Tools for hardware tokens and security keys

Burner apps and config tools for TOTP tokens


Special Android, iPhone, or Windows applications (i.e. Token2 Burner app) should be used to "burn" the secret hash seeds. The apps require an NFC module to operate. Cross-platform (Python) solution is also available for some models (and coming soon for others). This table below provides a list of the available burner applications or configuration tools for different models of Token2 programmable tokens. The table is interactive: you can choose the token model in the first column, then the platform in the second column to see if the combination is supported.



Choose a token model  Choose platform 
miniOTP-1, C105 Android Google Play
miniOTP-1, C105 Windows burner.exe command line tool
C301, C302 Android Google Play
C301, C302 cross-platform (Python) token2_config.py
C301-i, C302-i Android Google Play
C301-i, C302-i Windows Windows NFC Burner
C301-i, C302-i iPhone iPhone app guide
C301-i, C302-i cross-platform (Python) token2_config.py
miniOTP-2, miniOTP-3 Android Google Play
miniOTP-2, miniOTP-3 Windows Windows NFC Burner
OTPC-P1, OTPC-P2 Android Google Play
OTPC-P1, OTPC-P2 Windows Windows NFC Burner
miniOTP-2-i, miniOTP-3-i Android Google Play
miniOTP-2-i, miniOTP-3-i Windows Windows NFC Burner
miniOTP-2-i, miniOTP-3-i iPhone iPhone app guide
OTPC-P1-i, OTPC-P2-i Android Google Play
OTPC-P1-i, OTPC-P2-i Windows Windows NFC Burner
OTPC-P1-i, OTPC-P2-i iPhone iPhone app guide
miniOTP-2-i, miniOTP-3-i cross-platform (Python) token2_config.py
OTPC-P1-i, OTPC-P2-i cross-platform (Python) token2_config.py
Molto-1 Android Android app guide
Molto-1 Windows Windows app guide
Molto-1-i  Android Android app guide
Molto-1-i  Windows Windows app guide
Molto-1-i  iPhone iPhone app guide
Molto-1-i  cross-platform (Python) molto1_config.py
EVVIS-QR-1  Windows EVVIS-QR1 USB Config tool
Molto-2  Windows Molto-2 USB Config tool
Molto-2v2 Windows Molto-2 USB Config tool
Molto-2v2  cross-platform (Python) molto2.py
Default access keys
Important! Please make sure you use the correct application, as using a wrong app may lock the device out.  While this authentication is implemented in some models (Molto1 and Molto2 etc.), in some models, such as C301, OTPC* and miniOTP* cards, NFC access is left unrestricted by design.    We use ready components for our cards (often called Java-chips) and they have by default NFC access authentication, the access key was hard coded , currently  "8A D20 688 3CA3 694 82 AB2 7182 B6E 832 24" for single profile tokens (which cannot be changed) and "544 F4B 454 E32 4D4 F4C 544 F31 2D4 B4 55 9" for multi-profile models (which can be changed) ; removing authentication routine completely would make the final cost of the products higher. While this does not compromise security (as it is only possible to write the seeds and never read) , using a wrong app will damage the card for this reason.

Prerequisites

NFC Tokens

Android devices should be equipped with an NFC chip. iPhone apps are compatible with models newer than iPhone 7 and with iOS v13 or higher.  Windows application will require an external USB NFC reader or a built-in NFC module (existing on some models of modern laptops). So far the application has only been tested under Windows 10 and Windows 8 64 bit. Python-based NFC Burner script (token2_config.py) requires the PN533-chip based NFC Writer device.


USB Tokens

No additional device, driver nor any other installation is needed. USB cable is supplied (USB-A to micro-USB port), any standard USB cable can be used (with data support). For computers without USB-A ports, USB-Type-C adapters can be used.


Some devices (including some models of Android phones, such as Nexus and Pixels, some versions of ACR122 USB module) may have issues with NFC link stability, so please be patient when performing these operations. Read this article explaining the NFC link stability issues



TOKEN2 FIDO2 Security keys


FIDO2 Keys can be managed and configured using standard operating systems tools. In addition, we have our own tools to manage the FIDO settings and some additional features

Managing FIDO2 Keys using Windows Control Panel

You can use the standard Windows control panel tool to manage your key, as long as you run Windows 10 build 1903 or later. Please note that the standard control panel applet has some limitations: i.e. it cannot remove individual fingerprints in the Bio FIDO2 Keys and cannot manage TOTP profiles.

FIDO2 Key management using Chromium based web browsers

If you are using macOS or Linux, you can manage your FIDO2 keys using the tool integrated into the latest Chromium based browsers, such as Google Chrome (starting from v80).


TOKEN2 FIDO2 Companion apps (Windows, iPhone and Android)

The FIDO2 USB Security keys are not standalone TOTP tokens:  TOTP functionality of our FIDO2 keys is limited and requires an additional device (i.e. a PC, Android phone or iPhone)  to run the companion app. The key in this case is only used as secure storage for the TOTP seeds. If you need a fully standalone TOTP token, it is recommended to use our programmable tokens instead.

Tools for hardware tokens and security keys

TOKEN2 Companion app is a tool to leverage the use of TOKEN2 FIDO2 security keys (second-generation only, T2F2-ALU, and T2F2-NFC) beyond classic U2F and standard FIDO2/WebAuthn functionality. The app enables you to set and use TOTP profiles on a computer or on an Android device (NFC or USB/OTG) as well as iOS (with NFC only). The guides are available below:



Virtual TOTP Tokens and converters


The tools below can be used to emulate hardware tokens. This can be used to test the functionality or to verify the OTP generation.



TOTP Toolset

Tools for hardware tokens and security keysThis open-source toolset can be used to emulate a hardware token and as to perform OTP verification and drift detection. It can also be used to generate random seeds for programmable tokens and record generated data as CSV file for Azure MFA as described here.
The source code of Token2 TOTP Toolset is available under our GitHub repository. You can also use the hosted version.




t2otp.exe - command-line tool


Tools for hardware tokens and security keysThis tool is created as a command-line emulator of Token2 hardware tokens. It can generate any combination of 6 or 8 digits OTP, with 30 or 60 seconds interval, with SHA1 or SHA256 secret keys. Click here for more information and download.



base32-to-hex-converter

A powershell script to convert files containing TOTP seeds(secrets) from base32 format to hex. The main use case is to convert Azure MFA CSV file to DUO-Compatible TOTP Import file