Code Monkey home page Code Monkey logo

totp-me's Introduction

TOTP for Java ME

Java ME TOTP (RFC 6238) authenticator. It can be used as a token generator for

  • Google's two phase authentication
  • LinOTP authentication
  • other authentication servers which support TOTP

Project web

URL: http://totpme.sourceforge.net

Development

You can simply build the software yourself.

How to get the sources

You should have git installed

git clone git://github.com/kwart/totp-me.git

or you can download current sources as a zip file

How to build it

Install Maven.

Download lcrypto-j2me-xxx archive ("xxx" - current version of lcrypto, for example "lcrypto-j2me-160.tar.gz") from the Bouncy Castle website, extract it and install the classes as a JAR file to your local repository:

wget https://www.bouncycastle.org/download/lcrypto-j2me-160.tar.gz
tar xf ./lcrypto-j2me-160.tar.gz
mvn install:install-file -Dfile=lcrypto-j2me-160/zips/cldc_bccore_classes.zip -DgroupId=org.bouncycastle -DartifactId=lcrypto-j2me -Dversion=1.60 -Dpackaging=jar

Build the totp-me and feed it with lcrypto version from the previous step:

mvn clean package -Dlcrypto.version=1.60

This default build uses Microemulator API implementation to simplify the build process, but it's only MIDP-2.0 implementation. To be sure the source code is MIDP-1.0 compatible, you should install Oracle WTK and provide path to it to Maven as wtk.home system property

mvn clean package -Dwtk.home=/opt/WTK2.5.2

How to run it in the Microemulator

Just use exec:java goal after you've successfully built the project (provide lcrypto version if needed).

mvn exec:java -Dlcrypto.version=1.60

License

totp-me's People

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

Forkers

rnc rdassen metlos bohlool spacekpe comuttun zirokyl songsinwu rainjohn pi0 thinklib zeekoe

totp-me's Issues

Unable to add a new profile

I downloaded the 1.5 version binaries from sourceforge (to my phone, not the emulator) and I am unable to add more than 1 profile.

Upon first start, I create the first profile, which works OK. After that I am taken to the home screen (which shows "Menu" and "Exit" options at the bottom, unlike what is shown on the screenshots). When I select the "Profiles" option in the Menu, I'm taken to the profile list. The "Add profile" option (which actually just reads "Add profi") there doesn't work though. Clicking it does nothing.

Not sure if this is an issue of my phone or the app. I didn't try the most recent version in the emulator yet.

Add delta for the time counter

Delta in seconds - from current-12h to current+12h

  • it could help if the device doesn't support correctly timezones or daylight saving time.

Support for MIDP 1.0 devices

Take it as extra low priority issue, but it may be nice to have support for MIDP 1.0 devices. For make this work, only small fixes are needed:

  • Remove Gauge.INDEFINITE (not implemented)
  • Remove Gauge.INCREMENTAL_IDLE
  • Compile with Bouncy Castle 133
  • setLayout is not supported (but default left alignment seems to be ok)

Please, better protect profiles from accidental removal

Thank you for such a useful program!

But it's interface still have some very annoyng inconveniences:
"Profiles" page have very easy accessible button "remove", and also it haven't any confirmation!

This just allowed me to drop my important OTP profile :(

Could you, please, make removing profiles much harder?
And put this "remove" button much farer than now, to not accidentally press it instead of just choosing profile?
Or even better, not allow to delete profile, unless user manually delete it's secret key!
(and some notification popup like "Please, manually delete secret key to remove this profile")

thanks in advance

Batch profile import

Thanks for making and still maintaining totp-me!

Please correct me if I'm wrong but from my understanding there's no simple way to batch import multiple profiles. I'd rather not copy-paste all the secrets by hand and the binary files the profiles seem to be saved to don't seem easy to hack.

Would it be feasible/easy to implement a file import function, so account data can be imported from e.g. XML?

request: time offset

alot of people may have old flipphones they put this on that no longer have service (meaning that syncing the time and date is impossible because it cant reach its cell tower to update)

an example is an old LG 440G i have thats for tracfone but no longer has service

so possibly allow for setting the time and having an in-app clock (with settings) so that the codes are right even for those stuck in the year 2010

Building fails

Building the MIDP-2.0 variant works like a charm.

