Application

1) Change aspect

change the strings displayed in the “Mooltipass” tab for clearer & more user-friendly ones
delete the “Log” tab, move what should be displayed in it into the “Mooltipass” tab (and put Log: before these strings)
move the import media button inside the “Manage” tab into the “Developer” tab
delete everything inside the “Manage” tab (see 2) )
delete the “clone smartcard” button inside the “Developer” tab
rearrange the buttons for better visual aspect
grey out the “Developer” tab by default, unlock it with a special sequence of events (keystrokes?)

2) Implement a “settings” tab

Display current username stored inside the card (0x61)
Offer the possibility to change the username (0x63, user confirmation)
Offer the possibility to read the card stored password (0x62, user confirmation)
Offer the possibility to change the card stored password (0x64, user confirmation)
Offer the possibility to change the Mooltipass settings (0x5D - 0x5E)

keyboard layout (param1)
user interaction timeout (param2)

3) Implement a management interface

management commands are listed here (0x50 -> 0x5C + 0x5F + 0x65->0x67)
inside the new management tab, using the above commands, all the current user credentials will be listed.
the user will need to approve the “going in memory management mode” command (0x50) on the Mooltipass before we can access the credentials and therefore our management interface. 0x51 is used to leave memory management mode. No browser interaction is allowed while in management mode.
once the 0x50 command returns success, memory scanning can start. Starting parent address is found using the 0x66 command (see python script)
to list the user credentials perfect understanding of the memory layout is required (warning: prev/next child have changed, see node_mgmt.h in the NODEMGMT folder)
offer the possibility to add / delete / modify credentials
to do so, double linked lists (sorted in alphabetical order) in the parent/child nodes will need to be updated
to add a node, address of a free node must be requested using the 0x65 command to know where to store it
To change a password, a normal login sequence must be performed: 0x65 (to refresh LUT and free slot), 0x04 (set context, check answer to see if domain is correctly selected), 0x07 (set login, check answer to see if login is found), 0x08 (set password, user will need to approve the request)
two lists should be displayed to the user: one credential sets list and one favorites list (listed using the 0x5F command)
the user should therefore be able to “tag” (drag and drop?) a credential set as a favorite (0x57 command)
make sure that when a credential is deleted that we don’t break the favorite linking

4) Implement memory import / export

Using 3) we can extract the complete set of nodes for the current logged user
We therefore need to make a storage file, which also contains the CTR and CPZ CTR values (0x5A -> 0x5C)
As a beginning, we may then offer to completely erase a destination MP credentials with the ones we import (should be done in a smart way)
Use the 0x68 command to add an unknown smartcard to the MP internal database, using the extracted CTR value
Offer the possibility to encrypt the exported file

5) Add a tutorial when the plugin is installed for the first time

explain our physical user interface
explain how the credentials are entered
and other….

6) Resolve bugs:

Have an uninterrupted adding sequence (add service/username/password)

Extension

Do not prompt the user to add credentials when we get PLUGIN_BYTE_NOCARD on a CMD_CONTEXT command and when no MP is connected

Extension + App

Use the 0x4B command to get 32 random bytes, use them to generate a random password when clicking “generate” on a detected password field
When a user logs in manually, have the plugin use the checkpassword (0x09) command to not prompt the user to update the credentials (sequence: set context -> set login -> checkpassword -> set password)
Implement support for subdomain and domains (modify protocol between extension & app for cred retrieval)