OneRNG - Extra anti-tamper validation

OneRNG contains a number of mechanisms against tampering - in particular we sign our firmware and check it every time a device is inserted, we structure our code to make it hard, if not impossible, to fake this tampering.

Ever since V3.0 firmware we have also quietly included a device fingerprint - this page tells you how to use this fingerprint to check if it is valid and to see if it has been tampered with. V3.0 firmware is contained in most OneRNGs, hardware versions V2 and V3, all versions except for the original beta and early manufactured kickstarter units - all the ones with the 'boxy' RF shield are V1.0 look here to identify your unit.

When we manufacture OneRNGs we 'lock' the debug port on the CPU, this means that the internal FLASH ROM cannot be read or written, the only way to unlock the CPU to write new code into it is to erase ALL of the flash. This is good because it protects the contents but means that the device is still hackable for those who want to take the source and modify it for their own use. It also means that the unique fingerprint we install into each device cannot be read out and is destroyed if someone loads their own code into it. If you're programming your own device you likely don't care if the fingerprint is destroyed because you loaded your own code and understand where it came from (however this extra validation will not work for you).

The fingerprint essentially contains:

We have kept a list of all the fingerprints we've installed on every manufactured OneRNG, but have not kept track of who received which device, or which fingerprint .... there's a point in the manufacturing process where they are all essentially thrown in a big bin and mixed around.

We can verify a device's fingerprint by using its device ID to look up the entire fingerprint in a database and then use the key to encrypt the secret data - we do this both on the device, and on our webserver with the database of fingerprints - then we ask you to compare the resulting two encrypted strings (not the unencrypted secret string which remains secret). Full details of how this protocol works are available, along with the OneRNG side implementation in validate.c on our GitHub source repo at https://github.com/OneRNG/firmware

Here at MoonBase we have a web server that implements this protocol, you can access it here - our server keeps no logs, it does keep track of the number of times a particular device has been validated:

START HERE -> https://moonbaseotago.com:8143/index.html

The 3rd page gives you a count of the number of times your device has been validated - normally this should increment by 1 each time you run a device through the validation process - if you see it have an unusual value you may have a device that has somehow been cloned or tampered with.

This server uses a private SSL cert, your browser will likely complain - you can validate it using the following fingerprints:

SHA-256 Fingerprint	5B 97 58 17 CF 70 C4 A7 6B 6E E4 32 DE EF 34 31
                        78 EE 9B AF 34 B9 FD 24 A5 EC 36 AB 1B 4C 1C 1D
SHA-1 Fingerprint	99 96 DC 72 75 A6 6A 98 1D 92 AD 32 C3 D5 CF 7E
                        7A 39 54 C6