Startsida Utforska Hjälp
Logga in
torambo.com
/
Momentum-Apps
2
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Träd: a0d20a44f1
Grenar Taggar
Momentum-Apps
/
FAQ.md

FAQ.md 4.2 KB
Historik

Frequently asked questions

Is it secure?

Flipper Authenticator stores token secrets in config file in encrypted form. Encryption is done using standard Flipper Zero API, which states that it is using AES encryption with built-in into flipper secret key and initialization vector (IV) generated by the app at initial setup XOR-ed by user's PIN (or Flipper UID, if PIN not setup by user).

So in theory to get plain token secret it is necessary to have original Flipper Zero device where config file was generated and know user's PIN (if user setup PIN).

If user provides plain token secret manually straight to a config file, once app will be launched it will detect plain token, will encrypt it and will replace plain token secret with encrypted copy.

Let me know if you have an ideas of how we can make Flipper Authenticator even more secure.

How to get it?

If you don't want to build the app yourself then just pull FAP file from latest release and put it to your Flipper Zero device by copying it to /ext/apps/Misc. After that you should be able to run it on your Flipper.

How to build it?

Pull the repo with recursive submodule initialization and then run ./build.ps1 command to build the app. Once done FAP files will be available in the build directory.

Where is config file?

At first start app will create new config file (default location is /ext/apps/Misc/totp.conf).

Detailed description of file format can be found here

Is there a CLI?

YES! When Flipper Authenticator is running totp CLI is available for you to list, add or remove tokens. Run totp help to get list of available commands and arguments.

How to change\recover PIN?

For now there is no way to change or recover PIN once it is set without loosing all the token secrets. If you would like to completely reset app settings including PIN and all the tokens - just delete /ext/apps/Misc/totp.conf file. Flipper Authenticator will create new empty file and you will be able to setup everything from scratch.

How to backup?

All token secrets are stored in encrypted form and are tied to an original Flipper device and PIN. Given that, there is no sense to try to backup /ext/apps/Misc/totp.conf file as it will not help you in situation when you loose your Flipper device. Instead use your favorite password manager to store plain token secrets and\or any other information which will help you recover your accounts.

Flipper Authenticator generates invalid tokens, why so?

There are multiple reasons why Flipper Authenticator generates invalid tokens:

Clock is not precise

Flipper Zero clock has known clock drift problem. So there is a chance that clock on your flipper device is just not precise and you just need to sync them by using desktop\mobile qFlipper application.

Timezone is not correct

Because of Flipper Zero API doesn't provide an access to timezone offset it is necessary to set it manually for correct TOTP tokens generation. You may find you timezone offset (or another name is "UTC offset") here or on any other website found in google. Then set it either in conf file or via setting menu of Flipper Authenticator.

Token secret is not correct

Sometimes it is possible that you just made a mistake while typing or copying token secret. Some providers (ex. Amazon) shows token secrets as a grouped string (ex. XXXX ZZZZ YYYY NNNN MMMM), it is fine to use such a string if you are entering token secret manually or using CLI, however it is not allowed to use such a string to copy&paste it straight to a config file. In such a scenario you need to drop all the whitespaces from your token secret before putting it into config file.

Token hashing algorithm is not correct

In majority of situation using default hashing algorithm SHA1 should work just fine. But for some rare providers it might be necessary to use SHA256 or SHA512 as a hashinig alogorithm.