Hey. I’m a programmer and would love to create some module to replace our phones to use 2FA services. Any recommendation on where should I start looking ?
Flipper Zero is the best tool to do so because it’s not connected to the internet so quite secure.
I’ve seen that there is a U2F solution but I didn’t see anything for TOTP, which google authenticator is currentlw using.
Thanks
My idea won’t replace a phone per se, but how about you connect to your phone via bluetooth, and have the phone send codes to the flipper. I’m not sure about bluetooth security though, but I’d like to see it happen.
you meant flipper send codes to the phone? otherwise it makes no sense to me.
How about flipper0 as offline password storage solution.
As i know nothing is more secure to store passwords than a paper with handwritings which you could destroy any time.
in USB mode flipper0 can even send password keysequence so you dont have to type it.
its not applcable for phones (for them we can still see password on the screen)
Any luck on making the flipper be used as a password storage solution ? If anyone can somehow guild me in the right direction to either load one on to flipper or make one, so I can use this as a U2F and an ability to automatically use to imput passwords, credit cards and other information. And save various information that I deem important. Thank you and have a wonderful day flipper community.
I’ve made a small prototype here, but it was quite a long time ago, not sure if it’ll work with the current FW. You can use this as a starting point for your own work tho
Just in case if somebody still need it, I implemented TOTP app for flipper. Her it is flipperzero-firmware/applications_user/totp at totp_plugin · akopachov/flipperzero-firmware · GitHub
Latest release (incl. FAP file) available here Release v0.0.2 · akopachov/flipperzero-firmware · GitHub
Demo video can be found here https://www.reddit.com/r/flipperzero/comments/xocg8f/finally_have_had_a_time_to_get_into_app/
Thanks for sharing this info !
is there a way to enter or copy/paste the long secret key from PC with qFlipper ?
There is no way to do that via qFlipper. Here is the reason why.
However you definitely can use CLI to add new token, and that case you will be able to use your PC keyboard as well as copy&paste functionality of your OS. Here is a link to a wiki page explaining how to do it.
I did try CLI but was not successful, so i tried a sha1 test Secret:“JBSWY3DPEHPK3PXP”, but unfortunately the generated TOTP on flipper zero were wrong I checked the secret in both mobile and https://totp.app my F0 clock were also correct
I used two ways: Manually updating config file and even Flipper built-in GUI but again on both the generated TOTP was wrong. I guess F0 TOTP is not so accurate
There is a FAQ page “Flipper Authenticator generates invalid codes, why so?” explaining what could be wrong. Given that you are sure that F0 clock is precise, then highly-likely you just didn’t set, or set incorrect timezone offset. Consider checking this.
As to accuracy of F0 TOTP - there are a lot of people who are using it, for a wide range of different services, so I tend to believe that it is pretty accurate 
I fixed it!! the clock was good but not the timezone on the cconfig file!! thank you.
I couldn’t do this via CLI for some reasons it says totp command not found
Glad it works for you.
highly-likely it was saying “totp command not found” because you were not running Authenticator. Remember Authenticator CLI is available only when you are running Authenticator app.