~dmi3 blog

2FA Device from Scrap

[IMG:2FA Device from Scrap Thumbnail (65kB)] [IMG:2FA Device from Scrap (416kB)]

Let me tell you about a gadget that I'm especially proud of. It's not elegant or inventive in any way, but I really like it, because it was built from scrap parts, extremely simple and does its job well.

The requirement was to create 2FA device, so multiple persons could use it. One of the possible solutions could be to use an old smartphone, but you know about security of old smartphones right?


  1. Raspberry Pi (the first one), some case and SD card
  2. Old credit card, because it holds screws well, and is easy to shape using a stationery knife
  3. NumPad Keyboard because it has arrows , necessary to scroll through Bash history and Enter key. (Sometimes you need to connect a full keyboard to do maintenance)
  4. RTC module to keep time while Raspberry is off
  5. Some random 1.8 20x8 display. Can't remember where it came from, but it was less than 5 bucks on eBay
  6. Lots of duct tape


2FA keys are really simple. This article explains the approach. Basically, the device runs minimal Linux with oathtool installed. Bash shell is shown, and all you do is scroll through oathtool --base32 --totp "$(cat keyfile.key)" history using , arrows. New keys are copied using USB. The device is secure because it will be never connected to the internet.

For some reason miniwi.flf figlet font is not working in tty, so I've created simple script to draw fonts especialy designed for 20x8 screens:

   ▐ ██ ██ ▌▐ ██ ██
   ▐  ▐  ▐ ▌▐ ▌  ▌ 
   ▐ ██ ██ ██ ██ ██
   ▐ ▌   ▐  ▐  ▐ ▌▐
   ▐ ██ ██  ▐ ██ ██

↑ This should look like image bellow if your fonts are not messed up:

[IMG:Font for 20x8 screens (4kB)]

If you have anything on your mind, drop me email @tilde.club. Lets talk!

Click for the [ Random page ]
Want to join the ring? Click here for info.