TOTP for your graphing calculator.
One-Time Passwords are a popular way to use 2FA (2-factor authentication). Since, the codes change and can't be intercepted as easily as text-based MMS codes, OTP offers a pretty decent 2FA solution when used in conjunction with passwords. Apps like Google Authenticator offer OTP for phone platforms; similarly, this implementation allows you to get OTP codes from your TI-84+ CE graphing calculator.
I implemented OTP based on the following documents:
- RFC 4226 (HOTP: An HMAC-Based One-Time Password Algorithm)
- RFC 6238 (TOTP: Time-Based One-Time Password Algorithm)
They're actually pretty short compared to other standards; only like 16 pages long.
Unforunately, my implemenation doesn't fully meet the following specification because it it uses uint32_t to keep track of the epoch time.
The implementation of this algorithm MUST support a time value T
larger than a 32-bit integer when it is beyond the year 2038.
I wasn't able to use a 64 bit integer since the LLVM toolchain currently doesn't support certain operations on 64 bit integers (e.g. lladd, llshl).
The unsigned int allows for dates past 2038, but it doesn't allow for negative values (i.e. dates before 1970) which shouldn't be too much of a problem for this use case.
This program was made primarily as an interesting little programming exercise to learn more about the implementation of HMAC and OTP. You probably shouldn't actually use it for real security stuff.
$ make -f Makefile.pc
$ ./otp
208 918- Currently the code uses
JBSWY3DPEHPK3PXPas the secret key. Change this if you want in src/otp.c - Download and build the LLVM version of the CE toolchain from here or use the online version on TI-Planet.
- Transfer the src folder to where you installed the CE toolchain and use
makeif you downloaded the toolchain or pressBuildif using the online version - Make sure to set the calculator's current time to the correct UTC time by using
[MODE][Set CLOCK] - Transfer the 8xp produced to your calculator and run it using
[PGRM][OTP](you might have to use[2nd][Asm]before running the program depending on the OS version you're running on.
You can scan the QR code below or type the secret key in manually.
JBSWY3DPEHPK3PXP
See the LICENSE folder
- Thanks to SopaXorzTaker for the idea
- I used the teeny_sha1 implementation for sha1.
- For the base32 decode function I used the one by Google
- This project was built using the CE Toolchain
- Allow users to input the secret key
- Make a UI
- Allow for multiple codes like Google Authenticator
- Use USB maybe somehow
- Allow users to use the counter based OTP
Make the circle thing that shows you how much time is left before a code expires like Google Authenticator does- Make circle thing smoother somehow