectations are low, so cheers to humble beginnings. For those who remember EurAsia, this will probably be a bit different, but perhaps interesting anyway. Have fun!

ZeroBB – A minimalistic forum on the Tor network

If you have news to report, ideas to share, dislike moderation, and prefer to be anonymous, then read on.

ZeroBB is based on ZeroBin which is an open-source online paste tool where the server has zero knowledge of pasted data. The exception is when you make a new post to the public forum by having “Forum index” checked, the web server will know the key for that post since it is public. The data is encrypted/decrypted in the browser using 256 bits AES.

ZeroBB is running as a Tor hidden service v3 which means you have complete end-to-end encryption, no HTTPS required (regardless what your browser states). The Tor network also provides decent anonymity, it’s not perfect, but it has great potential.

http://gd6is466quuhsgzbztyv4sjswdhgfii63wf54qsb32v27xmm5dxbtmid.onion/0bb/

The Tor onion URL is long, but it serves a purpose as it also doubles as a key to access the site which in my opinion makes it more secure than DNS. Try to avoid using proxy services to access Tor as it compromises the security (MITM), also avoid services making the URL shorter if you want to keep the post secret. For more info about the Tor network, or to download the Tor browser, check the project site here: https://www.torproject.org/

ZeroBB Features:

No moderation.
No registration required.
No cookies.
No database.
Post anonymously (comments optionally have nicknames).
The user (OP) can delete their post¹ or set initial expiration time limit.
Data is compressed and encrypted in the browser before sending to server.
Uses 256 bits AES JS library².
Search engines can’t index³ the content.
Lean and mean minimalistic design.
Modified to work over the Tor network.

¹ In order to delete a post and all comments associated with it the “Delete link” URL (token) is required which is given after submitting a new post.
² Check https://sebsauvage.net/wiki/doku.php?id=php:zerobin for more details.
³ As long as search engines don’t execute JavaScript code when crawling (which they don’t AFAIK).

There is no specific direction what this forum is about, personally I like hacking related stuff, programming, reversing electronics and software, and being able share info without being tracked or censored. The forum/board functionality is bare minimum at the moment, pretty far from ideal, but it is work in progress. Let me know if you find any bugs, lots of code is in flux due to active development so expect some downtime.