Hardware components | ||||||
| × | 1 | ||||
| × | 1 | ||||
| × | 1 | ||||
| × | 1 | ||||
Software apps and online services | ||||||
 |
| |||||
Hand tools and fabrication machines | ||||||
 |
| |||||
I created a two-factor authentication device similar to Google Authenticator using M5Stack's DinMeter. It has a built-in QR code reader and RFID reader, and functions as a standalone two-factor authentication device.
At first, I wanted to create something interesting using a QR code reader and NFC reader. While learning about NFC, I discovered that it has a complex memory structure and can be protected with a password. This sparked my strong interest in NFC technology. So, I decided to use the NFC protection function to create a highly secure device.
A QR code for registration is displayed on the website. The QR code is read by this device, and the KEY is extracted. The KEY is encrypted using a private key and stored in the device's internal storage.
When logging into a website, the KEY is decrypted to generate a one-time password, which is then displayed on the screen. This device can function as a Bluetooth keyboard. It can be paired with a PC to automatically enter numbers.
The NFC card contains a secret key for AES 256-bit encryption. Since it is separate from the main unit, only the owner of the NFC card can operate it.
- Mifare Classic 1K
- NTAG213 (144byte)
- NTAG215 (504byte)
- Generate one-time passwords (TOTP)
- Register sites that authenticate by scanning QR codes
- Function as a Bluetooth keyboard and send passwords to your PC
- Encrypt and store data with AES 256-bit encryption
- Store private keys for decrypting NFC cards
- Barcode reader (inputs scanned data into PC)
- Transfer files via browser (for backup)
- HTTPS-compatible web server
- Move secret keys (between the main unit and NFC card)
- Duplicate secret keys (NFC)
- Export sites (display QR codes)
This device is operated using DinMeter's rotary encoder. The main menu is on the right and the submenu is in the center. Rotate the rotary encoder to move the cursor and press the button for the menu you want to operate. It can be easily operated with a single input device.
Make an EnclosureI made a case that integrates a DinMeter, RFID reader, and QR code scanner using a 3D printer. It consists of three parts: the case, the back cover, and the battery holder. Since the DinMeter's StampS3 generates heat, I raised the battery so that it does not come into direct contact with the StampS3.
Since the QR code scanner consumes a significant amount of power, I added a switch to turn it off when not in use.
The above diagram shows how encryption is performed on this device. The most important information to protect is the “KEY” used to generate the one-time password for two-step authentication.
To decrypt the KEY in the OTP Information File, SECRET-A is required. SECRET-A is encrypted and stored on an NFC card. SECRET-B is required to decrypt SECRET-A. Additionally, a password is needed to unlock the NFC card.
This complex mechanism might seem unnecessary. However, I intentionally made it complex because it seemed technically interesting.
FirmwareThe source code and STL files for this project are available on GitHub.https://github.com/kaz-mac/M5Authenticator/
For more detailed information, please refer to my blog.https://akibabara.com/blog/7900.html
Comments