Mooltipass Mini Teardown
While the rest of the world awaits in awe for the unveiling of the Mooltipass Mini, we've had a stab at trying to open the new aluminum case of the beta units.
It helps us understand what it would take to open the case, and how one could achieve it covertly.
Pictures of the hardware used for performing the heating and disassembly were not allowed.
Step 1 - Mooltipass Mini Teardown
- The Mooltipass Mini is an offline, hardware-based, self-encrypting password keeper.
- The device acts as a USB keyboard to send credentials as keypresses to the host computer.
- A PIN-protected smartcard stores the AES key used by the device to encrypt its storage, and can be kept seperately from the device to minimize impact of a device or card loss.
Step 2 - Mooltipass Mini Teardown
- A clickable scrollwheel is used as the only input method to select credentials and confirm various actions.
- The aluminum casing is split in two parts that fit together tightly, and seem to be glued with a high shear-force retaining compound.
Step 3 - Heating
- Two options can help opening the device without leaving a trace: heating/freezing the glue to melt it/crack it or dissolve the compound with specific solvents.
- Short of a chemistry background, we chose the heating path.
- Freezing the glue would subject the OLED display to potentially harmful temperatures, while it is rated for at least 150°C.
- A temperature of 250°C was selectively applied with a heat torch along all the sides but the scrollwheel.
- After a few minutes, the glue becomes slightly softer, but still keeping its retaining strength.
Step 4 - Mooltipass Mini Teardown
- After a good period of heating, it was attempted to separate the case parts by shear force with holding claws.
- The glue quickly gave up.
- So did the aluminum case, unfortunately.
Step 5 - Retaining compound
- The case borders are machined with regular lines that offer a good adherence for the glue.
- Retaining compounds are usually rated for temperature resistance ranging from 150°C to 600°C.
Step 6 - PCB
- The PCB is still intact after heating and shearing the case, and the MPM is still fully functional.
- Minor heat damage can be seen right of the Atmel MCU.
Step 7 - Main ICs
- Atmel ATmega32U4
- Atmel AT45DB011D 4Mbit Flash
- STMicroelectronics ST662ACD DC-DC converter for OLED display power
Conclusion
- The Mooltipass Mini cannot be opened by shear force and heat without damaging the casing and/or the PCB. Specifically, the scrollwheel is believed to be the first item to melt due to heating.
- A specific solvent could be developped to dissolve the retaining compound, but employing such a technique will require extended physical access to the device.
- The tamper-evident capability of the aluminum case is confirmed for non-solvent based attacks.
Repairability
- Mooltipass Mini repairability score: 1 out of 10
- Opening the case is practically impossible without specifically developped solvents.
- Tampering will most likely be visible.