Trying to build MIDP-1.0 not so much. I'm not building Java regularly, so maybe I just miss something obvious:

$ mvn clean package -Dwtk.home=/opt/sun-wtk
[INFO] Scanning for projects...
[INFO] 
[INFO] -----------------------< org.jboss.totp:totp-me >-----------------------
[INFO] Building TOTP ME 1.9
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] 
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ totp-me ---
[INFO] Deleting /home/aiyion/Documents/com/github/kwart/totp-me/target
[INFO] 
[INFO] --- maven-resources-plugin:2.6:copy-resources (copy-resources) @ totp-me ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 0 resource
[INFO] 
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ totp-me ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 1 resource to /home/aiyion/Documents/com/github/kwart/totp-me/target/classes
[INFO] Copying 1 resource to ../filtered-src
[INFO] 
[INFO] --- maven-compiler-plugin:3.0:compile (default-compile) @ totp-me ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 1 source file to /home/aiyion/Documents/com/github/kwart/totp-me/target/classes
[INFO] 
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ totp-me ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory /home/aiyion/Documents/com/github/kwart/totp-me/src/test/resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.0:testCompile (default-testCompile) @ totp-me ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 1 source file to /home/aiyion/Documents/com/github/kwart/totp-me/target/test-classes
[INFO] 
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ totp-me ---
[INFO] Surefire report directory: /home/aiyion/Documents/com/github/kwart/totp-me/target/surefire-reports

-------------------------------------------------------
 T E S T S
-------------------------------------------------------
Running org.jboss.totp.TOTPMIDletTest
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.064 sec

Results :

Tests run: 1, Failures: 0, Errors: 0, Skipped: 0

[INFO] 
[INFO] --- maven-jar-plugin:2.4:jar (default-jar) @ totp-me ---
[INFO] Building jar: /home/aiyion/Documents/com/github/kwart/totp-me/target/totp.jar
[INFO] 
[INFO] --- j2me-maven-plugin:2.0.4:package (default) @ totp-me ---
[INFO] Building j2me me package: /home/aiyion/Documents/com/github/kwart/totp-me/target/totp-me.jar
[INFO] merge artifact: lcrypto-j2me scope:compile
[INFO] Expanding: /home/aiyion/.m2/repository/org/bouncycastle/lcrypto-j2me/1.60/lcrypto-j2me-1.60.jar into /tmp/archived-file-set.679152872.tmp
[INFO] Building jar: /home/aiyion/Documents/com/github/kwart/totp-me/target/totp-me.jar
 [proguard] **************************************************************
 [proguard] * Antenna 1.0.1 initialized for project "TOTP ME"            *
 [proguard] * Using Sun Wireless Toolkit 2.5 (CLDC-1.0; MIDP-1.0)        *
 [proguard] **************************************************************
[INFO] execute ProGuard [-injars, '/home/aiyion/Documents/com/github/kwart/totp-me/target/totp-me.jar_proguard_base.jar'(!META-INF/maven/**), -outjars, '/home/aiyion/Documents/com/github/kwart/totp-me/target/totp-me.jar', -include, '/home/aiyion/Documents/com/github/kwart/totp-me/proguard.conf', -libraryjars, /opt/sun-wtk/lib/midpapi10.jar:/opt/sun-wtk/lib/cldcapi10.jar, -keep public class org.jboss.totp.TOTPMIDlet, -printmapping, '/home/aiyion/Documents/com/github/kwart/totp-me/target/proguard_map.txt', -printseeds, '/home/aiyion/Documents/com/github/kwart/totp-me/target/proguard_seeds.txt']
[INFO] proguard jar: /home/aiyion/.m2/repository/net/sf/proguard/proguard/4.3/proguard-4.3.jar
 [proguard] ProGuard, version 4.3
 [proguard] Reading program jar [/home/aiyion/Documents/com/github/kwart/totp-me/target/totp-me.jar_proguard_base.jar] (filtered)
 [proguard] Reading library jar [/opt/sun-wtk/lib/midpapi10.jar]
 [proguard] Reading library jar [/opt/sun-wtk/lib/cldcapi10.jar]
 [proguard] Note: duplicate definition of library class [com.sun.cldc.i18n.j2me.UTF_8_Reader]
 [proguard] Note: there were 1 duplicate class definitions.
 [proguard] Warning: org.bouncycastle.pqc.crypto.gmss.util.WinternitzOTSignature: can't find referenced method 'double ceil(double)' in class java.lang.Math
 [proguard] Warning: org.bouncycastle.asn1.test.ExtendedFailInfoTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.ExtendedFailInfoTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.OtherMsgTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.OtherMsgTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: java.math.test.BigIntegerTest: can't find referenced method 'int nextInt(int)' in class java.security.SecureRandom
 [proguard] Warning: org.bouncycastle.asn1.test.PopLinkWitnessV2Test: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.PopLinkWitnessV2Test: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.GetCRLTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.GetCRLTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.crypto.test.RNGUtils: can't find referenced method 'int nextInt(int)' in class java.util.Random
 [proguard] Warning: org.bouncycastle.asn1.test.GetCertTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.GetCertTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.CMCPublicationInfoTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.CMCPublicationInfoTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.pqc.crypto.gmss.GMSSLeaf: can't find referenced method 'double ceil(double)' in class java.lang.Math
 [proguard] Warning: org.bouncycastle.crypto.CryptoServicesRegistrar: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.crypto.CryptoServicesRegistrar: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.ModCertTemplateTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.ModCertTemplateTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.ControlsProcessedTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.ControlsProcessedTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.IdentityProofV2Test: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.IdentityProofV2Test: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.pqc.crypto.gmss.GMSSRootSig: can't find referenced method 'double ceil(double)' in class java.lang.Math
 [proguard] Warning: org.bouncycastle.asn1.test.EncryptedPOPTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.EncryptedPOPTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.x509.PKIXNameConstraintValidator: can't find referenced method 'boolean equalsIgnoreCase(java.lang.String)' in class java.lang.String
 [proguard] Warning: org.bouncycastle.asn1.test.DecryptedPOPTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.DecryptedPOPTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.LraPopWitnessTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.LraPopWitnessTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.CMCUnsignedDataTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.CMCUnsignedDataTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.pqc.math.linearalgebra.IntegerFunctions: can't find referenced method 'float abs(float)' in class java.lang.Math
 [proguard] Warning: org.bouncycastle.pqc.math.linearalgebra.IntegerFunctions: can't find referenced class java.lang.Float
 [proguard] Warning: org.bouncycastle.pqc.math.linearalgebra.IntegerFunctions: can't find referenced class java.lang.Float
 [proguard] Warning: org.bouncycastle.pqc.math.linearalgebra.GF2Polynomial: can't find referenced method 'boolean equalsIgnoreCase(java.lang.String)' in class java.lang.String
 [proguard] Warning: org.bouncycastle.asn1.test.TaggedContentInfoTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.TaggedContentInfoTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.PendInfoTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.PendInfoTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.pqc.crypto.gmss.GMSSPrivateKeyParameters: can't find referenced method 'double floor(double)' in class java.lang.Math
 [proguard] Warning: org.bouncycastle.asn1.test.PKIDataTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: org.bouncycastle.asn1.test.PKIDataTest: can't find referenced class java.lang.NoClassDefFoundError
 [proguard] Warning: there were 45 unresolved references to program class members.
 [proguard]          Your input classes appear to be inconsistent.
 [proguard]          You may need to recompile them and try again.
 [proguard]          Alternatively, you may have to specify the options 
 [proguard]          '-dontskipnonpubliclibraryclasses' and/or
 [proguard]          '-dontskipnonpubliclibraryclassmembers'.
 [proguard] Error: Please correct the above warnings first.
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  6.090 s
[INFO] Finished at: 2023-01-30T16:14:24+01:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal com.pyx4me:j2me-maven-plugin:2.0.4:package (default) on project totp-me: Obfuscation failed (result=1) -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

