Blackb0x - RFID Password Vault

• 

  The login page

• 

  The blackb0x scanner plugged in

• 

  The internals of the blackb0x

• 

  The chrome extension for the vault

• 

  The chrome extension in action

• 

  How to log in using your RFID tag

• 

  The Vault

• 

  The register screen

Inspiration

• After having my passwords leaked in a breach at a major password manager, I lost trust in purely digital security.
• We wanted a system that assumes breaches happen and adds a physical access requirement attackers can’t bypass remotely.

What it Does

• Blackb0x is a spy-themed password vault secured with RFID-based 2FA.
• Access requires scanning a physical RFID card/tag in addition to standard authentication.
• Passwords are stored securely and are inaccessible without the physical key.

How We Built It

• Flask (Python) backend with SQLite for secure credential storage.
• JavaScript frontend integrated with an Arduino-based RFID scanner.
• NGrok tunneling and HMAC hashing for secure communication and verification.

Challenges We Ran Into

• Normalizing and securely storing RFID byte data.
• HMAC hashing and verification edge cases.
• Handling race conditions when multiple users accessed the vault.

Accomplishments We’re Proud Of

• A fully working hardware-backed authentication system.
• Secure database design with clean, user-friendly UI.
• Strong collaboration across software, hardware, and security domains.

What We Learned

• Hardware–software integration and RFID read/write systems.
• Secure authentication using HMAC and Flask.
• Debugging complex, multi-layered security issues as a team.

What’s Next for Blackb0x

• Build dedicated Blackb0x RFID keys and scanners.
• Mobile app using phone-based RFID/NFC.
• Custom firmware to prevent cloning and replay attacks.

Built With

• arduino
• cloudflare
• flask
• javascript
• ngrok
• python
• rfid
• sqlite