This page is a mirror of Tepples' nesdev forum mirror (URL TBD).
Last updated on Oct-18-2019 Download

New here, question about a password manager cart

New here, question about a password manager cart
by on (#119046)
Hi. I joined this forum to help get me an answer to
an nes cart idea thats been rolling around in my head for awhile. (unless its been done)
Yeah, its roomier then it looks :lol:

To start with, i know little about 6502 assembly (and programming in general),
but was considering makeing this my learner project.

My basic idea was a rom (eventually made into the necessary cart EPROMs) that could
store passwords (like the 5+ i use online) in battery-backed ram. Nothing more
complicated then, say, 16 alpha-numeric characters (upper/lowercase, possibly some special chars)

A further development would be to use the 6502 to sudo-randomly generate said passwords. I'm
not exactally sure how random it would be, as I'm fairly sure the NES's 6502 lacks anything as sophisticated as a modern cpu's random number generator. However, to add randomness to said generation, one could solicit input from the user (couple of sprites dancing on the screen and button presses, or even use the zapper)

Even further developments beyond that would be a master password with x number of attempts
before the battery backed ram (I believe its SRAM) is wiped. For even MORE sneakyness, possibly
hide it somehow inside an existing game.

I kinda like this idea because i never write down passwords and believe in never staying signed in.
Also at 36 my memory is already developing bad sectors :oops:

Again, I'm not sure how much of this is even possible. I did a few quick searchs of this forum and google but found nothing. However i should mention that my forum search-fu and google-fu are horrible...

Anyhow, thanks in advance!
Re: New here, question about a password manager cart
by on (#119049)
Why on the NES though? Having to turn on your TV and NES just to check a password is not efficient at all... Unless you plan to run this in emulators, in which case it would be easier to program a native application.
Re: New here, question about a password manager cart
by on (#119050)
batmreload wrote:
I'm fairly sure the NES's 6502 lacks anything as sophisticated as a modern cpu's random number generator.

Most CPUs do not contain a random number generator. Ironically, the NES actually contains one to produce the noise channel audio output.

This thread talks about the issue of gathering entropy for your initial random generator seed: http://forums.nesdev.com/viewtopic.php?f=2&t=9796

Also, I made a very simple entropy-gatherer which uses the length of time a button is held, here: http://forums.nesdev.com/viewtopic.php?f=2&t=9364
Re: New here, question about a password manager cart
by on (#119067)
The NES contains an LFSR to generate noise. By itself, it's only a fancy timer. It takes either user input or analog noise input to make an actual random number generator. Fortunately, the NES has both.

User input: Play a 1-byte sample with the DMC IRQ at rate $F (54 CPU cycles per sample, 8 samples per IRQ). This causes nearly 69 IRQs per frame. In the IRQ handler, read the controller, increment a seed, and add this seed to your entropy pool if a button is pressed or released since the last read. Mash buttons until enough entropy is collected, for about 16 bits per press and release. Rainwarrior's demo does this, just without the IRQ handler.

Analog noise input: A technique that kevtris and I developed produces a few bits at power-on by exploiting analog effects of bus conflicts caused by reading $2007 while rendering is on. The "Pretendo" demo in topic 9796 demonstrates this. In the same topic, blargg suggested hashing the power-up state of OAM.
Re: New here, question about a password manager cart
by on (#119138)
tokumaru wrote:
Why on the NES though? Having to turn on your TV and NES just to check a password is not efficient at all... Unless you plan to run this in emulators, in which case it would be easier to program a native application.


I like the stealthiness of storeing it in a unassumeing game cart. Efficient? While obviously you can't copy and paste it into a browser window, for the few times i actually NEED to recall a password (usually right after when i change them all out) it beats searching for that scrap of paper!
Re: New here, question about a password manager cart
by on (#119141)
If your only goal is to store it into a "unlikely" platform then you might as well save it on a Commodore 64 tape, it's easier and all the tools are already there (if you have a C64, that is). I think the percentage of people that still remember how to use them is small enough to consider this "safe".
Re: New here, question about a password manager cart
by on (#119146)
Another option may be to avoid anything touchy enough not to be implemented properly on a NOAC.

What about simulating a paint program and having the user draw via joypad for a set period of time. That should create enough "noise" methinks.
Re: New here, question about a password manager cart
by on (#119147)
Why bother with asking user to perform some crazy actions to initialize a RNG? Initial RAM state combined with measured delay between start up and first button press should be enough.
Re: New here, question about a password manager cart
by on (#119148)
batmreload wrote:
tokumaru wrote:
Why on the NES though? Having to turn on your TV and NES just to check a password is not efficient at all... Unless you plan to run this in emulators, in which case it would be easier to program a native application.


I like the stealthiness of storeing it in a unassumeing game cart. Efficient? While obviously you can't copy and paste it into a browser window, for the few times i actually NEED to recall a password (usually right after when i change them all out) it beats searching for that scrap of paper!


Piece of paper inside a game cart shell?
Re: New here, question about a password manager cart
by on (#119165)
Dwedit, but how are you going to have the piece of paper lose all your passwords due to a bad connection?

A piece of paper is the way to go. "Air gap" security. If someone might see it, use steganography, e.g. numeric passwords in the same format as phone numbers. If you want secure password generation, flip a coin multiple times for each character.
Re: New here, question about a password manager cart
by on (#119172)
Shiru wrote:
Why bother with asking user to perform some crazy actions to initialize a RNG? Initial RAM state combined with measured delay between start up and first button press should be enough.


You are right. I was thinking a little too far ahead. What if the guy wanted the cart ROM emulated? There's no way to know if the emulator developer intentionally randomizes memory.

He may have intended real hardware and real NES system only.
Re: New here, question about a password manager cart
by on (#119175)
In case of an emulator, measured delay will work anyway. So unless user will intentionally attempt to press a button in a precise moment of time, it still will work, just with less randomized initial state.
Re: New here, question about a password manager cart
by on (#119176)
Yeah, polling the controller continuously will generate far more entropy on hardware than on an emulator. It wouldn't be hard to emulate this though, by choosing a random time during the frame for the new button state to take effect. Would add half a frame of latency on average though.