Mooltipass Mini Teardown

While the rest of the world awaits in awe for the unveiling of the Mooltipass Mini, we've had a stab at trying to open the new aluminum case of the beta units.

It helps us understand what it would take to open the case, and how one could achieve it covertly.

Pictures of the hardware used for performing the heating and disassembly were not allowed.

MPM
MPM thumb
MPM thumb

Step 1 - Mooltipass Mini Teardown

  • The Mooltipass Mini is an offline, hardware-based, self-encrypting password keeper.
  • The device acts as a USB keyboard to send credentials as keypresses to the host computer.
  • A PIN-protected smartcard stores the AES key used by the device to encrypt its storage, and can be kept seperately from the device to minimize impact of a device or card loss.
MPM

Step 2 - Mooltipass Mini Teardown

  • A clickable scrollwheel is used as the only input method to select credentials and confirm various actions.
  • The aluminum casing is split in two parts that fit together tightly, and seem to be glued with a high shear-force retaining compound.
MPM
MPM thumb
MPM thumb

Step 3 - Heating

  • Two options can help opening the device without leaving a trace: heating/freezing the glue to melt it/crack it or dissolve the compound with specific solvents.
  • Short of a chemistry background, we chose the heating path.
  • Freezing the glue would subject the OLED display to potentially harmful temperatures, while it is rated for at least 150°C.
  • A temperature of 250°C was selectively applied with a heat torch along all the sides but the scrollwheel.
  • After a few minutes, the glue becomes slightly softer, but still keeping its retaining strength.
MPM
MPM thumb
MPM thumb

Step 4 - Mooltipass Mini Teardown

  • After a good period of heating, it was attempted to separate the case parts by shear force with holding claws.
  • The glue quickly gave up.
  • So did the aluminum case, unfortunately.
MPM
MPM thumb
MPM thumb

Step 5 - Retaining compound

  • The case borders are machined with regular lines that offer a good adherence for the glue.
  • Retaining compounds are usually rated for temperature resistance ranging from 150°C to 600°C.
MPM
MPM thumb
MPM thumb

Step 6 - PCB

  • The PCB is still intact after heating and shearing the case, and the MPM is still fully functional.
  • Minor heat damage can be seen right of the Atmel MCU.
MPM

Step 7 - Main ICs

  • Atmel ATmega32U4
  • Atmel AT45DB011D 4Mbit Flash
  • STMicroelectronics ST662ACD DC-DC converter for OLED display power
MPM
MPM thumb
MPM thumb

Conclusion

  • The Mooltipass Mini cannot be opened by shear force and heat without damaging the casing and/or the PCB. Specifically, the scrollwheel is believed to be the first item to melt due to heating.
  • A specific solvent could be developped to dissolve the retaining compound, but employing such a technique will require extended physical access to the device.
  • The tamper-evident capability of the aluminum case is confirmed for non-solvent based attacks.
MPM

Repairability

  • Mooltipass Mini repairability score: 1 out of 10
  • Opening the case is practically impossible without specifically developped solvents.
  • Tampering will most likely be visible.