Thanks in advance!

can't add negative time offset

Since daylight saving kicked in the app generates wrong codes. If I set the time of my nokia 3310 an hour back the app works fine (but my friends complain I'm always late...).
Using the time correction I seem to be able to add seconds, but not remove them. That is: when filling in the time correction I can only add digits, not a minus sign.

I could perhaps use a 2^32 - 3600 (I didn't try that yet...) as a work around. But it would be quite tedious to add this for all my profiles.

Are there any other ideas how to fix this. If not then I can try to create a PR to add an additional negative-offset box.

Very happy btw with this 2FA-app on my nokia!!

Hide token secret when after token creation

I know it is security through obscurity, but still ... It is really easy to quickly read/take a photo of a token secret when the phone is forgotten somewhere on a table. You need just few tens of seconds for taking photo.

Digging data from Java store somewhere in guts of the phone should take more time. Hopefully it is not feasible in few minutes before I remember where the phone is laying :-)

Would you accept patch with this "functionality"?

1st profile rewritten by the 2nd one

  • two profile environment
  • 2nd profile used several times (not sure about which actions)
  • new start of applications - both profiles has the same name and the same configuration - i.e. the first one was rewritten by the second one
  • needs investigation

Configuration is not loaded

loadConfig line chgHmacAlgorithm.setSelectedIndex(timeStep, true); is incorrect, because timeStep is usually 30 -> Exception -> Delete of record store. Line should be chgHmacAlgorithm.setSelectedIndex(aDis.readInt(), true);. Also in load, finally should closeRecordStore.

Support for shorter/longer secret keys

Google 2 step verification displays in some cases only 16 characters (Base32) instead of 32 (which is size of key for SHA-1). Allow shorter (or longer) keys in totp-me - the class org.bouncycastle.crypto.macs.HMac will automagically fix the length (pad or cut) for us. We only need to disable length check.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.