Edd Mann Developer

Building a 2FA TOTP generator using a Raspberry Pi Pico and MicroPython

I have recently become very interested in microcontrollers, in particular the Raspberry Pi Pico. Not only is it ridiculously affordable (just over £3), it provides so much scope to be used in many different projects. One such project I wanted to explore was building an independent Time-based One-time password (TOTP) device.

I have been using the likes of Google Authenticator and Authy for many years, but really wanted to gain a deeper understanding for the specific building blocks that Time-based One-time password’s are built upon. This led me to investigate the viability of building such a solution using a Raspberry Pi Pico - combined with MicroPython and the Pico Display Pack. Thanks to some great resources I was able to do just that.

Features

Below is a list of the feature-set that the built device provides:

  • Complete MicroPython implementation of the TOTP specification (and underlying HMAC-SHA1, Base32 dependencies).
  • Customisable background colours per TOTP.
  • Progress bar to present how long till the TOTP is about to expire.
  • Flashing alert LED when the TOTP is about to expire.
  • Initial configuration screen to set the current UTC time - to correct the Raspberry Pi Pico’s RTC.

Usage

Once you have downloaded the project from GitHub, you can the follow the instructions below to get the device setup.

  • Connect the Pico Display Pack to the Raspberry Pi Pico.
  • Create a codes.json file (based on codes.json.example) which includes the desired TOTP keys.
  • Flash the Raspberry Pi Pico with the latest MicroPython with Pimoroni Libs.
  • Copy the codebase to the Raspberry Pi Pico.
  • Upon boot, you will be required to specify the current UTC time (clicking B once set).
  • Now you can cycle through your TOTP’s using the X button.

Conclusion

I have been amazed at how easy it is for someone like myself (coming from a high-level programming background), to pick up MicroPython and build non-trivial systems using microcontrollers. I found researching and implementing the functionality that performed HMAC-SHA1 to be alot of fun, allowing me to demystify what can seem to be a very magical process. Additionally, investigating how to set the Pico’s RTC was an interesting aside, combined with presenting this correction using a purpose-built configuration display screen.

Having success in completing this project has already sparked other ideas that I will discuss in upcoming articles!