|
@@ -9,38 +9,18 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-## What is it?
|
|
|
|
|
|
|
+## Description
|
|
|
|
|
|
|
|
Flipper Authenticator is a software-based authenticator that implements two-step verification services using the Time-based One-time Password (TOTP; specified in RFC 6238) and HMAC-based One-time Password algorithm.
|
|
Flipper Authenticator is a software-based authenticator that implements two-step verification services using the Time-based One-time Password (TOTP; specified in RFC 6238) and HMAC-based One-time Password algorithm.
|
|
|
It is like [Google Authenticator](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2), but for [Flipper Zero](https://flipperzero.one/) device.
|
|
It is like [Google Authenticator](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2), but for [Flipper Zero](https://flipperzero.one/) device.
|
|
|
|
|
|
|
|
-## How to get it?
|
|
|
|
|
-
|
|
|
|
|
-If you don't want to build the app yourself then just pull FAP file from [latest release](https://github.com/akopachov/flipper-zero_authenticator/releases) and put it to your Flipper Zero device by copying it to `/ext/apps/Misc`. After that you should be able to run it on your Flipper.
|
|
|
|
|
-
|
|
|
|
|
-## How to build it?
|
|
|
|
|
-
|
|
|
|
|
-Pull the repo with recursive submodule initialization and then run `./build.ps1` command to build the app. Once done FAP files will be available in the `build` directory.
|
|
|
|
|
-
|
|
|
|
|
-## Where is config file?
|
|
|
|
|
-
|
|
|
|
|
-At first start app will create new config file (default location is [`/ext/apps/Misc/totp.conf`](https://github.com/akopachov/flipper-zero_authenticator/blob/master/totp/services/config/config.c#:~:text=%23define%20CONFIG_FILE_DIRECTORY_PATH,totp.conf%22)).
|
|
|
|
|
-
|
|
|
|
|
-Detailed description of file format can be found [here](.github/conf-file_description.md)
|
|
|
|
|
-
|
|
|
|
|
-## Is it secure?
|
|
|
|
|
-
|
|
|
|
|
-Flipper Authenticator stores token secrets in config file in encrypted form. Encryption is done using standard Flipper Zero API, which states that it is using AES encryption with built-in into flipper secret key and initialization vector (IV) generated by the app at initial setup XOR-ed by user's PIN (or Flipper UID, if PIN not setup by user).
|
|
|
|
|
-
|
|
|
|
|
-So in theory to get plain token secret it is necessary to have original Flipper Zero device where config file was generated and know user's PIN (if user setup PIN).
|
|
|
|
|
-
|
|
|
|
|
-If user provides plain token secret manually straight to a config file, once app will be launched it will detect plain token, will encrypt it and will replace plain token secret with encrypted copy.
|
|
|
|
|
-
|
|
|
|
|
-Let me know if you have an ideas of how we can make Flipper Authenticator even more secure.
|
|
|
|
|
-
|
|
|
|
|
-## How to support author?
|
|
|
|
|
|
|
+## Support
|
|
|
|
|
|
|
|
* Buy me a coffee [here](https://ko-fi.com/akopachov) or [here](https://buycoffee.to/akopachov)
|
|
* Buy me a coffee [here](https://ko-fi.com/akopachov) or [here](https://buycoffee.to/akopachov)
|
|
|
* BTC: `bc1qu9k48q93uhvr9w5cn8fzz5yxuvh4e27c6hnczq`
|
|
* BTC: `bc1qu9k48q93uhvr9w5cn8fzz5yxuvh4e27c6hnczq`
|
|
|
* ETH: `0xa12163eD56e35d3B38F7087B573384E40b2785e1`
|
|
* ETH: `0xa12163eD56e35d3B38F7087B573384E40b2785e1`
|
|
|
* DOGE: `DAa3nu1RCWwxZdAnGVga77bgxDFP1nhahj`
|
|
* DOGE: `DAa3nu1RCWwxZdAnGVga77bgxDFP1nhahj`
|
|
|
|
|
+
|
|
|
|
|
+## Still have questions?
|
|
|
|
|
+
|
|
|
|
|
+Checkout [FAQ](FAQ.md) or ask in [Discord channel](https://discord.com/channels/937479784148115456/1020428040636993536)
|
alex.kopachov