It would be very convenient to have totp CLI command - adding new key through Flipper keyboard is a pure pain. There was CLI prototype that was recently removed - any plans on getting the CLI part done at all?

Can't generate correct OTP for my secret (16 letters)

Time checked - correct

All three SHA1, SHA256, SHA512 tried

All times OTP not match with other generators

How do I fix it?

UPDATE:

I changed "Timezone:" in totp.conf and OTP generated correctly.

Is it possible to set this value from app?

UPDATE: Found answer from you on Reddit. Will be nice to add info about timezone to doc.

Thank you!

Is it possible to change the PIN?
Is it possible to backup everything via copying config file?

Is it just me? Compiling this update results in "Preload failed: API version mismatch." Trying the pre-compiled versions lead to the same error. I tried re-cloning the firmware, but still no luck. I am on the latest FW, 0.79.1.

It is necessary to implement PIN changing UI to let user change\set\remove PIN in the app.

As it was proven here some providers may not support default 30sec duration. It is necessary to implement custom duration per token. Valid values should be between 15sec and 2mins with 15sec. step interval.

Following parts should be updated:

• CLI commands
• UI
• Documentation

tested builds:
current 1.6.2 stable
default available on roguemaster's build commit 3989b57

error:

Preload failed
api version mismatch

When I run the app I get "Preload failed. API version mismatch"

My firmware version is 0.68.1, stock

Please implement functionality to enter OTP pin by the flipper itself (like badusb).

Adding a new secret from cli without entering a secret will crash flipper with furi_check failed.

Steps to reproduce:

1. Open totp app and unlock
2. Open shell and type totp add secret
3. Press enter without typing anything

As of right now user has to setup PIN to be used to enter application. Some users might already have PIN on the Flipper itself and wouldn't like to have to remember two PINs. To workaround this it is necessary to ask user if he would like to setup PIN or not.

When I press down button - authenticator enters only last 4 digits and presses Enter key
In some websites you don't need to push enter to enter totp code

When new token is getting added via CLI without passing custom duration, duration is getting set to 0 instead of default value

Hi there!

Is there any way to use base32 encoded secret got from otpauth://totp/smth?secret=xxxxxxx&issuer=zzz URL
Tried to paste it in config. App runs smoothly but generated codes are wrong.

I added a test token:

Name: q
Secret: q
Algo: SHA256

After Crash no token saved

Maybe add a error if invalid secret ist supplied?

PROVIDED it manages to save a key properly, which is a rare miracle in and of itself, actually using a key is an inconsistent impossibility, a feature that straight up does not and has never worked properly.

The text fields clear themselves upon opening with no means of backing out without saving over what was previously written.
You can't even use capital characters, as literally EVERY 2FA service demands in their codes.

This plugin is actually so useless that it's detrimental to the entire community that it even exists with such poor levels of thought put into it.

It would be nice to be able to add a key from a file.

Exapmle:

1. Open Notepad and paste the following text
   Filetype: Token
Version: 0
Secret: Code1234
Algorithm : SHA1
2. Replace 'Secret' and 'Algorithm' with your secret token and the hashing algorithm
3. Save the file as a '.tokensecret'
4. Move the file to the Flipper Zero
5. Open the Flipper Authenticator application and press 'Load New Token from File'
6. Find the .tokensecret file and load it
7. The application will add the Secret automaticly and delete the <Filename>.tokensecret

This would be great for users who has multiple keys to tranfer to their Flipper and lowers the risk of error.

hi!

What settings do I need to add github? I tried with all the algorithms and my timezone (+1) for norway and 0 and 2,3,4

But the code seems to be always wrong. The clock is correct too. I just copy this code:

pasting it in the web CLI

What I am doing wrong?

can it auto scan the manuel key?

edit: how to enter it (i dont understand)

edit2: if i do my discord account (the code is invaled)

I'm having an issue after updating my firmware, not sure why this is happening.

Some users uses official firmware from stable branch. It worth it to release artifacts for them as well.

How can I reset the authenticator pin? I forgot it!

https://github.com/akopachov/flipper-zero_authenticator/issues/new you can even use a subrepo to get your stuff updated in there automagicly

Add totp reset CLI command which should reset application to default settings with completely loose of all the tokens and settings. Right after running this command application should run as it run first time.

First of all, congrats on this project!

I'm using it with Microsoft Azure AD as a hardware token for authenticating apps, it works great, but Microsoft only supports token durations of 30 and 60 seconds. Tokens generated by this project are renewed every 15 seconds. Could it be possible to change this delay in the app (like, in the config file maybe) to match AAD specs?
https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-oath-tokens

Thanks in advance :)

Show a simple "Error reading configuration" insted of crashing furi because totp_open_config_file returns NULL if an error happens.

Would it be possible to add the option to change the pin in the app settings?
I missed the setup and and dont want to reinstall whole firmware.. (Or can I just delete the settings file?)

Great work!

hi, is there is a way to port, lets say google auth codes, to be generated by the flipper? (even if is a security risk)

Daylight Savings Time seems to have broken TOTP on my Flipper. None of my TOTP codes work unless I manually set my phone's time one hour back and have that sync to the Flipper.

How do I synchronize with the Authy installed on other devices? I got the authy token from localhost in local debugging and the value was null, and I'm not sure what token name is filling in. help plz!

It is necessary to affect dolphin level when user is using this app.

I've used BadBT option on Windows 11. It works only if I pair PC and use badBT in the same app session.
Steps for reproduce:

0. Option BadBT previously enabled
1. Open App, add "Control %flippername%" device in windows bt options
2. Use BadBT (works nice)
3. Close App
4. Open App Again ("Control %flippername%"connects to PC)
5. Use BadBT Again (Fail)

P.S. also I tested it on my android, the app behaves similarly

It is offline, it can "autofill" fields for user. If it is possible (considering "This file is too large" issue with text files in Flipper) to add login/password pairs into totp.conf (even manually) this app really could be the most secure password manager. Happy New Year and many thanks for this already great tool!

