Giter Site home page Giter Site logo

pico-mpy-2fa-totp's Introduction

Raspberry Pi Pico/MicroPython 2FA TOTP Generator

Generates Time-based One-Time Password's (TOTP) using MicroPython, Raspberry Pi Pico W and the Waveshare Pico-Oled-1.3.

Features

  • Complete MicroPython implementation of the TOTP specification (and underlying HMAC-SHA1, Base32 dependencies).
  • Countdown timer to present how long till the TOTP is about to expire.
  • Encrypt OTP code data with user password.
  • Use WiFi network and NTP to set the current UTC time - to correct the Raspberry Pi Pico W's RTC.
  • Reinvent old functionality for datetime input 3 buttons instead of 4, as fallback if no WiFi available. (Note 1 below)
  • Encrypt Wifi data with user password too

Usage

  • Connect the display to the Raspberry Pi Pico W.
  • Create a codes.json file (based on codes.json.example) which includes the desired TOTP keys.
  • Create a WifiSecrets.json file (based on WifiSecrets.json.example) which includes the common wifi SSIDs + passphrases available.
  • Flash the Pico W with the latest MicroPython.
  • Copy the codebase except main.py to the Raspberry Pi Pico W.
  • Open an interactive session on the Pico and encrypt the codes.json and WifiSecrets.json as below:
>>> import cryptor
>>> key='your8chr'
>>> cryptor.encrypt('codes.json',key)
>>> cryptor.encrypt('WifiSecrets.json',key)
  • Remove the unencrypted WifiSecrets.json and codes.json from the Pico W storage
  • Copy main.py to the Pico
  • Reset the Pico W
  • Enter your password at the initial password prompt.
    • Key0 increments current selection
    • Key1 decrements current selection
    • Bootsel button steps to next selectable item.
  • Fix datetime at Date time prompt if Wifi doesn't work.
  • Now you can cycle through your TOTP's using Key0 of the Pico-Oled-1.3.
  • Key1 of the Pico-Oled-1.3 toggles the display ON/OFF.

Password length, range and security

The secrets are encrypted using a simple scheme using an 8 character password. However valid characters are any ASCII character with the following exceptions:

  • Space and non-blocking space
  • Quotes: ", ',` (including backquote/backtick)
  • backslash - \,
  • Hyphen: -

The password is taken as a 8 pairs of 2 digits, each pair representing the ordinal of a character of the password. Each digit takes a seperate input, leading to quicker input with just increment/decrement keys (worst case is 12 keypresses per characters encoded as numbers, as compared to 46 with incrementing characters)

The SHA256 digest of this key is generated and used as the encryption key for the secret files.

There are 89 valid characters (128 - 32 - 2 - 5) and so 89^8 possible passwords, so it's around a day's worth of effort to crack this scheme.

However, additional security can be achieved by taking another number as input, and then running those many rounds of hashing on the hash results to generate the final hashed key.

But that's future work for the paranoid forker.

Updating secrets

  • Connect to the REPL
  • Press CTRL-C to stop the code and bring up the prompt
  • Run the following code to dump the secrets files to console as plain text:
>>> import cryptor
>>> key='your8chr'
>>> print(cryptor.decrypt('codes.json.encoded',key).decode())
>>> print(cryptor.decrypt('WifiSecrets.json.encoded',key).decode())
  • Copy the outputs into codes.json and WifiSecrets.json on your workstation, and update with new secrets as required.
  • Push the updated codes.json and WifiSecrets.json to the Pico W.
  • Encrypt codes.json and WifiSecrets.json and overwrite previous encoded files as below:
>>> import cryptor
>>> key='your8chr'
>>> cryptor.encrypt('codes.json',key)
>>> cryptor.encrypt('WifiSecrets.json',key)
  • Remove the unencrypted WifiSecrets.json and codes.json from the Pico W storage.

Migrating from Google Authenticator

Requirements:

  • Workstation with git, python, internet

  • Source device

  • QR code scanner device

  • Export authenticator codes (this is done by the authenticator app as encoded strings further encoded as QR codes.

  • Scan the QR code to get the encoded strings (may be multiple sets, depending on the number of codes to migrate)

  • checkout https://github.com/brookst/otpauth\_migrate.git

  • Follow instructions there and run on the encoded strings to get decoded TOTP codes

  • Fill into codes.json and follow the process as previously mentioned.

Acknowledgements

Forked from Kleo's fork of the pico-2fa-totp created by Edd Mann.

Pico-oled-1.3 driver by Waveshare updated with nicer fonts.

pico-mpy-2fa-totp's People

Contributors

eddmann avatar kleo avatar samveen avatar sturem avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Forkers

tomrow

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.