A Raspberry Pi Pico-based bluetooth password typer that runs on CircuitPython.
This is a project that I made a long time ago. I put it here for archival purposes. If you feel like continuing development of this incredibly cursed device, go for it.
This is by no means secure! It's more of a convenience tool than it is a security device. See my note below.
You will need an HC-06 Bluetooth Serial Adapter for this to work. I didn't have a Raspberry Pi Pico W when making this.
You've probably heard of those fancy schmancy USB Rubber Duckies that can autotype things and do all sorts of nasty stuff.
Now, imagine if you can take advantage of a password manager's autofill feature and type in your login credentials for you (or on machines that you can't install a password manager on, i.e. a work PC).
Combine that with a Raspberry Pi Pico and a Bluetooth serial adapter, and you've got a PicoPasskey.
- Flash the firmware - Install a copy of CircuitPython, then copy the files in the
fwfolder to the exposed drive interface. Reboot the device once, then follow further instructions below. - Wire things up - See provided schematics.
- Autofill my credentials - Install the provided PicoPasskey.apk app, or use a Bluetooth Serial Terminal app with the instructions provided below.
That's an app I made using Kodular to take advantage of the autofill feature in nearly every password manager you can find. The source code can be found in the app folder in this repo.
That's the neat part - It isn't. If I actually cared enough about this thing, I would've implemented some form of encryption. I trust that you use this in environments that aren't mission critical. If you feel up to the task, I challenge you to implement some form of encryption on the device!
The PicoPasskey uses a protocol very similar to the Hayes Command Set used in old school dialup modems. Note that the PicoPasskey uses \r\n to signify the end of a command/reply.
Basically used to check if everything's in working order.
Opcode: AT
Response: OK
If 1, the flash drive interface and debugging serial port is enabled on the Pico (This will be the default mode when you first flash the firmware). Otherwise, the Pico will disable all peripherals and operates in HID Keyboard only mode.
Opcode: AT+GETDEBUG
Response: 1 or 0
If for any reason the Pico fails to talk to the Bluetooth Serial Adapter 3 times, it will turn on emergency mode, which will set the debugging mode flags and allow you to safely recover your Pico.
Opcode: AT+GETDEBUG
Response: OK and a reboot
If you feel like tinkering around, use this command to show/hide the flash drive and debugging serial interfaces.
Opcode: AT+SETDEBUG 1 or AT+SETDEBUG 0
Response: OK and a reboot
Here's the good part. You can ask it to "just type this thing", "type it and tab to the next input field" or "type it and submit".
Opcodes:
Just fill data:
AT+FILL 0 (credential)
Fill with tab:
AT+FILL 1 (credential)
Fill with return:
AT+FILL 2 (credential)
Response: OK
Mainly a convenience feature.
Opcode: AT+VERSION
Response: PicoPasskey Firmware v0.1.2