1. Pair BR remote with device (MacBook in my case) - works perfectly (including auto-reconnect).
2. Enable BT Auth and it would not connect with the same device (neither auto-reconnect nor unable to connect it manually).
3. Pair with another device (Android phone in my case) - works perfectly (including auto-reconnect).

The result:

• BT Remote works with first device (including auto-reconnect)
• BT Auth works with second device (including auto-reconnect)

I'd prefer to be able to use it with same device.

Highly optional: ability to switch profiles to connect to multiple devices.

Valid for Auth app from Unleashed extra pack and for totp_official-dev_unleashed_fw.fap 1.8.0

It is necessary to allow user to move\rename existing tokens tokens.
Proposal:
totp (move | mv) <index> [-n <new_name>] [-i <new_index>]
where

• index - token index in the list
• new_name - new token name
• new_index - new token index

This one command will allow user both to move token and to rename it. Logic behind is very similar to unix-systems

It would be nice to have a setup guide on the Flipper or just something on the README file on this GitHub.
I'm having issues where I don't know how to set it up and don't wanna have to ask someone how to set it up...

Application crashes when user tries to supply certain non-base32 strings.
Attempt to create a token with "Some_secret" as secret value crashes with following backtrace:

#0  __furi_halt () at furi/core/check.c:56
#1  0x0800ebc0 in furi_crash (message=message@entry=0x80a0f4d "furi_check failed\r\n") at furi/core/check.c:89
#2  0x0800f7e6 in pvPortMalloc (xWantedSize=<optimized out>) at furi/core/memmgr_heap.c:479
#3  0x0800f03c in malloc (size=<optimized out>) at furi/core/memmgr.c:13
#4  0x2000f330 in totp_crypto_encrypt (plain_data=plain_data@entry=0x2000c270 "\223\230", plain_data_length=<optimized out>, iv=iv@entry=0x2000b386 "\235D\331{ \371\\Ҡ˔\206Za\336\362\252\327\333z\006\030\334Ҡ˔\206Za\336", <incomplete sequence \362>, encrypted_data_length=encrypted_data_length@entry=0x2000c1dc "") at applications_user/totp/services/crypto/crypto.c:21
#5  0x2001a142 in token_info_set_secret (token_info=token_info@entry=0x2000c1d8, base32_token_secret=0x2000c1f0 "Some_secret", token_secret_length=<optimized out>, iv=iv@entry=0x2000b386 "\235D\331{ \371\\Ҡ˔\206Za\336\362\252\327\333z\006\030\334Ҡ˔\206Za\336", <incomplete sequence \362>) at applications_user/totp/types/token_info.c:33
#6  0x2000d898 in totp_scene_add_new_token_handle_event (event=<optimized out>, plugin_state=0x2000b358) at applications_user/totp/scenes/add_new_token/totp_scene_add_new_token.c:233
#7  0x2000e7fe in totp_scene_director_handle_event (event=event@entry=0x2001ce58, plugin_state=plugin_state@entry=0x2000b358) at applications_user/totp/scenes/scene_director.c:103
#8  0x2001a70a in totp_app () at applications_user/totp/totp_app.c:307
#9  0x0804e646 in elf_file_run (elf=<optimized out>, args=args@entry=0x0) at lib/flipper_application/elf/elf_file.c:809
#10 0x0804d2d0 in flipper_application_thread (context=0x0) at lib/flipper_application/flipper_application.c:96
#11 0x08011044 in furi_thread_body (context=0x2000ac68) at furi/core/thread.c:79
#12 0x08010ff2 in furi_thread_catch () at furi/core/thread.c:51

It is necessary to implement CLI for the app to let users convenient way of adding\removing tokens.
Acceptance criteria:

• CLI is available only when application is running and user bypassed "Authentication" scene.
• CLI accepts following commands:
  • totp list
  • totp add [-a (sha1|sha256|sha512)] [-d (6|8)]
  • totp remove
• CLI prints friendly explanation of command usage if user enters incorrect command\argument

Hi, trying to install on latest Unleashed firmware version (UNLSHD-012), but getting error:
Error
Preload failed
API version mismatch

i have tried to modify timezone to just 2.000000 (just in case it makes any change) and tried both versions for unleashed and also for official firmware (but have not tried to switch to the official firmware).
Can you please confirm, you have working on UNLSHD-012? If so, i wlll do factory reset.
Sorry for messaging there, Discord keeps closing my account so i cant really message there :-(

Historically totp move command allowed to do two things

• Moving token in the list
• Renaming token

After the new command totp update was introduced, rename part of totp move became useless and was dropped.

Given this change there is no sense to pass new token index using -i <new_index> syntax and it is better to let it be passed just as a second argument as we definitely know that if user called totp move he wants to move token in the list.

I'm trying to use the Flipper Zero in conjunction with this method, but provided codes are not correct. I assume it is because HMAC-SHA256 is not implemented in the app.

Because of API version changes it is necessary to update firmware submudules

It is necessary to let user configure token automation on per-token based way to let user decide whether to type "Enter" key at the end of automation or not

The maintainer of Unleashed firmware told me that Official dev should be compatible with Unleashed from API perspective.

This means that there is no any sense to have separate build for Unleashed any longer.

Changes needed:

• Remove Unleashed submodule
• Update build definitions
• Change naming convention for Official Dev build artifacts in such a manner that it makes it clear that it can be used for Unleashed firmware too